Talos Rules 2020-10-20
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-webkit, file-pdf, indicator-compromise, malware-cnc, malware-other, os-linux and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (snort3-malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (snort3-malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (snort3-malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (snort3-malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (snort3-malware-other.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (snort3-malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (snort3-malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (snort3-malware-other.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (snort3-server-webapp.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (snort3-browser-webkit.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (snort3-malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (snort3-malware-other.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (snort3-malware-other.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (snort3-malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (snort3-malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (snort3-malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (snort3-malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (snort3-malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (snort3-os-linux.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (snort3-malware-other.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (snort3-malware-other.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (snort3-malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (snort3-malware-other.rules)
 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (snort3-indicator-compromise.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (snort3-malware-other.rules)
 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (snort3-malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (snort3-malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (snort3-malware-other.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (snort3-malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (snort3-malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (snort3-malware-other.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (snort3-malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (snort3-malware-other.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (snort3-malware-other.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (snort3-malware-other.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (snort3-malware-other.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (snort3-malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (snort3-malware-other.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (snort3-malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (snort3-malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (snort3-malware-other.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (snort3-os-linux.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (snort3-malware-other.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (snort3-browser-webkit.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (snort3-malware-other.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (snort3-malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (snort3-malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (snort3-indicator-compromise.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (snort3-malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (snort3-malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (snort3-malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (snort3-malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (snort3-malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (snort3-malware-cnc.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (snort3-malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (snort3-malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (snort3-malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (snort3-malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (snort3-malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (snort3-malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (snort3-malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (snort3-malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (snort3-malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (snort3-malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (snort3-malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (snort3-malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (snort3-malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (snort3-malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (snort3-malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (snort3-malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (snort3-malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (snort3-malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (snort3-malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (snort3-malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (snort3-malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (snort3-malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (snort3-malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (snort3-malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (snort3-malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (snort3-malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (snort3-malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (snort3-malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (snort3-malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (snort3-malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (snort3-malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (snort3-malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (snort3-malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (snort3-malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (snort3-malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (snort3-malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (snort3-malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (snort3-malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (snort3-malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (snort3-malware-cnc.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (snort3-malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (snort3-malware-cnc.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (snort3-malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (snort3-malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (snort3-malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (snort3-malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (snort3-malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (snort3-malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (snort3-malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (snort3-malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (snort3-malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (snort3-malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (snort3-malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (snort3-malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (snort3-malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (snort3-malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (snort3-malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (snort3-malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (snort3-malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (snort3-malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (snort3-malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (snort3-malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (snort3-malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (snort3-malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (snort3-malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (snort3-malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (snort3-malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (snort3-malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (snort3-malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (snort3-malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (snort3-malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (snort3-malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (snort3-malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (snort3-malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (snort3-malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (snort3-malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (snort3-malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (snort3-malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (snort3-malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (snort3-malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (snort3-malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (snort3-malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (snort3-malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (snort3-malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (snort3-malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (snort3-malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (snort3-malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (snort3-malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (snort3-malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (snort3-malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (snort3-malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (snort3-malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (snort3-malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (snort3-malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (snort3-malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (snort3-malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (snort3-malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (snort3-malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (snort3-malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (snort3-malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (snort3-malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (snort3-malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (snort3-malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (snort3-malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (snort3-malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (snort3-malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (snort3-malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (snort3-malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (snort3-malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (snort3-malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (snort3-malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (snort3-malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (snort3-malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (snort3-malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (snort3-malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (snort3-malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (snort3-malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (snort3-malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (snort3-malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (snort3-malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (snort3-malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (snort3-malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (snort3-malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (snort3-malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (snort3-malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (snort3-malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (snort3-malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (snort3-malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (snort3-malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (snort3-malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (snort3-malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (snort3-malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (snort3-malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (snort3-malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (snort3-malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (snort3-malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (snort3-malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (snort3-malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (snort3-malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (snort3-malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (snort3-malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (snort3-malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (snort3-malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (snort3-malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (snort3-malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (snort3-malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (snort3-malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (snort3-malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (snort3-malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (snort3-malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (snort3-malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (snort3-malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (snort3-malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (snort3-malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (snort3-malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (snort3-malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (snort3-malware-cnc.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (snort3-malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (snort3-malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (snort3-malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (snort3-malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (snort3-malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (snort3-malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (snort3-malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (snort3-malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (snort3-malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (snort3-malware-cnc.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (snort3-malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (snort3-malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (snort3-malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (snort3-malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (snort3-malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (snort3-malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (snort3-malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (snort3-malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (snort3-malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (snort3-malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (snort3-malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (snort3-malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (snort3-malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (snort3-malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (snort3-malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (snort3-malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (snort3-malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (snort3-malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (snort3-malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (snort3-malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (snort3-malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (snort3-malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (snort3-malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (snort3-malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (snort3-malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (snort3-malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (snort3-malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (snort3-malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (snort3-malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (snort3-malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (snort3-malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (snort3-malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (snort3-malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (snort3-malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (snort3-malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (snort3-malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (snort3-malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (snort3-malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (snort3-malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (snort3-malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (snort3-malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (snort3-malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (snort3-malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (snort3-malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (snort3-malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (snort3-malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (snort3-malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (snort3-malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (snort3-malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (snort3-malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (snort3-malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (snort3-malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (snort3-malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (snort3-malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (snort3-malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (snort3-malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (snort3-malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (snort3-malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (snort3-malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (snort3-malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (snort3-malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (snort3-malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (snort3-malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (snort3-malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (snort3-malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (snort3-malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (snort3-malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (snort3-malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (snort3-malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (snort3-malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (snort3-malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (snort3-malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (snort3-malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (snort3-malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (snort3-malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (snort3-malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (snort3-malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (snort3-malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (snort3-malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (snort3-malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (snort3-malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (snort3-malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (snort3-malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (snort3-malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (snort3-malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (snort3-malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (snort3-malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (snort3-malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (snort3-malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (snort3-malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (snort3-malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (snort3-malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (snort3-malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (snort3-malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (snort3-malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (snort3-malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (snort3-malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (snort3-malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (snort3-malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (snort3-malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (snort3-malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (snort3-malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (snort3-malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (snort3-malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (snort3-malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (snort3-malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (snort3-malware-cnc.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (snort3-malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (snort3-malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (snort3-malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (snort3-malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (snort3-malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (snort3-malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (snort3-malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (snort3-malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (snort3-malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (snort3-malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (snort3-malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (snort3-malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (snort3-malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (snort3-malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (snort3-malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (snort3-malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (snort3-malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (snort3-malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (snort3-malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (snort3-malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (snort3-malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (snort3-malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (snort3-malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (snort3-malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (snort3-malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (snort3-malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (snort3-malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (snort3-malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (snort3-malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (snort3-malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (snort3-malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (snort3-malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (snort3-malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (snort3-malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (snort3-malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (snort3-malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (snort3-malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (snort3-malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (snort3-malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (snort3-malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (snort3-malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (snort3-malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (snort3-malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (snort3-malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (snort3-malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (snort3-malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (snort3-malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (snort3-malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (snort3-malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (snort3-malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (snort3-malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (snort3-malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (snort3-malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (snort3-malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (snort3-malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (snort3-malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (snort3-malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (snort3-malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (snort3-malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (snort3-malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (snort3-malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (snort3-malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (snort3-malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (snort3-malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (snort3-malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (snort3-malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (snort3-malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (snort3-malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (snort3-malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (snort3-malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (snort3-malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (snort3-malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (snort3-malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (snort3-malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (snort3-malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (snort3-malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (snort3-malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (snort3-malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (snort3-malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (snort3-malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (snort3-malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (snort3-malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (snort3-malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (snort3-malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (snort3-malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (snort3-malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (snort3-malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (snort3-malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (snort3-malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (snort3-malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (snort3-malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (snort3-malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (snort3-malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (snort3-malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (snort3-malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (snort3-malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (snort3-malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (snort3-malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (snort3-malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (snort3-malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (snort3-malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (snort3-malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (snort3-malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (snort3-malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (snort3-malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (snort3-malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (snort3-malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (snort3-malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (snort3-malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (snort3-malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (snort3-malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (snort3-malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (snort3-malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (snort3-malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (snort3-malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (snort3-malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (snort3-malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (snort3-malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (snort3-malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (snort3-malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (snort3-malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (snort3-malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (snort3-malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (snort3-malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (snort3-malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (snort3-malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (snort3-malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (snort3-malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (snort3-malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (snort3-malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (snort3-malware-cnc.rules)

2020-10-20 13:15:44 UTC

Snort Subscriber Rules Update

Date: 2020-10-20

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules)
 * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules)
 * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules)
 * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules)
 * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules)
 * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules)
 * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules)
 * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules)
 * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules)
 * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules)
 * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules)
 * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules)
 * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules)
 * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules)
 * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules)
 * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules)
 * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules)
 * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules)
 * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules)
 * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules)
 * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules)
 * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules)
 * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules)
 * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules)
 * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules)
 * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules)
 * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
 * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
 * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
 * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
 * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules)
 * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)

Modified Rules:


 * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules)
 * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules)
 * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules)
 * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules)
 * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules)
 * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules)
 * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules)
 * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules)
 * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules)
 * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules)
 * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules)
 * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules)
 * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
 * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules)
 * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules)
 * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules)
 * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
 * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules)
 * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules)
 * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules)
 * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules)
 * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules)
 * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules)
 * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules)
 * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules)
 * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules)
 * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules)
 * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules)
 * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules)
 * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules)
 * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules)
 * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules)
 * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules)
 * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules)
 * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules)
 * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules)
 * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules)
 * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules)
 * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules)
 * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules)
 * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules)
 * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules)
 * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules)
 * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules)
 * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules)
 * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules)
 * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules)
 * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules)
 * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules)
 * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules)
 * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules)
 * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules)
 * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules)
 * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules)
 * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules)
 * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules)
 * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules)
 * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules)
 * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules)
 * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules)
 * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules)
 * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules)
 * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules)
 * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules)
 * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules)
 * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules)
 * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules)
 * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules)
 * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules)
 * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules)
 * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules)
 * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules)
 * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules)
 * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules)
 * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules)
 * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules)
 * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules)
 * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules)
 * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules)
 * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules)
 * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules)
 * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules)
 * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules)
 * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection  (malware-cnc.rules)
 * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules)
 * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules)
 * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules)
 * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules)
 * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules)
 * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules)
 * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules)
 * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules)
 * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules)
 * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules)
 * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules)
 * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules)
 * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules)
 * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection  (malware-cnc.rules)
 * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules)
 * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules)
 * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules)
 * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules)
 * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules)
 * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules)
 * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules)
 * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules)
 * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules)
 * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules)
 * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules)
 * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules)
 * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection  (malware-cnc.rules)
 * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules)
 * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules)
 * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules)
 * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules)
 * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules)
 * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules)
 * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules)
 * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules)
 * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules)
 * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules)
 * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules)
 * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules)
 * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules)
 * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules)
 * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection  (malware-cnc.rules)
 * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules)
 * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules)
 * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules)
 * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules)
 * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules)
 * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules)
 * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules)
 * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules)
 * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules)
 * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules)
 * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules)
 * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound  connection (malware-cnc.rules)
 * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules)
 * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules)
 * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules)
 * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules)
 * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules)
 * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules)
 * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules)
 * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules)
 * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules)
 * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules)
 * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules)
 * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules)
 * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules)
 * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules)
 * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules)
 * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules)
 * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules)
 * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules)
 * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules)
 * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules)
 * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules)
 * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules)
 * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules)
 * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules)
 * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules)
 * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules)
 * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules)
 * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules)
 * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules)
 * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules)
 * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules)
 * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules)
 * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules)
 * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules)
 * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules)
 * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules)
 * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules)
 * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules)
 * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules)
 * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules)
 * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules)
 * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules)
 * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules)
 * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules)
 * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules)
 * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules)
 * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules)
 * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules)
 * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection  (malware-cnc.rules)
 * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection  (malware-cnc.rules)
 * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules)
 * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules)
 * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules)
 * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules)
 * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules)
 * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules)
 * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules)
 * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules)
 * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules)
 * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules)
 * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules)
 * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules)
 * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules)
 * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules)
 * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules)
 * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules)
 * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules)
 * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules)
 * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules)
 * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules)
 * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
 * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules)
 * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules)
 * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules)
 * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules)
 * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules)
 * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules)
 * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules)
 * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules)
 * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules)
 * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules)
 * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules)
 * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
 * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules)
 * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules)
 * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules)
 * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules)
 * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules)
 * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules)
 * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules)
 * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules)
 * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules)
 * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules)
 * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules)
 * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules)
 * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules)
 * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules)
 * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules)
 * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules)
 * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules)
 * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules)
 * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules)
 * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules)
 * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules)
 * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules)
 * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules)
 * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules)
 * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules)
 * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules)
 * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules)
 * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules)
 * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules)
 * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules)
 * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules)
 * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules)
 * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
 * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules)
 * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules)
 * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules)
 * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules)
 * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules)
 * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)