Talos has added and modified multiple rules in the browser-webkit, file-pdf, indicator-compromise, malware-cnc, malware-other, os-linux and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
* 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
* 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
* 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules)
* 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
* 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules)
* 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules)
* 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (snort3-malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (snort3-malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (snort3-malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (snort3-malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (snort3-malware-other.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (snort3-malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (snort3-malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (snort3-malware-other.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (snort3-server-webapp.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (snort3-browser-webkit.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (snort3-malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (snort3-malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (snort3-malware-other.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (snort3-malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (snort3-malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (snort3-malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (snort3-malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (snort3-malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (snort3-os-linux.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (snort3-malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (snort3-malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (snort3-malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (snort3-malware-other.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (snort3-indicator-compromise.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (snort3-malware-other.rules) * 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (snort3-malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (snort3-malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (snort3-malware-other.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (snort3-malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (snort3-malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (snort3-malware-other.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (snort3-malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (snort3-malware-other.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (snort3-malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (snort3-malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (snort3-malware-other.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (snort3-malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (snort3-malware-other.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (snort3-malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (snort3-malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (snort3-malware-other.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (snort3-os-linux.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (snort3-malware-other.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (snort3-browser-webkit.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (snort3-malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (snort3-malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (snort3-malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (snort3-indicator-compromise.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (snort3-malware-other.rules)
* 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (snort3-malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (snort3-malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (snort3-malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (snort3-malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (snort3-malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (snort3-malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (snort3-malware-cnc.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (snort3-malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (snort3-malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (snort3-malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (snort3-malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (snort3-malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (snort3-malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (snort3-malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (snort3-malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (snort3-malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (snort3-malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (snort3-malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (snort3-malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (snort3-malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (snort3-malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (snort3-malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (snort3-malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (snort3-malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (snort3-malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (snort3-malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (snort3-malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (snort3-malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (snort3-malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (snort3-malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (snort3-malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (snort3-malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (snort3-malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (snort3-browser-webkit.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (snort3-malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (snort3-malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (snort3-malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (snort3-malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (snort3-malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (snort3-malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (snort3-malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (snort3-malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (snort3-malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (snort3-malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (snort3-malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (snort3-malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (snort3-malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (snort3-malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (snort3-malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (snort3-malware-cnc.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (snort3-malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (snort3-malware-cnc.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (snort3-malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (snort3-malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (snort3-malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (snort3-malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (snort3-malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (snort3-malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (snort3-malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (snort3-malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (snort3-malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (snort3-malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (snort3-malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (snort3-malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (snort3-malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (snort3-malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (snort3-malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (snort3-malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (snort3-malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (snort3-malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (snort3-malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (snort3-malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (snort3-malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (snort3-malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (snort3-malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (snort3-malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (snort3-malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (snort3-malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (snort3-malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (snort3-malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (snort3-malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (snort3-malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (snort3-malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (snort3-malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (snort3-malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (snort3-malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (snort3-malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (snort3-malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (snort3-malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (snort3-malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (snort3-malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (snort3-malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (snort3-malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (snort3-malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (snort3-malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (snort3-malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (snort3-malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (snort3-malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (snort3-malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (snort3-malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (snort3-malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (snort3-malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (snort3-malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (snort3-malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (snort3-malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (snort3-malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (snort3-malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (snort3-malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (snort3-malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (snort3-malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (snort3-malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (snort3-malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (snort3-malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (snort3-malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (snort3-malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (snort3-malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (snort3-malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (snort3-malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (snort3-malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (snort3-malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (snort3-malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (snort3-malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (snort3-malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (snort3-malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (snort3-malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (snort3-malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (snort3-malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (snort3-malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (snort3-malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (snort3-malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (snort3-malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (snort3-malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (snort3-malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (snort3-malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (snort3-malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (snort3-malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (snort3-malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (snort3-malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (snort3-malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (snort3-malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (snort3-malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (snort3-malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (snort3-malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (snort3-malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (snort3-malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (snort3-malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (snort3-malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (snort3-malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (snort3-malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (snort3-malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (snort3-malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (snort3-malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (snort3-malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (snort3-malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (snort3-malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (snort3-malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (snort3-malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (snort3-malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (snort3-malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (snort3-malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (snort3-malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (snort3-malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (snort3-malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (snort3-malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (snort3-malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (snort3-malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (snort3-malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (snort3-malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (snort3-malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (snort3-malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (snort3-malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (snort3-malware-cnc.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (snort3-malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (snort3-malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (snort3-malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (snort3-malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (snort3-malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (snort3-malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (snort3-malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (snort3-malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (snort3-malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (snort3-malware-cnc.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (snort3-malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (snort3-malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (snort3-malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (snort3-malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (snort3-malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (snort3-malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (snort3-malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (snort3-malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (snort3-malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (snort3-malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (snort3-malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (snort3-malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (snort3-malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (snort3-malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (snort3-malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (snort3-malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (snort3-malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (snort3-malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (snort3-malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (snort3-malware-cnc.rules) * 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (snort3-malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (snort3-malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (snort3-malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (snort3-malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (snort3-malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (snort3-malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (snort3-malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (snort3-malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (snort3-malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (snort3-malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (snort3-malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (snort3-malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (snort3-malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (snort3-malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (snort3-malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (snort3-malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (snort3-malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (snort3-malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (snort3-malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (snort3-malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (snort3-malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (snort3-malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (snort3-malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (snort3-malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (snort3-malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (snort3-malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (snort3-malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (snort3-malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (snort3-malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (snort3-malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (snort3-malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (snort3-malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (snort3-malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (snort3-malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (snort3-malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (snort3-malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (snort3-malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (snort3-malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (snort3-malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (snort3-malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (snort3-malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (snort3-malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (snort3-malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (snort3-malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (snort3-malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (snort3-malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (snort3-malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (snort3-malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (snort3-malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (snort3-malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (snort3-malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (snort3-malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (snort3-malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (snort3-malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (snort3-malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (snort3-malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (snort3-malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (snort3-malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (snort3-malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (snort3-malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (snort3-malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (snort3-malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (snort3-malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (snort3-malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (snort3-malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (snort3-malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (snort3-malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (snort3-malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (snort3-malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (snort3-malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (snort3-malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (snort3-malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (snort3-malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (snort3-malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (snort3-malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (snort3-malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (snort3-malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (snort3-malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (snort3-malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (snort3-malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (snort3-malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (snort3-malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (snort3-malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (snort3-malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (snort3-malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (snort3-malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (snort3-malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (snort3-malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (snort3-malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (snort3-malware-cnc.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (snort3-malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (snort3-malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (snort3-malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (snort3-malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (snort3-malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (snort3-malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (snort3-malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (snort3-malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (snort3-malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (snort3-malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (snort3-malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (snort3-malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (snort3-malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (snort3-malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (snort3-malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (snort3-malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (snort3-malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (snort3-malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (snort3-malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (snort3-malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (snort3-malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (snort3-malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (snort3-malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (snort3-malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (snort3-malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (snort3-malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (snort3-malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (snort3-malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (snort3-malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (snort3-malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (snort3-malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (snort3-malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (snort3-malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (snort3-malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (snort3-malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (snort3-malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (snort3-malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (snort3-malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (snort3-malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (snort3-malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (snort3-malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (snort3-malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (snort3-malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (snort3-malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (snort3-malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (snort3-malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (snort3-malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (snort3-malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (snort3-malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (snort3-malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (snort3-malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (snort3-malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (snort3-malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (snort3-malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (snort3-malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (snort3-malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (snort3-malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (snort3-malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (snort3-malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (snort3-malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (snort3-malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (snort3-malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (snort3-malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (snort3-malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (snort3-malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (snort3-malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (snort3-malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (snort3-malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (snort3-malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (snort3-malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (snort3-malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (snort3-malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (snort3-malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (snort3-malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (snort3-malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (snort3-malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (snort3-malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (snort3-malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (snort3-malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (snort3-malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (snort3-malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (snort3-malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (snort3-malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (snort3-malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (snort3-malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (snort3-malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (snort3-malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (snort3-malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (snort3-malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (snort3-malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (snort3-malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (snort3-malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (snort3-malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (snort3-malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (snort3-malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (snort3-malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (snort3-malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (snort3-malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (snort3-malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (snort3-malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (snort3-malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (snort3-malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (snort3-malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (snort3-malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (snort3-malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (snort3-malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (snort3-malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (snort3-malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (snort3-malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (snort3-malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (snort3-malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (snort3-malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (snort3-malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (snort3-malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (snort3-malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (snort3-malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (snort3-malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (snort3-malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (snort3-malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (snort3-malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (snort3-malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (snort3-malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (snort3-malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (snort3-malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (snort3-malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (snort3-malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (snort3-malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (snort3-malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (snort3-malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (snort3-malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (snort3-malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (snort3-malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (snort3-malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (snort3-malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (snort3-malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56056 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56026 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56020 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56015 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56030 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56031 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779257-0 download attempt (malware-other.rules) * 1:56051 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56062 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56027 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Cdtq-9779262-0 download attempt (malware-other.rules) * 1:56014 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779004-0 download attempt (malware-other.rules) * 1:56013 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56024 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56055 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Idyfrid-9780483-0 download attempt (malware-other.rules) * 1:56021 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cidox-9779147-0 download attempt (malware-other.rules) * 1:56016 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56069 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart fingerprinting attempt (indicator-compromise.rules) * 1:56043 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56018 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56041 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56036 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56010 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56057 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56028 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56035 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56047 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56042 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:56032 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56011 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9778253-0 download attempt (malware-other.rules) * 1:56046 <-> DISABLED <-> MALWARE-OTHER Win.Dropper.Emotet-9778600-0 download attempt (malware-other.rules) * 1:56068 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56044 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari WebKit Webcore SVGAnimateElementBase use after free attempt (browser-webkit.rules) * 1:56052 <-> DISABLED <-> OS-LINUX Linux kernel af_packet tpacket_rcv integer overflow attempt (os-linux.rules) * 1:56033 <-> DISABLED <-> MALWARE-OTHER Win.Malware.98fa8f-9779729-0 download attempt (malware-other.rules) * 1:56045 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Exchange Reporter Plus unauthenticated remote code execution attempt (server-webapp.rules) * 1:56025 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9779208-0 download attempt (malware-other.rules) * 1:56017 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Vundo-9779009-0 download attempt (malware-other.rules) * 1:56022 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56058 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780493-0 download attempt (malware-other.rules) * 1:56023 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9779199-0 download attempt (malware-other.rules) * 1:56029 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Refinka-9779255-0 download attempt (malware-other.rules) * 1:56037 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ppatre-9779748-0 download attempt (malware-other.rules) * 1:56040 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Msilperseus-9780360-0 download attempt (malware-other.rules) * 1:56039 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 1:56034 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779721-0 download attempt (malware-other.rules) * 1:56070 <-> DISABLED <-> INDICATOR-COMPROMISE Microsoft Sharepoint DataFormWebPart remote code execution attempt (indicator-compromise.rules) * 1:56067 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780514-0 download attempt (malware-other.rules) * 1:56012 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9778921-0 download attempt (malware-other.rules) * 1:56019 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Nymaim-9779119-0 download attempt (malware-other.rules) * 1:56061 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Tpyn-9780502-0 download attempt (malware-other.rules) * 1:56038 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Upatre-9779742-0 download attempt (malware-other.rules) * 3:56059 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56065 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56050 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56063 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules) * 3:56054 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56066 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1165 attack attempt (file-pdf.rules) * 3:56048 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56049 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1168 attack attempt (server-webapp.rules) * 3:56053 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1171 attack attempt (file-pdf.rules) * 3:56060 <-> ENABLED <-> PROTOCOL-OTHER TRUFFLEHUNTER TALOS-2020-1170 attack attempt (protocol-other.rules) * 3:56064 <-> ENABLED <-> FILE-PDF TRUFFLEHUNTER TALOS-2020-1166 attack attempt (file-pdf.rules)
* 1:39801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound connection (malware-cnc.rules) * 1:39360 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:34609 <-> DISABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules) * 1:39327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoRoger outbound POST attempt (malware-cnc.rules) * 1:34314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34833 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Werdlod variant outbound connection (malware-cnc.rules) * 1:34607 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules) * 1:35353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise.B variant outbound connection (malware-cnc.rules) * 1:38567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coverton variant outbound connection (malware-cnc.rules) * 1:34600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:35313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:34598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:38573 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant handshake beacon (malware-cnc.rules) * 1:37047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules) * 1:34540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:34637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:34831 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:34599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kjdoom outbound connection (malware-cnc.rules) * 1:36186 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qytags variant outbound connection (malware-cnc.rules) * 1:36625 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:35082 <-> DISABLED <-> MALWARE-CNC Backdoor.Linux.Qenerek outbound connection (malware-cnc.rules) * 1:34601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teqimp outbound connection (malware-cnc.rules) * 1:35029 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.Lotronc variant outbound connection (malware-cnc.rules) * 1:34572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules) * 1:34597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules) * 1:34611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dujfudg outbound connection (malware-cnc.rules) * 1:35064 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:34888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:34312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34567 <-> DISABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules) * 1:39969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules) * 1:38588 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:34624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules) * 1:38603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.UP007 variant outbound connection (malware-cnc.rules) * 1:38606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant network speed test (malware-cnc.rules) * 1:39322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38586 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:39342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS initial outbound connection (malware-cnc.rules) * 1:39040 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules) * 1:39064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules) * 1:36570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36275 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:35031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules) * 1:38528 <-> DISABLED <-> MALWARE-CNC XBot Command Request get_action (malware-cnc.rules) * 1:39650 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts variant CNC IRC response attempt (malware-cnc.rules) * 1:39341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS credit card data exfiltration (malware-cnc.rules) * 1:38886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules) * 1:39430 <-> DISABLED <-> MALWARE-CNC Win.Malware.Furtim variant outbound connection (malware-cnc.rules) * 1:39581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules) * 1:38916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex download attempt (malware-cnc.rules) * 1:38917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex variant CNC traffic (malware-cnc.rules) * 1:39578 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules) * 1:34963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Threebyte outbound connection (malware-cnc.rules) * 1:36106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules) * 1:34844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adelinoq outbound connection (malware-cnc.rules) * 1:37835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38584 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant JS dropper outbound connection (malware-cnc.rules) * 1:36268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:35400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inexsmar variant outbound connection (malware-cnc.rules) * 1:35750 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules) * 1:39409 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant initial outbound connection (malware-cnc.rules) * 1:38608 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RockLoader variant outbound connection (malware-cnc.rules) * 1:38891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts initial registration (malware-cnc.rules) * 1:39085 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:38613 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallex variant outbound connection (malware-cnc.rules) * 1:39164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:34996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent-ALPW variant outbound connection (malware-cnc.rules) * 1:34452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:39573 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renegin outbound GET attempt (malware-cnc.rules) * 1:38890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kirts exfiltration attempt (malware-cnc.rules) * 1:34917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni certificate exchange (malware-cnc.rules) * 1:39056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules) * 1:36294 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules) * 1:38585 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules) * 1:38564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger keylog exfiltration attempt (malware-cnc.rules) * 1:38563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response (malware-cnc.rules) * 1:38961 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules) * 1:38620 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38962 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules) * 1:35005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vcaredrix variant outbound connection (malware-cnc.rules) * 1:34965 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules) * 1:35104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:34622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:38994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus config file download (malware-cnc.rules) * 1:34462 <-> DISABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules) * 1:38514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:35081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProxyChange (malware-cnc.rules) * 1:35386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules) * 1:35315 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Downloader.Comsteal outbound connection (malware-cnc.rules) * 1:38621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GozNym variant outbound connection (malware-cnc.rules) * 1:38643 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:18957 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:35027 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Troldesh C&C (malware-cnc.rules) * 1:34476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules) * 1:38644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:29623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBDos Runtime Detection (malware-cnc.rules) * 1:34863 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:35221 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent inbound connection (malware-cnc.rules) * 1:38645 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:35300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite GET request (malware-cnc.rules) * 1:34501 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Wekby Torn variant outbound connection (malware-cnc.rules) * 1:38995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:34935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zutwoxy outbound connection (malware-cnc.rules) * 1:35254 <-> DISABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules) * 1:35348 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Ralminey POST request (malware-cnc.rules) * 1:35388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda download request (malware-cnc.rules) * 1:35317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Directate outbound connection (malware-cnc.rules) * 1:39163 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:39920 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:38557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:38517 <-> DISABLED <-> MALWARE-CNC binary download while video expected (malware-cnc.rules) * 1:34966 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyvadextr variant outbound connection (malware-cnc.rules) * 1:35385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL-Pwsfcbk SQL connection (malware-cnc.rules) * 1:39856 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:38646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:34994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules) * 1:35047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules) * 1:34958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules) * 1:39580 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39653 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mangit initial outbound connection (malware-cnc.rules) * 1:39053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.7ev3n variant outbound connection (malware-cnc.rules) * 1:38647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules) * 1:35312 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules) * 1:38562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt (malware-cnc.rules) * 1:38887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky JS dropper outbound connection (malware-cnc.rules) * 1:38515 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:38668 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:36506 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules) * 1:35794 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:34998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bossabot outbound connection (malware-cnc.rules) * 1:35067 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:34818 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules) * 1:34997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant HTTP Response (malware-cnc.rules) * 1:39106 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant outbound connection (malware-cnc.rules) * 1:39574 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38587 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant temporary redirect attempt (malware-cnc.rules) * 1:39636 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Ranscam request.html response (malware-cnc.rules) * 1:39344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS status update (malware-cnc.rules) * 1:39576 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:39107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LuminosityLink RAT variant inbound connection (malware-cnc.rules) * 1:38885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound registration attempt (malware-cnc.rules) * 1:34459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules) * 1:39116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DMALocker variant outbound connection (malware-cnc.rules) * 1:39433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:34957 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sysmain outbound connection (malware-cnc.rules) * 1:39909 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adnel outbound connection detected (malware-cnc.rules) * 1:39448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Renos variant outbound connection (malware-cnc.rules) * 1:38516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules) * 1:39343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS keylog exfiltration (malware-cnc.rules) * 1:35102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:37817 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Torte variant outbound connection (malware-cnc.rules) * 1:34886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:35749 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules) * 1:36234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:35316 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules) * 1:38561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger plugins download attempt (malware-cnc.rules) * 1:39063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot outbound POST attempt (malware-cnc.rules) * 1:39434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zcryptor variant outbound connection (malware-cnc.rules) * 1:34458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tendrit variant outbound connection (malware-cnc.rules) * 1:35355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usteal outbound connection (malware-cnc.rules) * 1:34877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr variant outbound connection (malware-cnc.rules) * 1:34862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wheelsof variant outbound connection (malware-cnc.rules) * 1:39861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanHaiShu variant outbound connection (malware-cnc.rules) * 1:34868 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix variant outbound connection (malware-cnc.rules) * 1:36397 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:35804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seyelifon variant outbound connection (malware-cnc.rules) * 1:35436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:39785 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lientchtp variant outbound connection (malware-cnc.rules) * 1:34840 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:36572 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:34869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules) * 1:36066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:36048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:39852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:35462 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy outbound connection (malware-cnc.rules) * 1:35710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules) * 1:34835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos outbound connection (malware-cnc.rules) * 1:35597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:34541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalexis variant outbound connection (malware-cnc.rules) * 1:39886 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules) * 1:35842 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Namospu variant outbound connection (malware-cnc.rules) * 1:36054 <-> DISABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules) * 1:34876 <-> DISABLED <-> MALWARE-CNC Win.Fudu outbound variant connection (malware-cnc.rules) * 1:35069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dino variant outbound connection (malware-cnc.rules) * 1:37024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy outbound connection (malware-cnc.rules) * 1:34934 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pheloyx outbound connection (malware-cnc.rules) * 1:34834 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkcpn (malware-cnc.rules) * 1:37844 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.LeChiffre outbound connection (malware-cnc.rules) * 1:36624 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:34489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules) * 1:35549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:39853 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:36107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant outbound connection (malware-cnc.rules) * 1:34867 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xobtide outbound connection (malware-cnc.rules) * 1:35551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BlackCoffee outbound connection (malware-cnc.rules) * 1:39710 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules) * 1:39767 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules) * 1:36115 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Liudoor outbound connection (malware-cnc.rules) * 1:37065 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Venik outbound connection (malware-cnc.rules) * 1:36108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nimisi variant outbound connection (malware-cnc.rules) * 1:35306 <-> DISABLED <-> MALWARE-CNC Trojan.Win32.Cigamve request (malware-cnc.rules) * 1:34870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:34871 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Logreaz variant outbound connection (malware-cnc.rules) * 1:36328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:35037 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy outbound variant connection (malware-cnc.rules) * 1:35062 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:35394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TorrentLocker/Teerac payment page request (malware-cnc.rules) * 1:35301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lpdsuite POST request (malware-cnc.rules) * 1:35746 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:34469 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:36065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:37717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:38530 <-> DISABLED <-> MALWARE-CNC Obfuscated Javascript Attack runtime detection (malware-cnc.rules) * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules) * 1:34950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prok variant outbound connection (malware-cnc.rules) * 1:36571 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:34887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax variant outbound connection (malware-cnc.rules) * 1:36132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:39887 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toga variant outbound connection (malware-cnc.rules) * 1:35732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Naberkalara variant outbound connection (malware-cnc.rules) * 1:39854 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:35387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules) * 1:35437 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Jrml variant outbound connection (malware-cnc.rules) * 1:36131 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MyIE 3.01 (malware-cnc.rules) * 1:37020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gh0st variant outbound connection (malware-cnc.rules) * 1:35050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules) * 1:35733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules) * 1:35415 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel outbound connection (malware-cnc.rules) * 1:35472 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bergard outbound connection (malware-cnc.rules) * 1:35318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jemerr outbound connection (malware-cnc.rules) * 1:34311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34461 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules) * 1:37297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:35039 <-> DISABLED <-> MALWARE-CNC Trojan.Linux.Linuxor outbound variant connection (malware-cnc.rules) * 1:34982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msnmm variant outbound connection (malware-cnc.rules) * 1:35344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall click fraud response (malware-cnc.rules) * 1:37647 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:35080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenbus outbound connection (malware-cnc.rules) * 1:35416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mivast outbound connection (malware-cnc.rules) * 1:39705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules) * 1:34993 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Benloader variant outbound connection (malware-cnc.rules) * 1:35063 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:34366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules) * 1:34610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kayfcbk outbound connection (malware-cnc.rules) * 1:34470 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules) * 1:37036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules) * 1:35471 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Baisogu outbound connection (malware-cnc.rules) * 1:36202 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant dropper (malware-cnc.rules) * 1:36304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinPlock variant outbound connection (malware-cnc.rules) * 1:36232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection (malware-cnc.rules) * 1:36233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapento variant outbound connection (malware-cnc.rules) * 1:36133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SdBot variant outbound connection (malware-cnc.rules) * 1:39882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibro outbound connection detected (malware-cnc.rules) * 1:34995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra HTTP Header Structure (malware-cnc.rules) * 1:35036 <-> DISABLED <-> MALWARE-CNC Backdoor.Perl.Santy inbound variant connection (malware-cnc.rules) * 1:39730 <-> DISABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules) * 1:34636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flactionbot outbound connection (malware-cnc.rules) * 1:36269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36199 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant outbound connection (malware-cnc.rules) * 1:36276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Corebot variant outbound connection (malware-cnc.rules) * 1:36325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36267 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rusrushel variant outbound connection (malware-cnc.rules) * 1:36471 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules) * 1:36468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DustySky variant outbound connection (malware-cnc.rules) * 1:36303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mitozhan initial outbound connection server response (malware-cnc.rules) * 1:36460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CenterPos outbound connection (malware-cnc.rules) * 1:36568 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36526 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules) * 1:36578 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hangman.A outbound connection (malware-cnc.rules) * 1:36469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AridViper variant outbound connection (malware-cnc.rules) * 1:36610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Panskeg outbound connection (malware-cnc.rules) * 1:36569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Stimilik outbound variant connection (malware-cnc.rules) * 1:36540 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brolux variant outbound connection (malware-cnc.rules) * 1:36627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tanmar outbound connection (malware-cnc.rules) * 1:36601 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:36623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tentobr outbound connection (malware-cnc.rules) * 1:36622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wedots outbound variant connection (malware-cnc.rules) * 1:36626 <-> DISABLED <-> MALWARE-CNC Windows.Backdoor.Quaverse outbound variant connection (malware-cnc.rules) * 1:36603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:36781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gokawa variant outbound connection (malware-cnc.rules) * 1:36732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules) * 1:36670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sathurbot outbound connection (malware-cnc.rules) * 1:36765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules) * 1:36770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redcontrole variant outbound connection (malware-cnc.rules) * 1:36833 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules) * 1:36777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zimwervi variant outbound connection (malware-cnc.rules) * 1:36639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules) * 1:36810 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Mabouia outbound connection (malware-cnc.rules) * 1:36914 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site (malware-cnc.rules) * 1:36889 <-> DISABLED <-> MALWARE-CNC TinyDropper variant outbound connection (malware-cnc.rules) * 1:36835 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload inbound connection (malware-cnc.rules) * 1:37027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alina variant outbound connection (malware-cnc.rules) * 1:36841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leralogs variant outbound connection (malware-cnc.rules) * 1:36911 <-> DISABLED <-> MALWARE-CNC GlassRAT handshake beacon (malware-cnc.rules) * 1:37050 <-> DISABLED <-> MALWARE-CNC ATSEngine initial beacon (malware-cnc.rules) * 1:36834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload outbound connection (malware-cnc.rules) * 1:36916 <-> DISABLED <-> MALWARE-CNC Milkoad.A First Request (malware-cnc.rules) * 1:37063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paligenpo outbound connection (malware-cnc.rules) * 1:36890 <-> DISABLED <-> MALWARE-CNC AbbadonPOS variant outbound connection (malware-cnc.rules) * 1:37049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Geratid variant outbound connection (malware-cnc.rules) * 1:37045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter outbound connection (malware-cnc.rules) * 1:37051 <-> DISABLED <-> MALWARE-CNC ATSEngine credit card number sent via URL parameter (malware-cnc.rules) * 1:34316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:37052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules) * 1:37053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tdrop2 variant dropper download attempt (malware-cnc.rules) * 1:37100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dashikut outbound connection (malware-cnc.rules) * 1:37064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Telehot outbound connection (malware-cnc.rules) * 1:37067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Droot outbound connection (malware-cnc.rules) * 1:37066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload (malware-cnc.rules) * 1:37127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batec outbound connection (malware-cnc.rules) * 1:37068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flusihoc variant outbound connection (malware-cnc.rules) * 1:37102 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37101 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nessfi outbound connection (malware-cnc.rules) * 1:37213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37141 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Collicky variant inbound command attempt (malware-cnc.rules) * 1:37117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cetsiol outbound connection (malware-cnc.rules) * 1:37228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37227 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37226 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules) * 1:37296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules) * 1:37225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules) * 1:37317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules) * 1:37359 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot inbound command attempt (malware-cnc.rules) * 1:37360 <-> DISABLED <-> MALWARE-CNC MultiOS.Trojan.Pbot outbound IRC channel join attempt (malware-cnc.rules) * 1:37320 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sakurel variant outbound connection (malware-cnc.rules) * 1:37447 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Evilgrab outbound connection (malware-cnc.rules) * 1:37370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trochulis variant outbound connection (malware-cnc.rules) * 1:37374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derkziel variant outbound connection (malware-cnc.rules) * 1:37516 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:37323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules) * 1:37457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules) * 1:37467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vawtrak variant outbound connection (malware-cnc.rules) * 1:37466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blackmoon outbound connection (malware-cnc.rules) * 1:37521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37535 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37522 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37536 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi outbound connection (malware-cnc.rules) * 1:37552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Engr variant outbound connection (malware-cnc.rules) * 1:37686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent outbound POST attempt (malware-cnc.rules) * 1:37523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant outbound connection (malware-cnc.rules) * 1:37637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules) * 1:37646 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant dropper download connection (malware-cnc.rules) * 1:37733 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex dropper variant outbound connection (malware-cnc.rules) * 1:37718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:39345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FastPOS update request (malware-cnc.rules) * 1:34310 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:39958 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Folyris outbound connection detected (malware-cnc.rules) * 1:37719 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teslacrypt outbound POST attempt (malware-cnc.rules) * 1:37834 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:35066 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot outbound variant connection (malware-cnc.rules) * 1:35065 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Powbot inbound variant connection (malware-cnc.rules) * 1:38017 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt server reply (malware-cnc.rules) * 1:38134 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Win.Trojan.Adwind (malware-cnc.rules) * 1:37816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules) * 1:38018 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules) * 1:38145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules) * 1:38235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FighterPOS variant outbound connection (malware-cnc.rules) * 1:37838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus outbound connection (malware-cnc.rules) * 1:38150 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:38255 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38258 <-> DISABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38116 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules) * 1:38256 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38259 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38304 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules) * 1:38234 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules) * 1:38260 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant connection setup (malware-cnc.rules) * 1:38257 <-> DISABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules) * 1:38333 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Bifrose outbound connection (malware-cnc.rules) * 1:38354 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant failed read logs (malware-cnc.rules) * 1:38358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send logs (malware-cnc.rules) * 1:38261 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:38356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant read logs (malware-cnc.rules) * 1:38359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send mail credentials (malware-cnc.rules) * 1:38379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:38367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedep.variant CNC server response (malware-cnc.rules) * 1:38380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex file download attempt (malware-cnc.rules) * 1:38388 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger geolocation check (malware-cnc.rules) * 1:38357 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant send credentials (malware-cnc.rules) * 1:38385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:38509 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules) * 1:38378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex certificate exchange (malware-cnc.rules) * 1:38386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FTPKeyLogger outbound connection (malware-cnc.rules) * 1:34315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:34318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules) * 1:34323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fulairo variant outbound connection (malware-cnc.rules) * 1:34319 <-> DISABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules) * 1:34324 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Siromost variant outbound connection (malware-cnc.rules) * 1:34327 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules) * 1:34325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34337 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules) * 1:34322 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules) * 1:34338 <-> DISABLED <-> MALWARE-CNC Backdoor.Win32.Chkngrbot.A outbound connection (malware-cnc.rules) * 1:34347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules) * 1:34367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sanhotan variant outbound connection (malware-cnc.rules) * 1:34362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules) * 1:34368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules) * 1:34453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:34339 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cybergate outbound connection (malware-cnc.rules) * 1:34446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Odlanor information exfiltration attempt (malware-cnc.rules) * 1:34309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DesertFalcon variant outbound connection (malware-cnc.rules) * 1:38510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpySoft variant exfiltration attempt (malware-cnc.rules) * 1:39117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules) * 1:39579 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:38560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - screenshot (malware-cnc.rules) * 1:38565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper initial download attempt (malware-cnc.rules) * 1:39410 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant exfiltration outbound connection (malware-cnc.rules) * 1:39465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules) * 1:38559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection - keystorkes (malware-cnc.rules) * 1:39173 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.BlackShades Crypter outbound connection (malware-cnc.rules) * 1:39176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Helminth variant outbound connection (malware-cnc.rules) * 1:39084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39411 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qbot variant outbound connection (malware-cnc.rules) * 1:38566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sweeper variant dropper download attempt (malware-cnc.rules) * 1:38676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BBSwift variant outbound connection (malware-cnc.rules) * 1:39052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules) * 1:38950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PassStealer passwords exfiltration attempt (malware-cnc.rules) * 1:18958 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari Webkit attribute child removal code execution attempt (browser-webkit.rules) * 1:38680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tooka GET attempt (malware-cnc.rules) * 1:38888 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:38949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt variant outbound connection (malware-cnc.rules) * 1:39369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorozoad variant outbound connection (malware-cnc.rules) * 1:39159 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:36602 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QVKeylogger outbound variant connection (malware-cnc.rules) * 1:37164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hpastal outbound email attempt (malware-cnc.rules) * 1:36326 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Misnt variant outbound connection (malware-cnc.rules) * 1:36198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant certificate (malware-cnc.rules) * 1:39857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant executable download (malware-cnc.rules) * 1:35034 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Boltolog variant outbound connection download request (malware-cnc.rules) * 1:34841 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DownExecute outbound connection (malware-cnc.rules) * 1:34872 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules) * 1:35030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules) * 1:39911 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HawkEye keylogger exfiltration attempt (malware-cnc.rules) * 1:39738 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules) * 1:34959 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules) * 1:34614 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Enkalogs outbound connection (malware-cnc.rules) * 1:39577 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules) * 1:36064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bagsu variant outbound connection (malware-cnc.rules) * 1:39086 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules) * 1:39855 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant connectivity check (malware-cnc.rules) * 1:36807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules) * 1:38542 <-> DISABLED <-> MALWARE-CNC VBS Trojan Downloading Encoded Executable (malware-cnc.rules) * 1:34932 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shindo outbound connection (malware-cnc.rules) * 1:36567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL.Troloscup outbound variant connection (malware-cnc.rules) * 1:36105 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant (malware-cnc.rules) * 1:34843 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules) * 1:35426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Heur outbound connection (malware-cnc.rules) * 1:36629 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Teabevil variant outbound connection (malware-cnc.rules) * 1:39774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules) * 1:34865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:35076 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:35083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regiskazi outbound connection (malware-cnc.rules) * 1:35596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nibagem outbound variant connection (malware-cnc.rules) * 1:36800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruinmail outbound connection (malware-cnc.rules) * 1:35570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetEagle variant outbound connection (malware-cnc.rules) * 1:36893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trfijan outbound connection (malware-cnc.rules) * 1:35103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex Microsoft Word document dropper download attempt (malware-cnc.rules) * 1:34866 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saibipoc outbound connection (malware-cnc.rules) * 1:34832 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cozybear variant outbound connection (malware-cnc.rules) * 1:39800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hancitor variant outbound connection (malware-cnc.rules) * 1:37037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Arfadinf variant outbound connection (malware-cnc.rules) * 1:38574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TreasureHunter variant outbound connection (malware-cnc.rules) * 1:39583 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus client heartbeat response attempt (malware-cnc.rules) * 1:39921 <-> DISABLED <-> MALWARE-CNC Neutrino outbound connection (malware-cnc.rules) * 1:39160 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.JRat inbound self-signed SSL certificate (malware-cnc.rules) * 1:38558 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules) * 1:34460 <-> DISABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules) * 1:34581 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mathanuc outbound connection (malware-cnc.rules) * 1:34596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Atrax variant outbound connection (malware-cnc.rules) * 1:34931 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules) * 1:38784 <-> DISABLED <-> MALWARE-CNC CryptXXX initial outbound connection (malware-cnc.rules) * 1:39582 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus server heartbeat request attempt (malware-cnc.rules) * 1:39968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donoff outbound connection detected (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
