Talos has added and modified multiple rules in the malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
* 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
* 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
* 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
* 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
* 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
* 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
* 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (snort3-server-webapp.rules) * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (snort3-server-webapp.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (snort3-malware-other.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (snort3-malware-other.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (snort3-malware-cnc.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (snort3-malware-cnc.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (snort3-malware-other.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (snort3-malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (snort3-malware-other.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (snort3-malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (snort3-malware-other.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (snort3-malware-other.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (snort3-malware-other.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (snort3-server-webapp.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (snort3-malware-other.rules)
* 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (snort3-malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (snort3-malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (snort3-malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (snort3-malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (snort3-malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (snort3-malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (snort3-malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (snort3-malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (snort3-malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (snort3-malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (snort3-malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (snort3-malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (snort3-malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (snort3-malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (snort3-malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (snort3-malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (snort3-malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (snort3-malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (snort3-malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (snort3-malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (snort3-malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (snort3-malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (snort3-malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (snort3-malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (snort3-malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (snort3-malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (snort3-malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (snort3-malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (snort3-malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (snort3-malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (snort3-malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (snort3-malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (snort3-malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (snort3-malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (snort3-malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (snort3-malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (snort3-malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (snort3-malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (snort3-malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (snort3-malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (snort3-malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (snort3-malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (snort3-malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (snort3-malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (snort3-malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (snort3-malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (snort3-malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (snort3-malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (snort3-malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (snort3-malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (snort3-malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (snort3-malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (snort3-malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (snort3-malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (snort3-malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (snort3-malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (snort3-malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (snort3-malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (snort3-malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (snort3-malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (snort3-malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (snort3-malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (snort3-malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (snort3-malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (snort3-malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (snort3-malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (snort3-malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (snort3-malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (snort3-malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (snort3-malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (snort3-malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (snort3-malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (snort3-malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (snort3-malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (snort3-malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (snort3-malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (snort3-malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (snort3-malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (snort3-malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (snort3-malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (snort3-malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (snort3-malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (snort3-malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (snort3-malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (snort3-malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (snort3-malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (snort3-malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (snort3-malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (snort3-malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (snort3-malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (snort3-malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (snort3-malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (snort3-malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (snort3-malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (snort3-malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (snort3-malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (snort3-malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (snort3-malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (snort3-malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (snort3-malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (snort3-malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (snort3-malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (snort3-malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (snort3-malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (snort3-malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (snort3-malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (snort3-malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (snort3-malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (snort3-malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (snort3-malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (snort3-malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (snort3-malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (snort3-malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (snort3-malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (snort3-malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (snort3-malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (snort3-malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (snort3-malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (snort3-malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (snort3-malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (snort3-malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (snort3-malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (snort3-malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (snort3-malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (snort3-malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (snort3-malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (snort3-malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (snort3-malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (snort3-malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (snort3-malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (snort3-malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (snort3-malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (snort3-malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (snort3-malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (snort3-malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (snort3-malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (snort3-malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (snort3-malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (snort3-malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (snort3-malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (snort3-malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (snort3-malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (snort3-malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (snort3-malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (snort3-malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (snort3-malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (snort3-malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (snort3-malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (snort3-malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (snort3-malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (snort3-malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (snort3-malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (snort3-malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (snort3-malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (snort3-malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (snort3-malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (snort3-malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (snort3-malware-cnc.rules) * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (snort3-malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (snort3-malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (snort3-malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (snort3-malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (snort3-malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (snort3-malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (snort3-malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (snort3-malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (snort3-malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (snort3-malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (snort3-malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (snort3-malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (snort3-malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (snort3-server-webapp.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (snort3-malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (snort3-malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (snort3-malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (snort3-malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (snort3-malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (snort3-malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (snort3-malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (snort3-malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (snort3-malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (snort3-malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (snort3-malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (snort3-malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (snort3-malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (snort3-malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (snort3-malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (snort3-malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (snort3-malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (snort3-malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (snort3-malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (snort3-malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (snort3-malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (snort3-malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (snort3-malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (snort3-malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (snort3-malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (snort3-malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (snort3-malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (snort3-malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (snort3-malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (snort3-malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (snort3-malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (snort3-malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (snort3-malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (snort3-malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (snort3-malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (snort3-malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (snort3-malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (snort3-malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (snort3-malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (snort3-malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (snort3-malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (snort3-malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (snort3-malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (snort3-malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (snort3-malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (snort3-malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (snort3-malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (snort3-malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (snort3-malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (snort3-malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (snort3-malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (snort3-malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (snort3-malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (snort3-malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (snort3-malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (snort3-malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (snort3-malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (snort3-malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (snort3-malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (snort3-malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (snort3-malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (snort3-malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (snort3-malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (snort3-malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (snort3-malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (snort3-malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (snort3-malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (snort3-malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (snort3-malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (snort3-malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (snort3-malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (snort3-malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (snort3-malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (snort3-malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (snort3-malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (snort3-malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (snort3-malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (snort3-malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (snort3-malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (snort3-malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (snort3-malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (snort3-malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (snort3-malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (snort3-malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (snort3-malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (snort3-malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (snort3-malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (snort3-malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (snort3-malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (snort3-malware-cnc.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (snort3-malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (snort3-malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (snort3-malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (snort3-malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (snort3-malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (snort3-malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (snort3-malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (snort3-malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (snort3-malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (snort3-malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (snort3-malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (snort3-malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (snort3-malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (snort3-malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (snort3-malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (snort3-malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (snort3-malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (snort3-malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (snort3-malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (snort3-malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (snort3-malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (snort3-malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (snort3-malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (snort3-malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (snort3-malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (snort3-malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (snort3-malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (snort3-malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (snort3-malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (snort3-malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (snort3-malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (snort3-malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (snort3-malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (snort3-malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (snort3-malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (snort3-malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (snort3-malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (snort3-malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (snort3-malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (snort3-malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (snort3-malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (snort3-malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (snort3-malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (snort3-malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (snort3-malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (snort3-malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (snort3-malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (snort3-malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (snort3-malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (snort3-malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (snort3-malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (snort3-malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (snort3-malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (snort3-malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (snort3-malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (snort3-malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (snort3-malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (snort3-malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (snort3-malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (snort3-malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (snort3-malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (snort3-malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (snort3-malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (snort3-malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (snort3-malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (snort3-malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (snort3-malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (snort3-malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (snort3-malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (snort3-malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (snort3-malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (snort3-malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (snort3-malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (snort3-malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (snort3-malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (snort3-malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (snort3-malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (snort3-malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (snort3-malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (snort3-malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (snort3-malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (snort3-malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (snort3-malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (snort3-malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (snort3-malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (snort3-malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (snort3-malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (snort3-malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (snort3-malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (snort3-malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (snort3-malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (snort3-malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (snort3-malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (snort3-malware-cnc.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules) * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules) * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules) * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules) * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules) * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules) * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules) * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules) * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules) * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules) * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules) * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules) * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules) * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
* 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules) * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules) * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules) * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules) * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules) * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules) * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules) * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules) * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules) * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules) * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules) * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules) * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules) * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules) * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules) * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules) * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules) * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules) * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules) * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules) * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules) * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules) * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules) * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules) * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules) * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules) * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules) * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules) * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules) * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules) * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules) * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules) * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules) * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules) * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules) * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules) * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules) * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules) * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules) * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules) * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules) * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules) * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules) * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules) * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules) * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules) * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules) * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules) * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules) * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules) * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules) * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules) * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules) * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules) * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules) * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules) * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules) * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules) * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules) * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules) * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules) * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules) * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules) * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules) * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules) * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules) * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules) * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules) * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules) * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules) * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules) * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules) * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules) * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules) * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules) * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules) * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules) * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules) * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules) * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules) * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules) * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules) * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules) * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules) * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules) * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules) * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules) * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules) * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules) * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules) * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules) * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules) * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules) * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules) * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules) * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules) * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules) * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules) * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules) * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules) * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules) * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules) * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules) * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules) * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules) * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules) * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules) * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules) * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules) * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules) * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules) * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules) * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules) * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules) * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules) * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules) * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules) * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules) * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules) * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules) * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules) * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules) * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules) * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules) * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules) * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules) * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules) * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules) * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules) * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules) * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules) * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules) * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules) * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules) * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules) * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules) * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules) * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules) * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules) * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules) * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules) * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules) * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules) * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules) * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules) * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules) * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules) * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules) * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules) * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules) * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules) * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules) * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules) * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules) * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules) * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules) * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules) * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules) * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules) * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules) * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules) * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules) * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules) * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules) * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules) * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules) * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules) * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules) * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules) * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules) * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules) * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules) * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules) * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules) * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules) * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules) * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules) * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules) * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules) * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules) * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules) * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules) * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules) * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules) * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules) * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules) * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules) * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules) * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules) * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules) * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules) * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules) * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules) * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules) * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules) * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant (malware-cnc.rules) * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules) * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules) * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules) * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules) * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules) * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules) * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules) * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules) * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules) * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules) * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules) * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules) * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules) * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules) * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules) * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules) * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules) * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules) * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules) * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules) * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules) * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules) * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules) * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules) * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules) * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules) * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules) * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules) * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules) * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules) * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules) * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules) * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules) * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules) * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules) * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules) * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules) * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules) * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules) * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules) * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules) * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules) * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules) * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules) * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules) * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules) * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules) * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules) * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules) * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules) * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules) * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules) * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules) * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules) * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules) * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules) * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules) * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules) * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules) * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules) * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules) * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules) * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules) * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules) * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules) * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules) * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules) * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules) * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules) * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules) * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules) * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules) * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules) * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules) * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules) * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules) * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules) * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules) * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules) * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules) * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules) * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules) * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules) * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules) * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules) * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules) * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules) * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules) * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules) * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules) * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules) * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules) * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules) * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules) * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules) * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules) * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules) * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules) * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules) * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules) * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules) * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules) * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules) * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules) * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules) * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules) * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules) * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules) * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules) * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
