VRT Rules 2015-02-26
This release adds and modifies rules in several categories.

The VRT has added and modified multiple rules in the blacklist, browser-ie, browser-webkit, file-flash, file-image, file-other, file-pdf, malware-backdoor, malware-cnc, os-other, protocol-voip, pua-p2p, server-mysql and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2962

2015-02-26 15:11:31 UTC

Sourcefire VRT Rules Update

Date: 2015-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2962.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules)
 * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules)
 * 1:33633 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (blacklist.rules)
 * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules)
 * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33632 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33621 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules)
 * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33615 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules)
 * 1:33612 <-> DISABLED <-> SERVER-WEBAPP stronghold-status access (server-webapp.rules)
 * 1:33597 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules)
 * 1:33609 <-> DISABLED <-> SERVER-WEBAPP .wwwpasswd access (server-webapp.rules)
 * 1:33600 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules)
 * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules)
 * 1:33607 <-> DISABLED <-> SERVER-WEBAPP cron access (server-webapp.rules)
 * 1:33598 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules)
 * 1:33601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules)
 * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules)
 * 1:33605 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules)
 * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules)
 * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules)
 * 1:33608 <-> DISABLED <-> SERVER-WEBAPP bin access (server-webapp.rules)
 * 1:33599 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules)
 * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules)
 * 1:33602 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:33606 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules)
 * 1:33610 <-> DISABLED <-> SERVER-WEBAPP .wwwgroup access (server-webapp.rules)
 * 1:33594 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection  (malware-cnc.rules)
 * 1:33614 <-> DISABLED <-> SERVER-WEBAPP caucho-status access (server-webapp.rules)
 * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules)
 * 1:33620 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33613 <-> DISABLED <-> SERVER-WEBAPP stronghold-info access (server-webapp.rules)
 * 1:33611 <-> DISABLED <-> SERVER-WEBAPP httpd.conf access (server-webapp.rules)
 * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)

Modified Rules:


 * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules)
 * 1:32604 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32599 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32622 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32791 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32892 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32956 <-> ENABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32976 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk expires header denial of service attempt (protocol-voip.rules)
 * 1:2180 <-> DISABLED <-> PUA-P2P BitTorrent announce request (pua-p2p.rules)
 * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound communication (malware-cnc.rules)
 * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules)
 * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:29865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:30073 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30336 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Calfbot outbound connection (malware-cnc.rules)
 * 1:30483 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30484 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30548 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30914 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30919 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30938 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30985 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:31020 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> ENABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31240 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31458 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31593 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31644 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31808 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31820 <-> ENABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> ENABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:31827 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31896 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Magnetor vairant outbound connection (malware-cnc.rules)
 * 1:31911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:32002 <-> ENABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:32011 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32012 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> ENABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32018 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32058 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32061 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalgan variant outbound connection (malware-cnc.rules)
 * 1:32071 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32075 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32073 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32090 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32222 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32397 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32401 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32486 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32977 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32987 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32487 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32988 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:32506 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:33081 <-> ENABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:32510 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:33200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33227 <-> ENABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:32513 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:33228 <-> ENABLED <-> MALWARE-CNC Win.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33282 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33431 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:32556 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:33432 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:32557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32584 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules)
 * 1:33547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:33457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:1145 <-> DISABLED <-> SERVER-WEBAPP root access (server-webapp.rules)
 * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:1489 <-> DISABLED <-> SERVER-WEBAPP nobody access (server-webapp.rules)
 * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules)
 * 1:20020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalwareDoctor variant outbound connection (malware-cnc.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)

2970

2015-02-26 15:11:31 UTC

Sourcefire VRT Rules Update

Date: 2015-02-26

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2970.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:33631 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33630 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33629 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33628 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33627 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33626 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33625 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33624 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33623 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33622 <-> DISABLED <-> BROWSER-WEBKIT Apple Safari feeds URI null pointer dereference denial of service attempt (browser-webkit.rules)
 * 1:33621 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33620 <-> ENABLED <-> MALWARE-CNC Unix.Trojan.lubot outbound connection (malware-cnc.rules)
 * 1:33619 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules)
 * 1:33618 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.lubot download (malware-backdoor.rules)
 * 1:33615 <-> ENABLED <-> FILE-IMAGE Adobe Photoshop CS5 gif file heap corruption attempt (file-image.rules)
 * 1:33614 <-> DISABLED <-> SERVER-WEBAPP caucho-status access (server-webapp.rules)
 * 1:33613 <-> DISABLED <-> SERVER-WEBAPP stronghold-info access (server-webapp.rules)
 * 1:33612 <-> DISABLED <-> SERVER-WEBAPP stronghold-status access (server-webapp.rules)
 * 1:33611 <-> DISABLED <-> SERVER-WEBAPP httpd.conf access (server-webapp.rules)
 * 1:33610 <-> DISABLED <-> SERVER-WEBAPP .wwwgroup access (server-webapp.rules)
 * 1:33636 <-> DISABLED <-> SERVER-OTHER SAP Sybase ESP xmlrpc unsafe pointer dereference attempt (server-other.rules)
 * 1:33635 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules)
 * 1:33634 <-> DISABLED <-> FILE-FLASH Adobe Flash Player decompressing denial of service attempt (file-flash.rules)
 * 1:33633 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (blacklist.rules)
 * 1:33632 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:33609 <-> DISABLED <-> SERVER-WEBAPP .wwwpasswd access (server-webapp.rules)
 * 1:33608 <-> DISABLED <-> SERVER-WEBAPP bin access (server-webapp.rules)
 * 1:33607 <-> DISABLED <-> SERVER-WEBAPP cron access (server-webapp.rules)
 * 1:33606 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules)
 * 1:33605 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CAnchorElement use after free attempt (browser-ie.rules)
 * 1:33604 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules)
 * 1:33603 <-> DISABLED <-> FILE-OTHER Microsoft Windows Fax Services Cover Page Editor Double Free Memory Corruption attempt (file-other.rules)
 * 1:33602 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:33601 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:33600 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ramnit variant outbound detected (malware-cnc.rules)
 * 1:33599 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules)
 * 1:33598 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules)
 * 1:33597 <-> DISABLED <-> SERVER-WEBAPP ManageEngine Desktop Central MSP StatusUpdateServlet directory traversal attempt (server-webapp.rules)
 * 1:33596 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules)
 * 1:33595 <-> DISABLED <-> SERVER-OTHER GnuTLS TLSA record heap buffer overflow attempt (server-other.rules)
 * 1:33594 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection  (malware-cnc.rules)
 * 1:33593 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules)
 * 1:33592 <-> DISABLED <-> FILE-OTHER Adobe Shockwave Player SwDir.dll PlayerVersion Buffer Overflow attempt (file-other.rules)

Modified Rules:


 * 1:21669 <-> DISABLED <-> PROTOCOL-VOIP Digium Asterisk expires header denial of service attempt (protocol-voip.rules)
 * 1:20020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalwareDoctor variant outbound connection (malware-cnc.rules)
 * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19389 <-> DISABLED <-> PROTOCOL-VOIP REGISTER flood (protocol-voip.rules)
 * 1:19049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant outbound connection (malware-cnc.rules)
 * 1:3827 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php post attempt (server-webapp.rules)
 * 1:33547 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Turla outbound connection (malware-cnc.rules)
 * 1:33457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33453 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FileEncoder variant outbound connection (malware-cnc.rules)
 * 1:33444 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:33443 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:33435 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33434 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33433 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33432 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33431 <-> ENABLED <-> MALWARE-CNC Cryptowall 3.0 variant outbound connection (malware-cnc.rules)
 * 1:33305 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rubinurd variant outbound connection (malware-cnc.rules)
 * 1:33282 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33228 <-> ENABLED <-> MALWARE-CNC Win.Kovter variant outbound connection (malware-cnc.rules)
 * 1:33227 <-> ENABLED <-> MALWARE-CNC Win.Agent.BHHK variant outbound connection (malware-cnc.rules)
 * 1:33219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:33211 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Upatre variant outbound connection (malware-cnc.rules)
 * 1:33200 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pisces variant outbound connection (malware-cnc.rules)
 * 1:33153 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Heur variant outbound connection (malware-cnc.rules)
 * 1:33152 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nurjax.A outbound connection (malware-cnc.rules)
 * 1:33084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tosct variant outbound connection (malware-cnc.rules)
 * 1:33081 <-> ENABLED <-> MALWARE-CNC OnionDuke variant outbound connection (malware-cnc.rules)
 * 1:33054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Joanap outbound connection (malware-cnc.rules)
 * 1:32990 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toopu outbound connection (malware-cnc.rules)
 * 1:32989 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32988 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32987 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:32977 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32976 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluos variant outbound connection (malware-cnc.rules)
 * 1:32956 <-> ENABLED <-> MALWARE-CNC Android.CoolReaper.Trojan outbound connection (malware-cnc.rules)
 * 1:32893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Finforst outbound connection (malware-cnc.rules)
 * 1:32892 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TorLocker variant outbound connection (malware-cnc.rules)
 * 1:32853 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32852 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poolfiend variant outbound connection (malware-cnc.rules)
 * 1:32825 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Darkhotel outbound connection (malware-cnc.rules)
 * 1:32791 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock outbound connection (malware-cnc.rules)
 * 1:32770 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32677 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex variant outbound connection (malware-cnc.rules)
 * 1:32670 <-> ENABLED <-> MALWARE-CNC Win.Dropper.Ch variant outbound connection (malware-cnc.rules)
 * 1:32624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32623 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32622 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32621 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Regin outbound connection (malware-cnc.rules)
 * 1:32606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sodebral variant outbound connection (malware-cnc.rules)
 * 1:32605 <-> ENABLED <-> MALWARE-CNC Win.Worm.Jenxcus variant outbound connection (malware-cnc.rules)
 * 1:32604 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Geodo variant outbound connection (malware-cnc.rules)
 * 1:32599 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Mysayad outbound connection (malware-cnc.rules)
 * 1:32584 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32583 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:32557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32556 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayoboiz outbound connection (malware-cnc.rules)
 * 1:32513 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Havex outbound connection (malware-cnc.rules)
 * 1:32510 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.PiltabeA outbound connection (malware-cnc.rules)
 * 1:32506 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Secdeskinf outbound connection (malware-cnc.rules)
 * 1:32487 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Exadog variant outbound connection (malware-cnc.rules)
 * 1:32486 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Exadog outbound connection (malware-cnc.rules)
 * 1:32469 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:32401 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Kivars outbound connection (malware-cnc.rules)
 * 1:32397 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32396 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32395 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32394 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orcarat variant outbound connection (malware-cnc.rules)
 * 1:32379 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Baccamun variant outbound connection (malware-cnc.rules)
 * 1:32374 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:32373 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Broonject variant outbound connection (malware-cnc.rules)
 * 1:32372 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Drepitt variant outbound connection (malware-cnc.rules)
 * 1:32367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameOverZeus variant outbound connection (malware-cnc.rules)
 * 1:32357 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Akaza variant outbound connection (malware-cnc.rules)
 * 1:32338 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ropest variant outbound connection (malware-cnc.rules)
 * 1:32334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stantinko variant outbound connection (malware-cnc.rules)
 * 1:32310 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfi variant outbound connection (malware-cnc.rules)
 * 1:32293 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Acanas variant outbound connection (malware-cnc.rules)
 * 1:32225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:32222 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Liroospu variant outbound connection (malware-cnc.rules)
 * 1:32195 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Palebot variant outbound connection (malware-cnc.rules)
 * 1:32130 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:32123 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:32121 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:32096 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Puver variant outbound connection (malware-cnc.rules)
 * 1:32093 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:32091 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.PcertStealer variant outbound connection (malware-cnc.rules)
 * 1:32090 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Saaglup variant outbound connection (malware-cnc.rules)
 * 1:32086 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Corkow variant outbound connection (malware-cnc.rules)
 * 1:32075 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:32073 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zemot outbound connection (malware-cnc.rules)
 * 1:32071 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zapchast variant outbound connection (malware-cnc.rules)
 * 1:32070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dalgan variant outbound connection (malware-cnc.rules)
 * 1:32067 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32066 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox outbound connection (malware-cnc.rules)
 * 1:32061 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Nekill variant outbound connection (malware-cnc.rules)
 * 1:32058 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Masatekar variant outbound connection (malware-cnc.rules)
 * 1:32050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Larosden variant outbound connection (malware-cnc.rules)
 * 1:32048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lecpetex variant outbound connection (malware-cnc.rules)
 * 1:32040 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Ganiw variant outbound connection (malware-cnc.rules)
 * 1:32037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload.awt variant outbound connection (malware-cnc.rules)
 * 1:32036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Somoca vaniant outbound connection (malware-cnc.rules)
 * 1:32035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Boleteiro variant outbound connection (malware-cnc.rules)
 * 1:32034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Larefervt variant outbound connection (malware-cnc.rules)
 * 1:32028 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Klabcon variant outbound connection (malware-cnc.rules)
 * 1:32023 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinpid variant outbound connection (malware-cnc.rules)
 * 1:32020 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Krompt variant outbound connection (malware-cnc.rules)
 * 1:32018 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Hupigon.NYK variant outbound connection (malware-cnc.rules)
 * 1:32015 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zeus variant outbound connection (malware-cnc.rules)
 * 1:32013 <-> ENABLED <-> MALWARE-CNC Linux.Worm.Darlloz variant outbound connection (malware-cnc.rules)
 * 1:32012 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Bipamid variant outbound connection (malware-cnc.rules)
 * 1:32011 <-> ENABLED <-> MALWARE-CNC Linux.Backdoor.Flooder outbound connection (malware-cnc.rules)
 * 1:32002 <-> ENABLED <-> MALWARE-CNC Win.Worm.Zorenium variant outbound connection (malware-cnc.rules)
 * 1:31974 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zegorg variant outbound connection (malware-cnc.rules)
 * 1:31973 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chebri variant outbound connection (malware-cnc.rules)
 * 1:31957 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.MSIL.Torct variant outbound connection (malware-cnc.rules)
 * 1:31941 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Pedrp variant outbound connection (malware-cnc.rules)
 * 1:31928 <-> ENABLED <-> MALWARE-CNC Win.Trojan-Downloader.Becontr variant outbound connection (malware-cnc.rules)
 * 1:31924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Gareme variant outbound connection (malware-cnc.rules)
 * 1:31907 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Honerep variant outbound connection (malware-cnc.rules)
 * 1:31896 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Magnetor vairant outbound connection (malware-cnc.rules)
 * 1:31895 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Toupi variant outbound connection (malware-cnc.rules)
 * 1:31837 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Retgate variant outbound connection (malware-cnc.rules)
 * 1:31836 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL.Seribe variant outbound connection (malware-cnc.rules)
 * 1:31835 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Yesudac variant outbound connection (malware-cnc.rules)
 * 1:31827 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:31824 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31820 <-> ENABLED <-> MALWARE-CNC Win.Banker.Delf variant outbound connection (malware-cnc.rules)
 * 1:31808 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31717 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31644 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31593 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31458 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31452 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31450 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31355 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31344 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31316 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31303 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31295 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi outbound connection (malware-cnc.rules)
 * 1:31242 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31241 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31240 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> ENABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31113 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> ENABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptodefence variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> ENABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31020 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30985 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30938 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30919 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30914 <-> ENABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30548 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30484 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30483 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30336 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Calfbot outbound connection (malware-cnc.rules)
 * 1:30288 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30073 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:29865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:28537 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28536 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28535 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:28534 <-> DISABLED <-> FILE-OTHER Apple Quicktime TeXML description attribute overflow attempt (file-other.rules)
 * 1:27236 <-> DISABLED <-> SERVER-OTHER Citrix XenApp password buffer overflow attempt (server-other.rules)
 * 1:26310 <-> DISABLED <-> SERVER-MYSQL MySQL/MariaDB Server geometry query linestring object integer overflow attempt (server-mysql.rules)
 * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound communication (malware-cnc.rules)
 * 1:25020 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:25019 <-> DISABLED <-> OS-OTHER Cisco Nexus OS software command injection attempt (os-other.rules)
 * 1:2180 <-> DISABLED <-> PUA-P2P BitTorrent announce request (pua-p2p.rules)
 * 1:18987 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18986 <-> DISABLED <-> FILE-PDF Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution attempt (file-pdf.rules)
 * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules)
 * 1:1489 <-> DISABLED <-> SERVER-WEBAPP nobody access (server-webapp.rules)
 * 1:13818 <-> DISABLED <-> SERVER-WEBAPP PHP alternate xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:13817 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:13816 <-> DISABLED <-> SERVER-WEBAPP PHP xmlrpc.php command injection attempt (server-webapp.rules)
 * 1:1145 <-> DISABLED <-> SERVER-WEBAPP root access (server-webapp.rules)