Sourcefire VRT Rules Update

Date: 2007-12-11

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.7.

The format of the file is:

sid - Message (rule group)

New rules:
12789 <-> SPYWARE-PUT Adware sunshine spy 1.0 runtime detection - check update (spyware-put.rules)
12790 <-> SPYWARE-PUT Trackware partypoker runtime detection (spyware-put.rules)
12791 <-> SPYWARE-PUT Adware gophoria toolbar runtime detection (spyware-put.rules)
12792 <-> SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (spyware-put.rules)
12793 <-> SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (spyware-put.rules)
12794 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - search frauddb process (spyware-put.rules)
12795 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - display frauddb information (spyware-put.rules)
12796 <-> SPYWARE-PUT Trackware happytofind toolbar runtime detection (spyware-put.rules)
12797 <-> SPYWARE-PUT Adware x-con spyware destroyer eh 3.2.8 runtime detection (spyware-put.rules)
12798 <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
12799 <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
12800 <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
12801 <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
12802 <-> SHELLCODE base64 x86 NOOP (shellcode.rules)
12803 <-> WEB-CLIENT VideoLAN VLC ActiveX clsid access (web-client.rules)
12804 <-> WEB-CLIENT VideoLAN VLC ActiveX clsid unicode access (web-client.rules)
12805 <-> WEB-CLIENT VideoLAN VLC ActiveX function call access (web-client.rules)
12806 <-> WEB-CLIENT VideoLAN VLC ActiveX function call unicode access (web-client.rules)
12807 <-> SMTP Lotus 123 file attachment (smtp.rules)
12808 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx object call overflow attempt (netbios.rules)
12809 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules)
12810 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx object call overflow attempt (netbios.rules)
12811 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules)
12812 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian object call overflow attempt (netbios.rules)
12813 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules)
12814 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX object call overflow attempt (netbios.rules)
12815 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules)
12816 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx object call overflow attempt (netbios.rules)
12817 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules)
12818 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx object call overflow attempt (netbios.rules)
12819 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules)
12820 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules)
12821 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules)
12822 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode object call overflow attempt (netbios.rules)
12823 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules)
12824 <-> NETBIOS SMB spoolss OpenPrinter andx object call overflow attempt (netbios.rules)
12825 <-> NETBIOS SMB spoolss OpenPrinter andx overflow attempt (netbios.rules)
12826 <-> NETBIOS SMB spoolss OpenPrinter little endian andx object call overflow attempt (netbios.rules)
12827 <-> NETBIOS SMB spoolss OpenPrinter little endian andx overflow attempt (netbios.rules)
12828 <-> NETBIOS SMB spoolss OpenPrinter little endian object call overflow attempt (netbios.rules)
12829 <-> NETBIOS SMB spoolss OpenPrinter little endian overflow attempt (netbios.rules)
12830 <-> NETBIOS SMB spoolss OpenPrinter object call overflow attempt (netbios.rules)
12831 <-> NETBIOS SMB spoolss OpenPrinter overflow attempt (netbios.rules)
12832 <-> NETBIOS SMB spoolss OpenPrinter unicode andx object call overflow attempt (netbios.rules)
12833 <-> NETBIOS SMB spoolss OpenPrinter unicode andx overflow attempt (netbios.rules)
12834 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx object call overflow attempt (netbios.rules)
12835 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules)
12836 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian object call overflow attempt (netbios.rules)
12837 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules)
12838 <-> NETBIOS SMB spoolss OpenPrinter unicode object call overflow attempt (netbios.rules)
12839 <-> NETBIOS SMB spoolss OpenPrinter unicode overflow attempt (netbios.rules)
12840 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules)
12841 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules)
12842 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules)
12843 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules)
12844 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules)
12845 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules)
12846 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules)
12847 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules)
12848 <-> NETBIOS SMB v4 spoolss OpenPrinter andx overflow attempt (netbios.rules)
12849 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian andx overflow attempt (netbios.rules)
12850 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian overflow attempt (netbios.rules)
12851 <-> NETBIOS SMB v4 spoolss OpenPrinter overflow attempt (netbios.rules)
12852 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode andx overflow attempt (netbios.rules)
12853 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules)
12854 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules)
12855 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode overflow attempt (netbios.rules)
12856 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx object call overflow attempt (netbios.rules)
12857 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules)
12858 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx object call overflow attempt (netbios.rules)
12859 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules)
12860 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian object call overflow attempt (netbios.rules)
12861 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules)
12862 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX object call overflow attempt (netbios.rules)
12863 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules)
12864 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx object call overflow attempt (netbios.rules)
12865 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules)
12866 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx object call overflow attempt (netbios.rules)
12867 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules)
12868 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules)
12869 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules)
12870 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode object call overflow attempt (netbios.rules)
12871 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules)
12872 <-> NETBIOS SMB spoolss OpenPrinter andx object call overflow attempt (netbios.rules)
12873 <-> NETBIOS SMB spoolss OpenPrinter andx overflow attempt (netbios.rules)
12874 <-> NETBIOS SMB spoolss OpenPrinter little endian andx object call overflow attempt (netbios.rules)
12875 <-> NETBIOS SMB spoolss OpenPrinter little endian andx overflow attempt (netbios.rules)
12876 <-> NETBIOS SMB spoolss OpenPrinter little endian object call overflow attempt (netbios.rules)
12877 <-> NETBIOS SMB spoolss OpenPrinter little endian overflow attempt (netbios.rules)
12878 <-> NETBIOS SMB spoolss OpenPrinter object call overflow attempt (netbios.rules)
12879 <-> NETBIOS SMB spoolss OpenPrinter overflow attempt (netbios.rules)
12880 <-> NETBIOS SMB spoolss OpenPrinter unicode andx object call overflow attempt (netbios.rules)
12881 <-> NETBIOS SMB spoolss OpenPrinter unicode andx overflow attempt (netbios.rules)
12882 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx object call overflow attempt (netbios.rules)
12883 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules)
12884 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian object call overflow attempt (netbios.rules)
12885 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules)
12886 <-> NETBIOS SMB spoolss OpenPrinter unicode object call overflow attempt (netbios.rules)
12887 <-> NETBIOS SMB spoolss OpenPrinter unicode overflow attempt (netbios.rules)
12888 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules)
12889 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules)
12890 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules)
12891 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules)
12892 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules)
12893 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules)
12894 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules)
12895 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules)
12896 <-> NETBIOS SMB v4 spoolss OpenPrinter andx overflow attempt (netbios.rules)
12897 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian andx overflow attempt (netbios.rules)
12898 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian overflow attempt (netbios.rules)
12899 <-> NETBIOS SMB v4 spoolss OpenPrinter overflow attempt (netbios.rules)
12900 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode andx overflow attempt (netbios.rules)
12901 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules)
12902 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules)
12903 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode overflow attempt (netbios.rules)
12904 <-> EXPLOIT Veritas NetBackup vmd shared library buffer overflow attempt (exploit.rules)
12905 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules)
12906 <-> NETBIOS DCERPC DIRECT brightstor-arc3 alter context attempt (netbios.rules)
12907 <-> NETBIOS DCERPC DIRECT brightstor-arc3 little endian alter context attempt (netbios.rules)
12908 <-> NETBIOS DCERPC DIRECT brightstor-arc3 bind attempt (netbios.rules)
12909 <-> NETBIOS DCERPC DIRECT brightstor-arc3 little endian bind attempt (netbios.rules)
12910 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 4 little endian attempt (netbios.rules)
12911 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 4 attempt (netbios.rules)
12912 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 little endian attempt (netbios.rules)
12913 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 attempt (netbios.rules)
12914 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 little endian object call attempt (netbios.rules)
12915 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 object call attempt (netbios.rules)
12916 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 attempt (netbios.rules)
12917 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 12 attempt (netbios.rules)
12918 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 little endian attempt (netbios.rules)
12919 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 12 little endian attempt (netbios.rules)
12920 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 object call attempt (netbios.rules)
12921 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 little endian object call attempt (netbios.rules)
12922 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 little endian attempt (netbios.rules)
12923 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 attempt (netbios.rules)
12924 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 16 little endian attempt (netbios.rules)
12925 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 16 attempt (netbios.rules)
12926 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 little endian object call attempt (netbios.rules)
12927 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 object call attempt (netbios.rules)
12928 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 little endian attempt (netbios.rules)
12929 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 attempt (netbios.rules)
12930 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 18 attempt (netbios.rules)
12931 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 18 little endian attempt (netbios.rules)
12932 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 little endian object call attempt (netbios.rules)
12933 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 object call attempt (netbios.rules)
12934 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 19 attempt (netbios.rules)
12935 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 19 little endian attempt (netbios.rules)
12936 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 attempt (netbios.rules)
12937 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 little endian attempt (netbios.rules)
12938 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 object call attempt (netbios.rules)
12939 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 little endian object call attempt (netbios.rules)
12940 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
12941 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc2 CA call 269 little endian overflow attempt (netbios.rules)
12942 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 overflow attempt (netbios.rules)
12943 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 little endian overflow attempt (netbios.rules)
12944 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 object call overflow attempt (netbios.rules)
12945 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 little endian object call overflow attempt (netbios.rules)
12946 <-> NETBIOS SMB-DS SMBv2 protocol negotiation attempt (netbios.rules)
12947 <-> NETBIOS SMB SMBv2 protocol negotiation attempt (netbios.rules)
12948 <-> WEB-CLIENT Vantage Linguistics 1 ActiveX clsid access (web-client.rules)
12949 <-> WEB-CLIENT Vantage Linguistics 1 ActiveX clsid unicode access (web-client.rules)
12950 <-> WEB-CLIENT Vantage Linguistics 2 ActiveX clsid access (web-client.rules)
12951 <-> WEB-CLIENT Vantage Linguistics 2 ActiveX clsid unicode access (web-client.rules)
12952 <-> WEB-CLIENT Vantage Linguistics 3 ActiveX clsid access (web-client.rules)
12953 <-> WEB-CLIENT Vantage Linguistics 3 ActiveX clsid unicode access (web-client.rules)
12954 <-> WEB-CLIENT DXLTPI.DLL ActiveX clsid access (web-client.rules)
12955 <-> WEB-CLIENT DXLTPI.DLL ActiveX clsid unicode access (web-client.rules)
12956 <-> WEB-CLIENT MSN Heartbeat ActiveX clsid unicode access (web-client.rules)
12957 <-> WEB-CLIENT MSN Heartbeat 2 ActiveX clsid access (web-client.rules)
12958 <-> WEB-CLIENT MSN Heartbeat 2 ActiveX clsid unicode access (web-client.rules)
12959 <-> WEB-CLIENT MSN Heartbeat 3 ActiveX clsid access (web-client.rules)
12960 <-> WEB-CLIENT MSN Heartbeat 3 ActiveX clsid unicode access (web-client.rules)
12961 <-> WEB-CLIENT Intuit QuickBooks Online Import 1 ActiveX clsid access (web-client.rules)
12962 <-> WEB-CLIENT Intuit QuickBooks Online Import 1 ActiveX clsid unicode access (web-client.rules)
12963 <-> WEB-CLIENT Intuit QuickBooks Online Import 2 ActiveX clsid access (web-client.rules)
12964 <-> WEB-CLIENT Intuit QuickBooks Online Import 2 ActiveX clsid unicode access (web-client.rules)
12965 <-> WEB-CLIENT Intuit QuickBooks Online Import 3 ActiveX clsid access (web-client.rules)
12966 <-> WEB-CLIENT Intuit QuickBooks Online Import 3 ActiveX clsid unicode access (web-client.rules)
12967 <-> WEB-CLIENT Intuit QuickBooks Online Import 4 ActiveX clsid access (web-client.rules)
12968 <-> WEB-CLIENT Intuit QuickBooks Online Import 4 ActiveX clsid unicode access (web-client.rules)
12969 <-> WEB-CLIENT Intuit QuickBooks Online Import 5 ActiveX clsid access (web-client.rules)
12970 <-> WEB-CLIENT Intuit QuickBooks Online Import 5 ActiveX clsid unicode access (web-client.rules)
12971 <-> EXPLOIT microsoft directshow wav file overflow attempt (exploit.rules)
12972 <-> WEB-CLIENT Microsoft Media Player .asf markers detected (web-client.rules)
12973 <-> NETBIOS DCERPC DIRECT qmcomm alter context attempt (netbios.rules)
12974 <-> NETBIOS DCERPC DIRECT qmcomm little endian alter context attempt (netbios.rules)
12975 <-> NETBIOS DCERPC DIRECT qmcomm bind attempt (netbios.rules)
12976 <-> NETBIOS DCERPC DIRECT qmcomm little endian bind attempt (netbios.rules)
12977 <-> NETBIOS DCERPC DIRECT v4 qmcomm QMCreateObjectInternal overflow attempt (netbios.rules)
12978 <-> NETBIOS DCERPC DIRECT v4 qmcomm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12979 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal overflow attempt (netbios.rules)
12980 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12981 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal object call overflow attempt (netbios.rules)
12982 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules)
12983 <-> EXPLOIT DirectX SAMI file CRawParser attempted buffer overflow attempt (exploit.rules)

Updated rules:
4167 <-> WEB-CLIENT MSN Heartbeat ActiveX clsid access (web-client.rules)
12006 <-> VOIP-SIP Outbound INVITE Message (voip.rules)
12393 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid access (web-client.rules)
12394 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid unicode access (web-client.rules)
12395 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid access (web-client.rules)
12396 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid unicode access (web-client.rules)
12397 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid access (web-client.rules)
12398 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid unicode access (web-client.rules)
12399 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid access (web-client.rules)
12400 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid unicode access (web-client.rules)
12401 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid access (web-client.rules)
12402 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid unicode access (web-client.rules)
12403 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid access (web-client.rules)
12404 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid unicode access (web-client.rules)
12405 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid access (web-client.rules)
12406 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid unicode access (web-client.rules)
12407 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid access (web-client.rules)
12408 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid unicode access (web-client.rules)
12409 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid access (web-client.rules)
12410 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid unicode access (web-client.rules)
12411 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid access (web-client.rules)
12412 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid unicode access (web-client.rules)
12762 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX clsid access (web-client.rules)
12763 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX clsid unicode access (web-client.rules)
12764 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX function call access (web-client.rules)
12765 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX function call unicode access (web-client.rules)
12766 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX clsid access (web-client.rules)
12767 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX clsid unicode access (web-client.rules)
12768 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX function call access (web-client.rules)
12769 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX function call unicode access (web-client.rules)
12770 <-> SPECIFIC-THREATS obfuscated RDS.Dataspace ActiveX exploit attempt (specific-threats.rules)
12771 <-> SPECIFIC-THREATS obfuscated BaoFeng Storm MPS.dll ActiveX exploit attempt (specific-threats.rules)
12772 <-> SPECIFIC-THREATS obfuscated PPStream PowerPlayer ActiveX exploit attempt (specific-threats.rules)
12773 <-> SPECIFIC-THREATS obfuscated Xunlei Thunder PPLAYER.DLL ActiveX exploit attempt (specific-threats.rules)
12774 <-> SPECIFIC-THREATS obfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attempt (specific-threats.rules)
12775 <-> SPECIFIC-THREATS obfuscated RealPlayer Ierpplug.dll ActiveX exploit attempt (specific-threats.rules)