Sourcefire VRT Rules Update
Date: 2007-12-11
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules: 12789 <-> SPYWARE-PUT Adware sunshine spy 1.0 runtime detection - check update (spyware-put.rules) 12790 <-> SPYWARE-PUT Trackware partypoker runtime detection (spyware-put.rules) 12791 <-> SPYWARE-PUT Adware gophoria toolbar runtime detection (spyware-put.rules) 12792 <-> SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (spyware-put.rules) 12793 <-> SPYWARE-PUT Keylogger spy lantern Keylogger pro 6.0 runtime detection (spyware-put.rules) 12794 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - search frauddb process (spyware-put.rules) 12795 <-> SPYWARE-PUT Hijacker gralicwrap runtime detection - display frauddb information (spyware-put.rules) 12796 <-> SPYWARE-PUT Trackware happytofind toolbar runtime detection (spyware-put.rules) 12797 <-> SPYWARE-PUT Adware x-con spyware destroyer eh 3.2.8 runtime detection (spyware-put.rules) 12798 <-> SHELLCODE base64 x86 NOOP (shellcode.rules) 12799 <-> SHELLCODE base64 x86 NOOP (shellcode.rules) 12800 <-> SHELLCODE base64 x86 NOOP (shellcode.rules) 12801 <-> SHELLCODE base64 x86 NOOP (shellcode.rules) 12802 <-> SHELLCODE base64 x86 NOOP (shellcode.rules) 12803 <-> WEB-CLIENT VideoLAN VLC ActiveX clsid access (web-client.rules) 12804 <-> WEB-CLIENT VideoLAN VLC ActiveX clsid unicode access (web-client.rules) 12805 <-> WEB-CLIENT VideoLAN VLC ActiveX function call access (web-client.rules) 12806 <-> WEB-CLIENT VideoLAN VLC ActiveX function call unicode access (web-client.rules) 12807 <-> SMTP Lotus 123 file attachment (smtp.rules) 12808 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx object call overflow attempt (netbios.rules) 12809 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules) 12810 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx object call overflow attempt (netbios.rules) 12811 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 12812 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian object call overflow attempt (netbios.rules) 12813 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules) 12814 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX object call overflow attempt (netbios.rules) 12815 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules) 12816 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx object call overflow attempt (netbios.rules) 12817 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 12818 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 12819 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 12820 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules) 12821 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 12822 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode object call overflow attempt (netbios.rules) 12823 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules) 12824 <-> NETBIOS SMB spoolss OpenPrinter andx object call overflow attempt (netbios.rules) 12825 <-> NETBIOS SMB spoolss OpenPrinter andx overflow attempt (netbios.rules) 12826 <-> NETBIOS SMB spoolss OpenPrinter little endian andx object call overflow attempt (netbios.rules) 12827 <-> NETBIOS SMB spoolss OpenPrinter little endian andx overflow attempt (netbios.rules) 12828 <-> NETBIOS SMB spoolss OpenPrinter little endian object call overflow attempt (netbios.rules) 12829 <-> NETBIOS SMB spoolss OpenPrinter little endian overflow attempt (netbios.rules) 12830 <-> NETBIOS SMB spoolss OpenPrinter object call overflow attempt (netbios.rules) 12831 <-> NETBIOS SMB spoolss OpenPrinter overflow attempt (netbios.rules) 12832 <-> NETBIOS SMB spoolss OpenPrinter unicode andx object call overflow attempt (netbios.rules) 12833 <-> NETBIOS SMB spoolss OpenPrinter unicode andx overflow attempt (netbios.rules) 12834 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx object call overflow attempt (netbios.rules) 12835 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules) 12836 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian object call overflow attempt (netbios.rules) 12837 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules) 12838 <-> NETBIOS SMB spoolss OpenPrinter unicode object call overflow attempt (netbios.rules) 12839 <-> NETBIOS SMB spoolss OpenPrinter unicode overflow attempt (netbios.rules) 12840 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules) 12841 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 12842 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules) 12843 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules) 12844 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 12845 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 12846 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 12847 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules) 12848 <-> NETBIOS SMB v4 spoolss OpenPrinter andx overflow attempt (netbios.rules) 12849 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian andx overflow attempt (netbios.rules) 12850 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian overflow attempt (netbios.rules) 12851 <-> NETBIOS SMB v4 spoolss OpenPrinter overflow attempt (netbios.rules) 12852 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode andx overflow attempt (netbios.rules) 12853 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules) 12854 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules) 12855 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode overflow attempt (netbios.rules) 12856 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx object call overflow attempt (netbios.rules) 12857 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules) 12858 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx object call overflow attempt (netbios.rules) 12859 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 12860 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian object call overflow attempt (netbios.rules) 12861 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules) 12862 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX object call overflow attempt (netbios.rules) 12863 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules) 12864 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx object call overflow attempt (netbios.rules) 12865 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 12866 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx object call overflow attempt (netbios.rules) 12867 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 12868 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian object call overflow attempt (netbios.rules) 12869 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 12870 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode object call overflow attempt (netbios.rules) 12871 <-> NETBIOS SMB spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules) 12872 <-> NETBIOS SMB spoolss OpenPrinter andx object call overflow attempt (netbios.rules) 12873 <-> NETBIOS SMB spoolss OpenPrinter andx overflow attempt (netbios.rules) 12874 <-> NETBIOS SMB spoolss OpenPrinter little endian andx object call overflow attempt (netbios.rules) 12875 <-> NETBIOS SMB spoolss OpenPrinter little endian andx overflow attempt (netbios.rules) 12876 <-> NETBIOS SMB spoolss OpenPrinter little endian object call overflow attempt (netbios.rules) 12877 <-> NETBIOS SMB spoolss OpenPrinter little endian overflow attempt (netbios.rules) 12878 <-> NETBIOS SMB spoolss OpenPrinter object call overflow attempt (netbios.rules) 12879 <-> NETBIOS SMB spoolss OpenPrinter overflow attempt (netbios.rules) 12880 <-> NETBIOS SMB spoolss OpenPrinter unicode andx object call overflow attempt (netbios.rules) 12881 <-> NETBIOS SMB spoolss OpenPrinter unicode andx overflow attempt (netbios.rules) 12882 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx object call overflow attempt (netbios.rules) 12883 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules) 12884 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian object call overflow attempt (netbios.rules) 12885 <-> NETBIOS SMB spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules) 12886 <-> NETBIOS SMB spoolss OpenPrinter unicode object call overflow attempt (netbios.rules) 12887 <-> NETBIOS SMB spoolss OpenPrinter unicode overflow attempt (netbios.rules) 12888 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX andx overflow attempt (netbios.rules) 12889 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian andx overflow attempt (netbios.rules) 12890 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX little endian overflow attempt (netbios.rules) 12891 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX overflow attempt (netbios.rules) 12892 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode andx overflow attempt (netbios.rules) 12893 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian andx overflow attempt (netbios.rules) 12894 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode little endian overflow attempt (netbios.rules) 12895 <-> NETBIOS SMB v4 spoolss OpenPrinter WriteAndX unicode overflow attempt (netbios.rules) 12896 <-> NETBIOS SMB v4 spoolss OpenPrinter andx overflow attempt (netbios.rules) 12897 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian andx overflow attempt (netbios.rules) 12898 <-> NETBIOS SMB v4 spoolss OpenPrinter little endian overflow attempt (netbios.rules) 12899 <-> NETBIOS SMB v4 spoolss OpenPrinter overflow attempt (netbios.rules) 12900 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode andx overflow attempt (netbios.rules) 12901 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian andx overflow attempt (netbios.rules) 12902 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode little endian overflow attempt (netbios.rules) 12903 <-> NETBIOS SMB v4 spoolss OpenPrinter unicode overflow attempt (netbios.rules) 12904 <-> EXPLOIT Veritas NetBackup vmd shared library buffer overflow attempt (exploit.rules) 12905 <-> SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt (specific-threats.rules) 12906 <-> NETBIOS DCERPC DIRECT brightstor-arc3 alter context attempt (netbios.rules) 12907 <-> NETBIOS DCERPC DIRECT brightstor-arc3 little endian alter context attempt (netbios.rules) 12908 <-> NETBIOS DCERPC DIRECT brightstor-arc3 bind attempt (netbios.rules) 12909 <-> NETBIOS DCERPC DIRECT brightstor-arc3 little endian bind attempt (netbios.rules) 12910 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 4 little endian attempt (netbios.rules) 12911 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 4 attempt (netbios.rules) 12912 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 little endian attempt (netbios.rules) 12913 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 attempt (netbios.rules) 12914 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 little endian object call attempt (netbios.rules) 12915 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 4 object call attempt (netbios.rules) 12916 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 attempt (netbios.rules) 12917 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 12 attempt (netbios.rules) 12918 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 little endian attempt (netbios.rules) 12919 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 12 little endian attempt (netbios.rules) 12920 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 object call attempt (netbios.rules) 12921 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 12 little endian object call attempt (netbios.rules) 12922 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 little endian attempt (netbios.rules) 12923 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 attempt (netbios.rules) 12924 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 16 little endian attempt (netbios.rules) 12925 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 16 attempt (netbios.rules) 12926 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 little endian object call attempt (netbios.rules) 12927 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 16 object call attempt (netbios.rules) 12928 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 little endian attempt (netbios.rules) 12929 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 attempt (netbios.rules) 12930 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 18 attempt (netbios.rules) 12931 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 18 little endian attempt (netbios.rules) 12932 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 little endian object call attempt (netbios.rules) 12933 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 18 object call attempt (netbios.rules) 12934 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 19 attempt (netbios.rules) 12935 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc3 CA opcode 19 little endian attempt (netbios.rules) 12936 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 attempt (netbios.rules) 12937 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 little endian attempt (netbios.rules) 12938 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 object call attempt (netbios.rules) 12939 <-> NETBIOS DCERPC DIRECT brightstor-arc3 CA opcode 19 little endian object call attempt (netbios.rules) 12940 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc2 CA call 269 overflow attempt (netbios.rules) 12941 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc2 CA call 269 little endian overflow attempt (netbios.rules) 12942 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 overflow attempt (netbios.rules) 12943 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 little endian overflow attempt (netbios.rules) 12944 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 object call overflow attempt (netbios.rules) 12945 <-> NETBIOS DCERPC DIRECT brightstor-arc2 CA call 269 little endian object call overflow attempt (netbios.rules) 12946 <-> NETBIOS SMB-DS SMBv2 protocol negotiation attempt (netbios.rules) 12947 <-> NETBIOS SMB SMBv2 protocol negotiation attempt (netbios.rules) 12948 <-> WEB-CLIENT Vantage Linguistics 1 ActiveX clsid access (web-client.rules) 12949 <-> WEB-CLIENT Vantage Linguistics 1 ActiveX clsid unicode access (web-client.rules) 12950 <-> WEB-CLIENT Vantage Linguistics 2 ActiveX clsid access (web-client.rules) 12951 <-> WEB-CLIENT Vantage Linguistics 2 ActiveX clsid unicode access (web-client.rules) 12952 <-> WEB-CLIENT Vantage Linguistics 3 ActiveX clsid access (web-client.rules) 12953 <-> WEB-CLIENT Vantage Linguistics 3 ActiveX clsid unicode access (web-client.rules) 12954 <-> WEB-CLIENT DXLTPI.DLL ActiveX clsid access (web-client.rules) 12955 <-> WEB-CLIENT DXLTPI.DLL ActiveX clsid unicode access (web-client.rules) 12956 <-> WEB-CLIENT MSN Heartbeat ActiveX clsid unicode access (web-client.rules) 12957 <-> WEB-CLIENT MSN Heartbeat 2 ActiveX clsid access (web-client.rules) 12958 <-> WEB-CLIENT MSN Heartbeat 2 ActiveX clsid unicode access (web-client.rules) 12959 <-> WEB-CLIENT MSN Heartbeat 3 ActiveX clsid access (web-client.rules) 12960 <-> WEB-CLIENT MSN Heartbeat 3 ActiveX clsid unicode access (web-client.rules) 12961 <-> WEB-CLIENT Intuit QuickBooks Online Import 1 ActiveX clsid access (web-client.rules) 12962 <-> WEB-CLIENT Intuit QuickBooks Online Import 1 ActiveX clsid unicode access (web-client.rules) 12963 <-> WEB-CLIENT Intuit QuickBooks Online Import 2 ActiveX clsid access (web-client.rules) 12964 <-> WEB-CLIENT Intuit QuickBooks Online Import 2 ActiveX clsid unicode access (web-client.rules) 12965 <-> WEB-CLIENT Intuit QuickBooks Online Import 3 ActiveX clsid access (web-client.rules) 12966 <-> WEB-CLIENT Intuit QuickBooks Online Import 3 ActiveX clsid unicode access (web-client.rules) 12967 <-> WEB-CLIENT Intuit QuickBooks Online Import 4 ActiveX clsid access (web-client.rules) 12968 <-> WEB-CLIENT Intuit QuickBooks Online Import 4 ActiveX clsid unicode access (web-client.rules) 12969 <-> WEB-CLIENT Intuit QuickBooks Online Import 5 ActiveX clsid access (web-client.rules) 12970 <-> WEB-CLIENT Intuit QuickBooks Online Import 5 ActiveX clsid unicode access (web-client.rules) 12971 <-> EXPLOIT microsoft directshow wav file overflow attempt (exploit.rules) 12972 <-> WEB-CLIENT Microsoft Media Player .asf markers detected (web-client.rules) 12973 <-> NETBIOS DCERPC DIRECT qmcomm alter context attempt (netbios.rules) 12974 <-> NETBIOS DCERPC DIRECT qmcomm little endian alter context attempt (netbios.rules) 12975 <-> NETBIOS DCERPC DIRECT qmcomm bind attempt (netbios.rules) 12976 <-> NETBIOS DCERPC DIRECT qmcomm little endian bind attempt (netbios.rules) 12977 <-> NETBIOS DCERPC DIRECT v4 qmcomm QMCreateObjectInternal overflow attempt (netbios.rules) 12978 <-> NETBIOS DCERPC DIRECT v4 qmcomm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12979 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal overflow attempt (netbios.rules) 12980 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12981 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal object call overflow attempt (netbios.rules) 12982 <-> NETBIOS DCERPC DIRECT qmcomm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules) 12983 <-> EXPLOIT DirectX SAMI file CRawParser attempted buffer overflow attempt (exploit.rules) Updated rules: 4167 <-> WEB-CLIENT MSN Heartbeat ActiveX clsid access (web-client.rules) 12006 <-> VOIP-SIP Outbound INVITE Message (voip.rules) 12393 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid access (web-client.rules) 12394 <-> WEB-CLIENT Intuit QuickBooks Online Edition 1 ActiveX clsid unicode access (web-client.rules) 12395 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid access (web-client.rules) 12396 <-> WEB-CLIENT Intuit QuickBooks Online Edition 2 ActiveX clsid unicode access (web-client.rules) 12397 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid access (web-client.rules) 12398 <-> WEB-CLIENT Intuit QuickBooks Online Edition 3 ActiveX clsid unicode access (web-client.rules) 12399 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid access (web-client.rules) 12400 <-> WEB-CLIENT Intuit QuickBooks Online Edition 4 ActiveX clsid unicode access (web-client.rules) 12401 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid access (web-client.rules) 12402 <-> WEB-CLIENT Intuit QuickBooks Online Edition 5 ActiveX clsid unicode access (web-client.rules) 12403 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid access (web-client.rules) 12404 <-> WEB-CLIENT Intuit QuickBooks Online Edition 6 ActiveX clsid unicode access (web-client.rules) 12405 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid access (web-client.rules) 12406 <-> WEB-CLIENT Intuit QuickBooks Online Edition 7 ActiveX clsid unicode access (web-client.rules) 12407 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid access (web-client.rules) 12408 <-> WEB-CLIENT Intuit QuickBooks Online Edition 8 ActiveX clsid unicode access (web-client.rules) 12409 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid access (web-client.rules) 12410 <-> WEB-CLIENT Intuit QuickBooks Online Edition 9 ActiveX clsid unicode access (web-client.rules) 12411 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid access (web-client.rules) 12412 <-> WEB-CLIENT Intuit QuickBooks Online Edition 10 ActiveX clsid unicode access (web-client.rules) 12762 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX clsid access (web-client.rules) 12763 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX clsid unicode access (web-client.rules) 12764 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX function call access (web-client.rules) 12765 <-> WEB-CLIENT Yahoo Toolbar Helper Class ActiveX function call unicode access (web-client.rules) 12766 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX clsid access (web-client.rules) 12767 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX clsid unicode access (web-client.rules) 12768 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX function call access (web-client.rules) 12769 <-> WEB-CLIENT RealPlayer RMOC3260.DLL ActiveX function call unicode access (web-client.rules) 12770 <-> SPECIFIC-THREATS obfuscated RDS.Dataspace ActiveX exploit attempt (specific-threats.rules) 12771 <-> SPECIFIC-THREATS obfuscated BaoFeng Storm MPS.dll ActiveX exploit attempt (specific-threats.rules) 12772 <-> SPECIFIC-THREATS obfuscated PPStream PowerPlayer ActiveX exploit attempt (specific-threats.rules) 12773 <-> SPECIFIC-THREATS obfuscated Xunlei Thunder PPLAYER.DLL ActiveX exploit attempt (specific-threats.rules) 12774 <-> SPECIFIC-THREATS obfuscated GlobalLink ConnectAndEnterRoom ActiveX exploit attempt (specific-threats.rules) 12775 <-> SPECIFIC-THREATS obfuscated RealPlayer Ierpplug.dll ActiveX exploit attempt (specific-threats.rules)
