Sourcefire VRT Rules Update
Date: 2008-10-06
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.8.
The format of the file is:
sid - Message (rule group)
New rules: 14615 <-> EXPLOIT Sun Java web console format string attempt (exploit.rules) 14616 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules) 14617 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules) 14618 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat object call overflow attempt (netbios.rules) 14619 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat object call overflow attempt (netbios.rules) 14620 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian object call overflow attempt (netbios.rules) 14621 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat little endian object call overflow attempt (netbios.rules) 14622 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules) 14623 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMCreateObjectInternal overflow attempt (netbios.rules) 14624 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules) 14625 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules) 14626 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal object call overflow attempt (netbios.rules) 14627 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal object call overflow attempt (netbios.rules) Updated rules: 103 <-> DELETED BACKDOOR subseven 22 (deleted.rules) 107 <-> DELETED BACKDOOR subseven DEFCON8 2.1 acces s (deleted.rules) 503 <-> DELETED MISC Source Port 20 to <1024 (deleted.rules) 504 <-> DELETED MISC source port 53 to <1024 (deleted.rules) 1991 <-> CHAT MSN login attempt (chat.rules) 2523 <-> DOS BGP spoofed connection reset attempt (dos.rules) 3554 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian alter context attempt (netbios.rules) 3555 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian alter context attempt (netbios.rules) 3556 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm alter context attempt (netbios.rules) 3557 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm alter context attempt (netbios.rules) 3558 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian bind attempt (netbios.rules) 3559 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian bind attempt (netbios.rules) 3560 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm bind attempt (netbios.rules) 3561 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm bind attempt (netbios.rules) 3590 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3591 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3592 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules) 3593 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (netbios.rules) 3594 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3595 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMDeleteObject overflow attempt (netbios.rules) 3596 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject little endian overflow attempt (netbios.rules) 3597 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject overflow attempt (netbios.rules) 3598 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject object call overflow attempt (netbios.rules) 3599 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject object call overflow attempt (netbios.rules) 3600 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject little endian object call overflow attempt (netbios.rules) 3601 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject little endian object call overflow attempt (netbios.rules) 5742 <-> SPYWARE-PUT Keylogger activitylogger runtime detection (spyware-put.rules) 5744 <-> SPYWARE-PUT Hijacker actualnames runtime detection - online.php request (spyware-put.rules) 5749 <-> SPYWARE-PUT Trackware alexa runtime detection (spyware-put.rules) 5750 <-> SPYWARE-PUT Adware dogpile runtime detection (spyware-put.rules) 5760 <-> SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules) 5764 <-> SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules) 5765 <-> SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules) 5767 <-> SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules) 5773 <-> SPYWARE-PUT Adware forbes runtime detection (spyware-put.rules) 5774 <-> SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules) 5775 <-> SPYWARE-PUT Hijacker freescratch runtime detection - scratch card (spyware-put.rules) 5776 <-> SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules) 5794 <-> SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules) 5796 <-> SPYWARE-PUT Adware keenvalue runtime detection (spyware-put.rules) 5797 <-> POLICY kontiki runtime detection (policy.rules) 5801 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (spyware-put.rules) 5802 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules) 5803 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (spyware-put.rules) 5805 <-> SPYWARE-PUT Trackware myway speedbar runtime detection - switch engines (spyware-put.rules) 5807 <-> SPYWARE-PUT Hijacker shopathomeselect runtime detection (spyware-put.rules) 5824 <-> SPYWARE-PUT Dialer stripplayer runtime detection (spyware-put.rules) 5825 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules) 5828 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules) 5829 <-> SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules) 5830 <-> SPYWARE-PUT Hijacker comet systems runtime detection - track activity (spyware-put.rules) 5831 <-> SPYWARE-PUT Hijacker comet systems runtime detection - update requests (spyware-put.rules) 5832 <-> SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (spyware-put.rules) 5835 <-> SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules) 5836 <-> SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules) 5837 <-> SPYWARE-PUT Trackware ucmore runtime detection - track activity (spyware-put.rules) 5838 <-> SPYWARE-PUT Trackware ucmore runtime detection - get sponsor/ad links (spyware-put.rules) 5841 <-> SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules) 5842 <-> SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules) 5846 <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules) 5852 <-> SPYWARE-PUT Adware warez_p2p runtime detection - cache.dat request (spyware-put.rules) 5853 <-> SPYWARE-PUT Adware warez_p2p runtime detection - download ads (spyware-put.rules) 5858 <-> SPYWARE-PUT Adware praizetoolbar runtime detection (spyware-put.rules) 5865 <-> SPYWARE-PUT Adware zapspot runtime detection - pop up ads (spyware-put.rules) 5866 <-> SPYWARE-PUT Hijacker couponbar runtime detection - download new coupon offers and links (spyware-put.rules) 5867 <-> SPYWARE-PUT Hijacker couponbar runtime detection - get updates to toolbar buttons (spyware-put.rules) 5871 <-> SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules) 5879 <-> SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (spyware-put.rules) 5881 <-> SPYWARE-PUT Keylogger spyagent runtime detect - ftp delivery (spyware-put.rules) 5889 <-> SPYWARE-PUT Hijacker shopnav runtime detection - collect information (spyware-put.rules) 5890 <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules) 5891 <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 2 (spyware-put.rules) 5896 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules) 5897 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules) 5899 <-> SPYWARE-PUT Trackware adtools-screenmate runtime detection - generate desktop alert (spyware-put.rules) 5903 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - get ads (spyware-put.rules) 5910 <-> SPYWARE-PUT Trackware casalemedia runtime detection (spyware-put.rules) 5914 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - configuration download (spyware-put.rules) 5915 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - autosearch hijack (spyware-put.rules) 5916 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - sidebar search (spyware-put.rules) 5917 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - toolbar search (spyware-put.rules) 5918 <-> SPYWARE-PUT Hijacker painter runtime detection - ping 'alive' signal (spyware-put.rules) 5921 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules) 5922 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules) 5925 <-> SPYWARE-PUT Adware active shopper runtime detection - check (spyware-put.rules) 5926 <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules) 5927 <-> SPYWARE-PUT Adware cashbar runtime detection - .smx requests (spyware-put.rules) 5928 <-> SPYWARE-PUT Adware cashbar runtime detection - ads request (spyware-put.rules) 5929 <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 1 (spyware-put.rules) 5930 <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 (spyware-put.rules) 5932 <-> SPYWARE-PUT Adware cashbar runtime detection - stats track (spyware-put.rules) 5939 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - get cfg (spyware-put.rules) 5940 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - search request (spyware-put.rules) 5942 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - pass information to its controlling server (spyware-put.rules) 5943 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - third party information collection (spyware-put.rules) 5944 <-> SPYWARE-PUT Adware free access bar runtime detection 1 (spyware-put.rules) 5945 <-> SPYWARE-PUT Adware weirdontheweb runtime detection - track.cgi request (spyware-put.rules) 5946 <-> SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules) 5949 <-> SPYWARE-PUT Trackware iggsey toolbar detection - simpleticker.htm request (spyware-put.rules) 5950 <-> SPYWARE-PUT Trackware iggsey toolbar detection - pass information to server (spyware-put.rules) 5951 <-> SPYWARE-PUT Trackware iggsey toolbar detection - search request (spyware-put.rules) 5954 <-> SPYWARE-PUT Trackware browserpal runtime detection - post user info to server (spyware-put.rules) 5961 <-> SPYWARE-PUT Hijacker searchfast detection - news ticker (spyware-put.rules) 5966 <-> SPYWARE-PUT trackware searchinweb detection - search request (spyware-put.rules) 5970 <-> SPYWARE-PUT hijacker smart finder detection - keys update (spyware-put.rules) 5971 <-> SPYWARE-PUT hijacker smart finder detection - track hits (spyware-put.rules) 5973 <-> SPYWARE-PUT hijacker smart finder detection - search engines hijack (spyware-put.rules) 5974 <-> SPYWARE-PUT hijacker smart finder detection - pop-up ads (spyware-put.rules) 5975 <-> SPYWARE-PUT hijacker topfive searchassistant detection - search request (spyware-put.rules) 5976 <-> SPYWARE-PUT hijacker topfive searchassistant detection - side search (spyware-put.rules) 5977 <-> SPYWARE-PUT hijacker topfive searchassistant detection - post user information to server (spyware-put.rules) 5978 <-> SPYWARE-PUT hijacker topfive searchassistant detection - update (spyware-put.rules) 5979 <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - track user ip address (spyware-put.rules) 5980 <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - display advertisement (spyware-put.rules) 5981 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules) 5982 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules) 5983 <-> SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules) 5986 <-> SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules) 5987 <-> SPYWARE-PUT Hijacker wishbone runtime detection (spyware-put.rules) 5988 <-> SPYWARE-PUT Trackware windupdates-mediagateway runtime detection - post data (spyware-put.rules) 5989 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules) 5990 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules) 5992 <-> SPYWARE-PUT Hijacker getmirar runtime detection - get keyword-related content (spyware-put.rules) 5993 <-> SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules) 5994 <-> SPYWARE-PUT Hijacker getmirar runtime detection - click related button (spyware-put.rules) 5995 <-> SPYWARE-PUT Adware offeragent runtime detection - information checking (spyware-put.rules) 5996 <-> SPYWARE-PUT Adware offeragent runtime detection - ads request (spyware-put.rules) 6107 <-> BACKDOOR backage 3.1 runtime detection (backdoor.rules) 6122 <-> BACKDOOR millenium v1.0 runtime detection (backdoor.rules) 6127 <-> BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules) 6128 <-> BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (backdoor.rules) 6146 <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (backdoor.rules) 6174 <-> BACKDOOR cookie monster 0.24 runtime detection - file explorer (backdoor.rules) 6176 <-> BACKDOOR guptachar 2.0 runtime detection (backdoor.rules) 6189 <-> SPYWARE-PUT Trackware try2find detection (spyware-put.rules) 6191 <-> SPYWARE-PUT Trackware onetoolbar runtime detection (spyware-put.rules) 6192 <-> SPYWARE-PUT Adware seekmo runtime detection - reporting keyword (spyware-put.rules) 6196 <-> SPYWARE-PUT Hijacker smart shopper runtime detection - services requests (spyware-put.rules) 6197 <-> SPYWARE-PUT Hijacker smart shopper runtime detection - track/upgrade/report activities (spyware-put.rules) 6198 <-> SPYWARE-PUT Trackware squaretrade side bar runtime detection - collect user information (spyware-put.rules) 6199 <-> SPYWARE-PUT Hijacker smart search runtime detection - hijack/ads (spyware-put.rules) 6200 <-> SPYWARE-PUT Hijacker smart search runtime detection - get settings (spyware-put.rules) 6203 <-> SPYWARE-PUT Trickler farmmext runtime detection - drk.syn request (spyware-put.rules) 6206 <-> SPYWARE-PUT Hacker-Tool sin stealer 1.1 runtime detection (spyware-put.rules) 6207 <-> SPYWARE-PUT Keylogger winsession runtime detection - smtp (spyware-put.rules) 6208 <-> SPYWARE-PUT Keylogger winsession runtime detection - ftp (spyware-put.rules) 6209 <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules) 6212 <-> SPYWARE-PUT Adware commonname runtime detection (spyware-put.rules) 6213 <-> SPYWARE-PUT Hijacker 7fasst runtime detection - auto requests (spyware-put.rules) 6219 <-> SPYWARE-PUT Adware bonzibuddy runtime detection (spyware-put.rules) 6220 <-> SPYWARE-PUT Keylogger boss everyware runtime detection (spyware-put.rules) 6222 <-> SPYWARE-PUT Adware delfin media viewer runtime detection - contact server (spyware-put.rules) 6223 <-> SPYWARE-PUT Adware delfin media viewer runtime detection - retrieve schedule (spyware-put.rules) 6225 <-> SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - getsize request (spyware-put.rules) 6228 <-> SPYWARE-PUT Adware exact.bargainbuddy runtime detection - disclaimer text (spyware-put.rules) 6232 <-> SPYWARE-PUT Adware mirar runtime detection - thumbnail (spyware-put.rules) 6233 <-> SPYWARE-PUT Adware mirar runtime detection - delayed (spyware-put.rules) 6237 <-> SPYWARE-PUT Adware lop runtime detection - check update request (spyware-put.rules) 6239 <-> SPYWARE-PUT Adware lop runtime detection - collect info request 2 (spyware-put.rules) 6241 <-> SPYWARE-PUT Adware lop runtime detection - ie autosearch hijack (spyware-put.rules) 6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules) 6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules) 6252 <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - search request (spyware-put.rules) 6254 <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - redirect (spyware-put.rules) 6270 <-> SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules) 6271 <-> SPYWARE-PUT Trickler bundleware runtime detection (spyware-put.rules) 6275 <-> SPYWARE-PUT Hijacker incredifind runtime detection - cookie (spyware-put.rules) 6281 <-> SPYWARE-PUT Hijacker yoursitebar runtime detection (spyware-put.rules) 6282 <-> SPYWARE-PUT Hijacker customtoolbar runtime detection (spyware-put.rules) 6290 <-> BACKDOOR netspy runtime detection - command pattern server-to-client (backdoor.rules) 6321 <-> BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (backdoor.rules) 6322 <-> BACKDOOR ptakks2.1 runtime detection - command pattern (backdoor.rules) 6324 <-> BACKDOOR 3xBackdoor runtime detection (backdoor.rules) 6336 <-> BACKDOOR buttman v0.9p runtime detection - remote control (backdoor.rules) 6341 <-> SPYWARE-PUT Hijacker spediabar user-agent string detected (spyware-put.rules) 6342 <-> SPYWARE-PUT Hijacker spediabar runtime detection - info check (spyware-put.rules) 6343 <-> SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules) 6358 <-> SPYWARE-PUT Hijacker need2find search query detection (spyware-put.rules) 6359 <-> SPYWARE-PUT Adware altnet runtime detection - initial retrieval (spyware-put.rules) 6360 <-> SPYWARE-PUT Adware altnet runtime detection - update (spyware-put.rules) 6361 <-> SPYWARE-PUT Adware altnet runtime detection - status report (spyware-put.rules) 6363 <-> SPYWARE-PUT adware surfaccuracy runtime detection (spyware-put.rules) 6364 <-> SPYWARE-PUT Hijacker imeshbar runtime detection (spyware-put.rules) 6365 <-> SPYWARE-PUT Other-Technologies sony rootkit runtime detection (spyware-put.rules) 6372 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get wsliveup.dat (spyware-put.rules) 6373 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - stbarpat.dat (spyware-put.rules) 6374 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (spyware-put.rules) 6377 <-> SPYWARE-PUT Hijacker girafa toolbar - browser hijack (spyware-put.rules) 6384 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (spyware-put.rules) 6385 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (spyware-put.rules) 6386 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent up notification (spyware-put.rules) 6398 <-> BACKDOOR http rat runtime detection - http (backdoor.rules) 6467 <-> CHAT jabber traffic detected (chat.rules) 6477 <-> SPYWARE-PUT Hacker-Tool beee runtime detection - smtp (spyware-put.rules) 6478 <-> SPYWARE-PUT Trackware searchingall toolbar runtime detection - send user url request (spyware-put.rules) 6480 <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - home page (spyware-put.rules) 6481 <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - search (spyware-put.rules) 6482 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - get info (spyware-put.rules) 6483 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - home page hijacker (spyware-put.rules) 6484 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - search (spyware-put.rules) 6487 <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - check updates (spyware-put.rules) 6488 <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - redirect mistyped urls (spyware-put.rules) 6489 <-> SPYWARE-PUT Hijacker analyze IE runtime detection - default page hijacker (spyware-put.rules) 6490 <-> SPYWARE-PUT Dialer yeaknet runtime detection - home page hijacker (spyware-put.rules) 6494 <-> SPYWARE-PUT Adware yourenhancement runtime detection (spyware-put.rules) 6496 <-> SPYWARE-PUT Adware adpowerzone runtime detection (spyware-put.rules) 7050 <-> SPYWARE-PUT Hijacker freecruise toolbar runtime detection (spyware-put.rules) 7055 <-> SPYWARE-PUT Hijacker vip01 biz runtime detection - adv (spyware-put.rules) 7068 <-> BACKDOOR delta source 0.5 beta runtime detection - ping (backdoor.rules) 7069 <-> BACKDOOR delta source 0.5 beta runtime detection - pc info (backdoor.rules) 7074 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules) 7118 <-> BACKDOOR y3k 1.2 runtime detection - user-agent string detected (backdoor.rules) 7138 <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - version check (spyware-put.rules) 7139 <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - fake search query (spyware-put.rules) 7140 <-> SPYWARE-PUT Adware pay-per-click runtime detection - configuration (spyware-put.rules) 7141 <-> SPYWARE-PUT Adware pay-per-click runtime detection - update (spyware-put.rules) 7142 <-> SPYWARE-PUT Adware ares flash downloader 2.04 runtime detection (spyware-put.rules) 7143 <-> SPYWARE-PUT Adware digink.com runtime detection (spyware-put.rules) 7144 <-> SPYWARE-PUT Hijacker cool search runtime detection (spyware-put.rules) 7154 <-> SPYWARE-PUT Keylogger active keylogger home runtime detection (spyware-put.rules) 7169 <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange (spyware-put.rules) 7177 <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info send through email (spyware-put.rules) 7180 <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules) 7185 <-> SPYWARE-PUT Keylogger 007 spy software runtime detection - ftp (spyware-put.rules) 7190 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - host retrieval (spyware-put.rules) 7191 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (spyware-put.rules) 7192 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (spyware-put.rules) 7193 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - startup access (spyware-put.rules) 7194 <-> SPYWARE-PUT Hijacker shopprreports runtime detection - services requests (spyware-put.rules) 7195 <-> SPYWARE-PUT Hijacker shopprreports runtime detection - track/upgrade/report activities (spyware-put.rules) 7504 <-> SPYWARE-PUT Keylogger actualspy runtime detection - ftp-data (spyware-put.rules) 7505 <-> SPYWARE-PUT Keylogger actualspy runtime detection - smtp (spyware-put.rules) 7511 <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules) 7514 <-> SPYWARE-PUT Keylogger watchdog runtime detection - send out info to server periodically (spyware-put.rules) 7515 <-> SPYWARE-PUT Keylogger watchdog runtime detection - remote monitoring (spyware-put.rules) 7516 <-> SPYWARE-PUT Trickler hmtoolbar runtime detection (spyware-put.rules) 7518 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - get up-to-date news info (spyware-put.rules) 7522 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 2 (spyware-put.rules) 7523 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - click news button links (spyware-put.rules) 7524 <-> SPYWARE-PUT Hijacker moneybar runtime detection - cgispy counter (spyware-put.rules) 7525 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - barad.asp request (spyware-put.rules) 7526 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - stat counter (spyware-put.rules) 7527 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - toolbar find function (spyware-put.rules) 7529 <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules) 7531 <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - login (spyware-put.rules) 7532 <-> SPYWARE-PUT Adware piolet runtime detection - user-agent (spyware-put.rules) 7533 <-> SPYWARE-PUT Adware piolet runtime detection - ads request (spyware-put.rules) 7534 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - ie hijacking (spyware-put.rules) 7535 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules) 7537 <-> SPYWARE-PUT Trackware arrow search runtime detection (spyware-put.rules) 7539 <-> SPYWARE-PUT Keylogger eye spy pro 1.0 runtime detection (spyware-put.rules) 7547 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent status monitoring (spyware-put.rules) 7548 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent up notification (spyware-put.rules) 7549 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection (spyware-put.rules) 7550 <-> SPYWARE-PUT Adware adroar runtime detection (spyware-put.rules) 7551 <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - smtp (spyware-put.rules) 7552 <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - ftp (spyware-put.rules) 7557 <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules) 7558 <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules) 7559 <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules) 7562 <-> SPYWARE-PUT Adware morpheus runtime detection - ad 1 (spyware-put.rules) 7563 <-> SPYWARE-PUT Adware morpheus runtime detection - ad 2 (spyware-put.rules) 7567 <-> SPYWARE-PUT Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (spyware-put.rules) 7569 <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules) 7570 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules) 7571 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - toolbar search (spyware-put.rules) 7572 <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules) 7573 <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules) 7575 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - weather request (spyware-put.rules) 7576 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - hijack ie browser (spyware-put.rules) 7581 <-> SPYWARE-PUT Hijacker flashbar runtime detection - user-agent (spyware-put.rules) 7582 <-> SPYWARE-PUT Trickler pcast runtime detection - update checking (spyware-put.rules) 7587 <-> SPYWARE-PUT Trickler urlblaze runtime detection - software information request (spyware-put.rules) 7589 <-> SPYWARE-PUT Trickler urlblaze runtime detection - irc notification (spyware-put.rules) 7593 <-> SPYWARE-PUT Trackware trellian toolbarbrowser runtime detection (spyware-put.rules) 7594 <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules) 7597 <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection (spyware-put.rules) 7603 <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver (spyware-put.rules) 7613 <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules) 7615 <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules) 7624 <-> BACKDOOR remote control 1.7 runtime detection - data communication (backdoor.rules) 7642 <-> BACKDOOR am remote client runtime detection - server-to-client (backdoor.rules) 7646 <-> BACKDOOR snipernet 2.1 runtime detection (backdoor.rules) 7647 <-> BACKDOOR minicom lite runtime detection - udp (backdoor.rules) 7649 <-> BACKDOOR minicom lite runtime detection - server-to-client (backdoor.rules) 7655 <-> BACKDOOR small uploader 1.01 runtime detection - remote shell (backdoor.rules) 7669 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (backdoor.rules) 7706 <-> BACKDOOR omniquad instant remote control runtime detection - initial connection (backdoor.rules) 7711 <-> BACKDOOR amitis runtime command detection attacker to victim (backdoor.rules) 7712 <-> BACKDOOR amitis runtime detection victim to attacker (backdoor.rules) 7727 <-> BACKDOOR reversable ver1.0 runtime detection - execute command (backdoor.rules) 7732 <-> BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (backdoor.rules) 7739 <-> BACKDOOR alexmessomalex runtime detection - grab (backdoor.rules) 7758 <-> BACKDOOR glacier runtime detection - initial connection and directory browse (backdoor.rules) 7759 <-> BACKDOOR glacier runtime detection - screen capture (backdoor.rules) 7760 <-> BACKDOOR netthief runtime detection (backdoor.rules) 7801 <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules) 7802 <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules) 7822 <-> BACKDOOR xbkdr runtime detection (backdoor.rules) 7827 <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules) 7828 <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules) 7829 <-> SPYWARE-PUT Adware gator user-agent detected (spyware-put.rules) 7832 <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - active/update (spyware-put.rules) 7835 <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules) 7837 <-> SPYWARE-PUT Keylogger spyoutside runtime detection - email delivery (spyware-put.rules) 7839 <-> SPYWARE-PUT Hijacker rx toolbar runtime detection (spyware-put.rules) 7848 <-> SPYWARE-PUT Hijacker netguide runtime detection (spyware-put.rules) 7856 <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules) 8071 <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - search hijack (spyware-put.rules) 8072 <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - surf monitor (spyware-put.rules) 8073 <-> SPYWARE-PUT Adware zango toolbar runtime detection (spyware-put.rules) 8358 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - addressbar keyword search hijack (spyware-put.rules) 8359 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - target website display (spyware-put.rules) 8360 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules) 8464 <-> SPYWARE-PUT Adware henbang runtime detection (spyware-put.rules) 8467 <-> SPYWARE-PUT Keylogger netobserve runtime detection - remote login response (spyware-put.rules) 8468 <-> SPYWARE-PUT Hijacker accoona runtime detection - collect info (spyware-put.rules) 8542 <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - collect info (spyware-put.rules) 8544 <-> SPYWARE-PUT Keylogger nicespy runtime detection - smtp (spyware-put.rules) 8545 <-> SPYWARE-PUT Adware roogoo runtime detection - surfing monitor (spyware-put.rules) 8549 <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules) 9327 <-> SPECIFIC-THREATS netsky.af smtp propagation detection (specific-threats.rules) 9329 <-> SPECIFIC-THREATS yarner.b smtp propagation detection (specific-threats.rules) 9330 <-> SPECIFIC-THREATS mydoom.e smtp propagation detection (specific-threats.rules) 9331 <-> SPECIFIC-THREATS mydoom.m smtp propagation detection (specific-threats.rules) 9332 <-> SPECIFIC-THREATS mimail.a smtp propagation detection (specific-threats.rules) 9333 <-> SPECIFIC-THREATS mimail.e smtp propagation detection (specific-threats.rules) 9336 <-> SPECIFIC-THREATS netsky.t smtp propagation detection (specific-threats.rules) 9337 <-> SPECIFIC-THREATS netsky.x smtp propagation detection (specific-threats.rules) 9338 <-> SPECIFIC-THREATS mydoom.i smtp propagation detection (specific-threats.rules) 9339 <-> SPECIFIC-THREATS klez.g web propagation detection (specific-threats.rules) 9340 <-> SPECIFIC-THREATS klez.i web propagation detection (specific-threats.rules) 9342 <-> SPECIFIC-THREATS paroc.a smtp propagation detection (specific-threats.rules) 9345 <-> SPECIFIC-THREATS kipis.a smtp propagation detection (specific-threats.rules) 9351 <-> SPECIFIC-THREATS lovgate.a netshare propagation detection (specific-threats.rules) 9352 <-> SPECIFIC-THREATS lovgate.a smtp propagation detection (specific-threats.rules) 9354 <-> SPECIFIC-THREATS deborm.y netshare propagation detection (specific-threats.rules) 9355 <-> SPECIFIC-THREATS deborm.u netshare propagation detection (specific-threats.rules) 9361 <-> SPECIFIC-THREATS mimail.l smtp propagation detection (specific-threats.rules) 9365 <-> SPECIFIC-THREATS cult.c smtp propagation detection (specific-threats.rules) 9366 <-> SPECIFIC-THREATS mimail.s smtp propagation detection (specific-threats.rules) 9372 <-> SPECIFIC-THREATS blebla.a smtp propagation detection (specific-threats.rules) 9373 <-> SPECIFIC-THREATS clepa smtp propagation detection (specific-threats.rules) 9374 <-> SPECIFIC-THREATS creepy.b smtp propagation detection (specific-threats.rules) 9375 <-> SPECIFIC-THREATS duksten.c smtp propagation detection (specific-threats.rules) 9377 <-> SPECIFIC-THREATS mydoom.g smtp propagation detection (specific-threats.rules) 9380 <-> SPECIFIC-THREATS jitux msn messenger propagation detection (specific-threats.rules) 9383 <-> SPECIFIC-THREATS netsky.y smtp propagation detection (specific-threats.rules) 9386 <-> SPECIFIC-THREATS bagle.f smtp propagation detection (specific-threats.rules) 9387 <-> SPECIFIC-THREATS klez.j web propagation detection (specific-threats.rules) 9389 <-> SPECIFIC-THREATS bagle.i smtp propagation detection (specific-threats.rules) 9390 <-> SPECIFIC-THREATS deborm.d netshare propagation detection (specific-threats.rules) 9392 <-> SPECIFIC-THREATS bagle.j smtp propagation detection (specific-threats.rules) 9393 <-> SPECIFIC-THREATS bagle.k smtp propagation detection (specific-threats.rules) 9397 <-> SPECIFIC-THREATS neysid smtp propagation detection (specific-threats.rules) 9400 <-> SPECIFIC-THREATS abotus smtp propagation detection (specific-threats.rules) 9403 <-> SPECIFIC-THREATS netsky.aa smtp propagation detection (specific-threats.rules) 9404 <-> SPECIFIC-THREATS netsky.ac smtp propagation detection (specific-threats.rules) 9405 <-> SPECIFIC-THREATS netsky.af smtp propagation detection (specific-threats.rules) 9407 <-> SPECIFIC-THREATS lovgate.b netshare propagation detection (specific-threats.rules) 9408 <-> SPECIFIC-THREATS lacrow smtp propagation detection (specific-threats.rules) 9413 <-> SPECIFIC-THREATS ganda smtp propagation detection (specific-threats.rules) 9417 <-> SPECIFIC-THREATS bagle.a smtp propagation detection (specific-threats.rules) 9418 <-> SPECIFIC-THREATS bagle.a http notification detection (specific-threats.rules) 9425 <-> SPECIFIC-THREATS netsky attachment (specific-threats.rules) 9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules) 9644 <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules) 9648 <-> SPYWARE-PUT Keylogger emailspypro runtime detection (spyware-put.rules) 9650 <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection (spyware-put.rules) 9652 <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules) 9655 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules) 9657 <-> BACKDOOR bersek 1.0 runtime detection - init connection (backdoor.rules) 9663 <-> BACKDOOR bersek 1.0 runtime detection - start remote shell (backdoor.rules) 9667 <-> BACKDOOR superra runtime detection - issue remote control command (backdoor.rules) 9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules) 9829 <-> SPYWARE-PUT Trackware relevantknowledge runtime detection (spyware-put.rules) 9830 <-> SPYWARE-PUT Keylogger supreme spy runtime detection (spyware-put.rules) 9839 <-> BACKDOOR sun shadow 1.70 runtime detection - keep alive (backdoor.rules) 10088 <-> SPYWARE-PUT Keylogger beyond Keylogger runtime detection - log sent by smtp (spyware-put.rules) 10089 <-> SPYWARE-PUT Keylogger beyond Keylogger runtime detection - log sent by ftp (spyware-put.rules) 10091 <-> SPYWARE-PUT Hacker-Tool spylply.a runtime detection (spyware-put.rules) 10092 <-> SPYWARE-PUT Trackware russian searchbar runtime detection (spyware-put.rules) 10094 <-> SPYWARE-PUT Adware borlan runtime detection (spyware-put.rules) 10095 <-> SPYWARE-PUT Trackware bydou runtime detection (spyware-put.rules) 10096 <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection - keylog (spyware-put.rules) 10107 <-> BACKDOOR icmp cmd 1.0 runtime detection - pslist (backdoor.rules) 10108 <-> BACKDOOR icmp cmd 1.0 runtime detection - pskill (backdoor.rules) 10113 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules) 10114 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules) 10123 <-> SPECIFIC-THREATS PA168 chipset based IP phone default password attempt (specific-threats.rules) 10124 <-> SPECIFIC-THREATS PA168 chipset based IP phone authentication bypass (specific-threats.rules) 10164 <-> SPYWARE-PUT Adware adclicker-ej runtime detection (spyware-put.rules) 10166 <-> SPYWARE-PUT Trackware baigoo runtime detection (spyware-put.rules) 10168 <-> BACKDOOR one runtime detection (backdoor.rules) 10169 <-> BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (backdoor.rules) 10179 <-> SPYWARE-PUT Trackware bysoo runtime detection (spyware-put.rules) 10180 <-> SPYWARE-PUT Adware eqiso runtime detection (spyware-put.rules) 10181 <-> SPYWARE-PUT Keylogger systemsleuth runtime detection (spyware-put.rules) 10182 <-> SPYWARE-PUT Adware newweb runtime detection (spyware-put.rules) 10183 <-> SPYWARE-PUT Keylogger activity Keylogger runtime detection (spyware-put.rules) 10184 <-> BACKDOOR wow 23 runtime detection (backdoor.rules) 10185 <-> BACKDOOR x-door runtime detection (backdoor.rules) 10438 <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules) 10440 <-> SPYWARE-PUT Keylogger pc black box runtime detection (spyware-put.rules) 10441 <-> SPYWARE-PUT Hacker-Tool statwin runtime detection (spyware-put.rules) 10443 <-> BACKDOOR acidbattery 1.0 runtime detection - sniff info (backdoor.rules) 10446 <-> BACKDOOR acidbattery 1.0 runtime detection - get server info (backdoor.rules) 10447 <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules) 10451 <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules) 10452 <-> BACKDOOR only 1 rat runtime detection - icmp request (backdoor.rules) 11306 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules) 11307 <-> SPYWARE-PUT Keylogger computer monitor Keylogger runtime detection (spyware-put.rules) 11311 <-> SPYWARE-PUT Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (spyware-put.rules) 11312 <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules) 11317 <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules) 12973 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm alter context attempt (deleted.rules) 12974 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm little endian alter context attempt (deleted.rules) 12975 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm bind attempt (deleted.rules) 12976 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm little endian bind attempt (deleted.rules) 12977 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12978 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12979 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12980 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal overflow attempt (netbios.rules) 12981 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules) 12982 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (netbios.rules) 13210 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules) 13211 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules) 13212 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules) 13213 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules) 13214 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules) 13215 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules)
