Sourcefire VRT Rules Update

Date: 2012-08-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24032 <-> DISABLED <-> BLACKLIST DNS request for known malware domain lolcantpwnme.net - W32.DorkBot-S (blacklist.rules)
 * 1:24038 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24031 <-> DISABLED <-> BLACKLIST DNS request for known malware domain api.wipmania.com - Troj.Dorkbot-AO (blacklist.rules)
 * 1:24037 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24028 <-> ENABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24026 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24027 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24035 <-> DISABLED <-> BOTNET-CNC Downloader.Inject runtime detection - initial connection (botnet-cnc.rules)
 * 1:24010 <-> DISABLED <-> BOTNET-CNC runtime Trojan.Radil outbound connection attempt (botnet-cnc.rules)
 * 1:24006 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code execution attempt (file-office.rules)
 * 1:24000 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24018 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - hello.icon.pk (blacklist.rules)
 * 1:23979 <-> ENABLED <-> EXPLOIT HP Data Protector Express stack buffer overflow attempt (exploit.rules)
 * 1:23981 <-> ENABLED <-> EXPLOIT HP Data Protector Express stack buffer overflow attempt (exploit.rules)
 * 1:23992 <-> ENABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules)
 * 1:23971 <-> DISABLED <-> BOTNET-CNC W32.Trojan.Kabwak variant connect to cnc-server (botnet-cnc.rules)
 * 1:24011 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Ransomer variant connect to cnc-server (botnet-cnc.rules)
 * 1:24015 <-> ENABLED <-> BOTNET-CNC W32.Trojan.Magania variant connect to cnc-server attempt (botnet-cnc.rules)
 * 1:23982 <-> ENABLED <-> EXPLOIT HP Data Protector Express stack buffer overflow attempt (exploit.rules)
 * 1:24012 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Cbot variant outbound runtime detection - inital contact (botnet-cnc.rules)
 * 1:24005 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control access (file-office.rules)
 * 1:23989 <-> ENABLED <-> FILE-OFFICE Microsoft Office EMF image EMFPlusPointF record memory corruption attempt (file-office.rules)
 * 1:24001 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:23977 <-> DISABLED <-> BOTNET-CNC Trojan.Genome runtime update to cnc-server (botnet-cnc.rules)
 * 1:23984 <-> DISABLED <-> WEB-MISC LongTail Video JW Player XSS attempt link param (web-misc.rules)
 * 1:23998 <-> DISABLED <-> DOS DHCP discover broadcast flood attempt (dos.rules)
 * 1:24019 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ok.XXX4.net/meeting/hi.exe (blacklist.rules)
 * 1:23973 <-> DISABLED <-> BOTNET-CNC W32.Trojan.Vampols variant connect to cnc-server (botnet-cnc.rules)
 * 1:23985 <-> DISABLED <-> WEB-ACTIVEX Apple Quicktime plugin SetLanguage buffer overflow attempt (web-activex.rules)
 * 1:23972 <-> ENABLED <-> BOTNET-CNC Trojan.Zbot variant outbound connection (botnet-cnc.rules)
 * 1:24004 <-> ENABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control access (file-office.rules)
 * 1:23986 <-> DISABLED <-> WEB-ACTIVEX Apple Quicktime plugin SetLanguage buffer overflow attempt (web-activex.rules)
 * 1:23983 <-> ENABLED <-> EXPLOIT HP Data Protector Express stack buffer overflow attempt (exploit.rules)
 * 1:24017 <-> ENABLED <-> SPECIFIC-THREATS Possible malicious redirect - rebots.php (specific-threats.rules)
 * 1:24007 <-> DISABLED <-> NETBIOS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (netbios.rules)
 * 1:23990 <-> DISABLED <-> POLICY-SOCIAL Apple Messages client side certificate request attempt (policy-social.rules)
 * 1:24009 <-> DISABLED <-> BLACKLIST DNS request for known malware domain wpwp525.3322.org - Trojan-.Radil (blacklist.rules)
 * 1:23978 <-> ENABLED <-> BOTNET-CNC Trojan.Dropper connect to server attempt (botnet-cnc.rules)
 * 1:23997 <-> DISABLED <-> FILE-OTHER Adobe Flash ActionScript float index array memory corruption attempt (file-other.rules)
 * 1:23980 <-> ENABLED <-> EXPLOIT HP Data Protector Express stack buffer overflow attempt (exploit.rules)
 * 1:23988 <-> DISABLED <-> WEB-MISC ocPortal cms cross site request forgery attempt (web-misc.rules)
 * 1:24003 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:24021 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24014 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Cbot variant outbound runtime detection - inital contact (botnet-cnc.rules)
 * 1:23974 <-> DISABLED <-> WEB-PHP calendar conversion remote integer overflow attempt (web-php.rules)
 * 1:24020 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24016 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Madon variant outbound connection - initial connection (botnet-cnc.rules)
 * 1:23975 <-> DISABLED <-> WEB-PHP calendar conversion remote integer overflow attempt (web-php.rules)
 * 1:23999 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:23970 <-> ENABLED <-> INDICATOR-OBFUSCATION Malvertising redirection attempt - script (indicator-obfuscation.rules)
 * 1:23995 <-> ENABLED <-> WEB-PHP libtidy null pointer dereference attempt (web-php.rules)
 * 1:23994 <-> ENABLED <-> WEB-PHP zend_strndup null pointer dereference attempt (web-php.rules)
 * 1:24008 <-> DISABLED <-> POLICY-OTHER use of psexec remote administration tool (policy-other.rules)
 * 1:23976 <-> DISABLED <-> BOTNET-CNC Trojan.Genome initial connect to cnc-server (botnet-cnc.rules)
 * 1:23993 <-> DISABLED <-> EXPLOIT Dhcpcd packet size buffer overflow attempt (exploit.rules)
 * 1:23991 <-> DISABLED <-> POLICY-SOCIAL Apple Messages service server request attempt (policy-social.rules)
 * 1:24002 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:23987 <-> ENABLED <-> BACKDOOR Trojan.Kryptik.Kazy runtime detection (backdoor.rules)
 * 1:23996 <-> DISABLED <-> FILE-OTHER Adobe Flash ActionScript float index array memory corruption attempt (file-other.rules)
 * 1:24013 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Cbot variant outbound runtime detection - inital contact (botnet-cnc.rules)
 * 1:24022 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24036 <-> DISABLED <-> WEB-CLIENT Oracle Java privileged protection domain exploitation attempt (web-client.rules)
 * 1:24029 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules)
 * 1:24023 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24025 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24024 <-> DISABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24030 <-> ENABLED <-> EXPLOIT HP Data Protector stack buffer overflow attempt (exploit.rules)
 * 1:24033 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rewt.ru - W32.DorkBot-S (blacklist.rules)
 * 1:24034 <-> DISABLED <-> BLACKLIST DNS request for known malware domain jebena.ananikolic.su - Malware.HPsus/Palevo-B (blacklist.rules)

Modified Rules:


 * 1:16100 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - file.exe (backdoor.rules)
 * 1:16101 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - 57329.exe (backdoor.rules)
 * 1:16102 <-> DISABLED <-> BACKDOOR trojan-downloader.win32.delf.phh runtime detection - sft_ver1.1454.0.exe (backdoor.rules)
 * 1:16144 <-> ENABLED <-> BOTNET-CNC Bredolab bot contact to C&C server (botnet-cnc.rules)
 * 1:16184 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-other.rules)
 * 1:16297 <-> ENABLED <-> BOTNET-CNC Palevo bot DNS request for C&C (botnet-cnc.rules)
 * 1:16298 <-> ENABLED <-> BOTNET-CNC Palevo bot DNS request (botnet-cnc.rules)
 * 1:16299 <-> ENABLED <-> BOTNET-CNC Palevo bot DNS request (botnet-cnc.rules)
 * 1:16302 <-> ENABLED <-> BOTNET-CNC Virut DNS request for C&C (botnet-cnc.rules)
 * 1:16303 <-> ENABLED <-> BOTNET-CNC Virut DNS request (botnet-cnc.rules)
 * 1:16304 <-> ENABLED <-> BOTNET-CNC Virut DNS request (botnet-cnc.rules)
 * 1:16368 <-> ENABLED <-> BOTNET-CNC Hydraq/Aurora connection to C&C server (botnet-cnc.rules)
 * 1:16391 <-> ENABLED <-> BOTNET-CNC Gozi Trojan connection to C&C (botnet-cnc.rules)
 * 1:16459 <-> ENABLED <-> BOTNET-CNC Trojan command and control communication (botnet-cnc.rules)
 * 1:16483 <-> DISABLED <-> BOTNET-CNC Koobface worm submission of collected data to C&C server (botnet-cnc.rules)
 * 1:16484 <-> ENABLED <-> BOTNET-CNC Koobface contact to C&C server (botnet-cnc.rules)
 * 1:16485 <-> ENABLED <-> BOTNET-CNC Koobface request for captcha (botnet-cnc.rules)
 * 1:16489 <-> ENABLED <-> BOTNET-CNC Bobax botnet contact to C&C server (botnet-cnc.rules)
 * 1:16493 <-> ENABLED <-> BOTNET-CNC TT-bot botnet contact to C&C server (botnet-cnc.rules)
 * 1:16495 <-> DISABLED <-> BOTNET-CNC Rustock botnet contact to C&C server (botnet-cnc.rules)
 * 1:16526 <-> ENABLED <-> BOTNET-CNC VanBot IRC communication (botnet-cnc.rules)
 * 1:16558 <-> DISABLED <-> BOTNET-CNC SdBot IRC Trojan server to client communication (botnet-cnc.rules)
 * 1:16584 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start arbitrary command execution attempt - Internet Explorer (web-client.rules)
 * 1:16585 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start arbitrary command execution attempt (web-client.rules)
 * 1:16669 <-> ENABLED <-> BOTNET-CNC Spyeye bot contact to C&C server (botnet-cnc.rules)
 * 1:16670 <-> ENABLED <-> BOTNET-CNC Koobface worm executable download (botnet-cnc.rules)
 * 1:16693 <-> ENABLED <-> BOTNET-CNC Torpig bot sinkhole server DNS lookup (botnet-cnc.rules)
 * 1:17058 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (botnet-cnc.rules)
 * 1:17461 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer zipped skin file buffer overflow attempt (file-other.rules)
 * 1:17624 <-> ENABLED <-> FILE-OTHER Oracle Java Runtime Environment Type1 Font parsing integer overflow attempt (file-other.rules)
 * 1:17727 <-> DISABLED <-> FILE-OTHER Oracle JDK image parsing library ICC buffer overflow attempt (file-other.rules)
 * 1:17776 <-> DISABLED <-> FILE-OTHER Oracle Java HsbParser.getSoundBank stack buffer overflow attempt (file-other.rules)
 * 1:17805 <-> DISABLED <-> BOTNET-CNC Worm.Win32.Neeris.BF contact to server (botnet-cnc.rules)
 * 1:18279 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Karagany.A contact to server (botnet-cnc.rules)
 * 1:18281 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.VB.njz contact to server (botnet-cnc.rules)
 * 1:1840 <-> DISABLED <-> WEB-CLIENT Oracle Javascript document.domain attempt (web-client.rules)
 * 1:1841 <-> DISABLED <-> WEB-CLIENT Oracle Javascript URL host spoofing attempt (web-client.rules)
 * 1:18475 <-> DISABLED <-> WEB-MISC HP Openview OvWebHelp.exe buffer overflow (web-misc.rules)
 * 1:18563 <-> DISABLED <-> BOTNET-CNC Trojan.Gaboc contact to server (botnet-cnc.rules)
 * 1:18562 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.LivePcCare contact to server (botnet-cnc.rules)
 * 1:18564 <-> DISABLED <-> BOTNET-CNC RussKill botnet contact to C&C server (botnet-cnc.rules)
 * 1:18577 <-> DISABLED <-> BOTNET-CNC Trojan-Banker.Win32.Banker.agum contact to server (botnet-cnc.rules)
 * 1:18707 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.ControlCenter contact to server (botnet-cnc.rules)
 * 1:18708 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.AntivirusSoft contact to server (botnet-cnc.rules)
 * 1:18709 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.aufm contact to server (botnet-cnc.rules)
 * 1:18711 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.SecurityCentral contact to server (botnet-cnc.rules)
 * 1:18712 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.XJRAntivirus contact to server (botnet-cnc.rules)
 * 1:18715 <-> ENABLED <-> BOTNET-CNC Ozdok botnet communication with C&C server (botnet-cnc.rules)
 * 1:18717 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.QO contact to server (botnet-cnc.rules)
 * 1:18716 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.H contact to server (botnet-cnc.rules)
 * 1:18718 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.AdvancedDefender contact to server (botnet-cnc.rules)
 * 1:18719 <-> DISABLED <-> BOTNET-CNC Win32.IRCBot.CBY contact to server (botnet-cnc.rules)
 * 1:18720 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Terzib.A contact to server (botnet-cnc.rules)
 * 1:18723 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.CleanV contact to server (botnet-cnc.rules)
 * 1:18724 <-> DISABLED <-> BOTNET-CNC RogueSoftware.Win32.ZeroClean contact to server (botnet-cnc.rules)
 * 1:18739 <-> DISABLED <-> BOTNET-CNC Worm.Win32.Koobface.D contact to server (botnet-cnc.rules)
 * 1:18945 <-> DISABLED <-> BOTNET-CNC Virus.Win32.Feberr contact to server (botnet-cnc.rules)
 * 1:18985 <-> ENABLED <-> POLICY-OTHER CA ARCserve Axis2 default credential login attempt (policy-other.rules)
 * 1:19017 <-> ENABLED <-> BOTNET-CNC MacBack Trojan outbound connection (botnet-cnc.rules)
 * 1:19016 <-> ENABLED <-> BOTNET-CNC MacBack Trojan outbound connection (botnet-cnc.rules)
 * 1:19018 <-> ENABLED <-> BOTNET-CNC MacBack Trojan outbound connection (botnet-cnc.rules)
 * 1:19019 <-> ENABLED <-> BOTNET-CNC MacBack Trojan outbound connection (botnet-cnc.rules)
 * 1:19020 <-> DISABLED <-> INDICATOR-COMPROMISE Suspicious .cc dns query (indicator-compromise.rules)
 * 1:19041 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Carberp.C contact to server (botnet-cnc.rules)
 * 1:19038 <-> ENABLED <-> BOTNET-CNC Trojan.Win32.Jzzer.A contact to server (botnet-cnc.rules)
 * 1:19042 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.ACQE contact to server (botnet-cnc.rules)
 * 1:19045 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Bancos.XQ contact to server (botnet-cnc.rules)
 * 1:19050 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banbra.fxe contact to server (botnet-cnc.rules)
 * 1:19056 <-> ENABLED <-> BOTNET-CNC Trojan.Win32.QQFish contact to server (botnet-cnc.rules)
 * 1:19054 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Sisron.nelo contact to server (botnet-cnc.rules)
 * 1:19057 <-> ENABLED <-> BOTNET-CNC Trojan.Win32.QQFish contact to server (botnet-cnc.rules)
 * 1:19060 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Ponmocup.A contact to server (botnet-cnc.rules)
 * 1:19157 <-> ENABLED <-> POLICY-OTHER HP Universal CMDB server axis2 default credentials attempt (policy-other.rules)
 * 1:19477 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Krap.af contact to server (botnet-cnc.rules)
 * 1:19362 <-> DISABLED <-> BOTNET-CNC generic IRC botnet connection (botnet-cnc.rules)
 * 1:19487 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Agent.kih contact to server (botnet-cnc.rules)
 * 1:19654 <-> DISABLED <-> BOTNET-CNC Trojan-Spy.Win32.Zbot.wti contact to server (botnet-cnc.rules)
 * 1:19655 <-> DISABLED <-> BOTNET-CNC Trojan-Dropper.Agent.IK contact to server (botnet-cnc.rules)
 * 1:19699 <-> DISABLED <-> BOTNET-CNC TrojanDownloader.Win32.Korklic.A contact to server (botnet-cnc.rules)
 * 1:19711 <-> ENABLED <-> BOTNET-CNC Trojan.Jorik contact to server (botnet-cnc.rules)
 * 1:19715 <-> DISABLED <-> BOTNET-CNC Trojan.URLZone contact to server (botnet-cnc.rules)
 * 1:19718 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Agent.bkap contact to server (botnet-cnc.rules)
 * 1:19720 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Onestage.ws contact to server (botnet-cnc.rules)
 * 1:19745 <-> DISABLED <-> BACKDOOR Win32.FraudLoad.dyl runtime detection (backdoor.rules)
 * 1:19742 <-> DISABLED <-> BACKDOOR Win32.Agent.atff runtime detection (backdoor.rules)
 * 1:19746 <-> DISABLED <-> BACKDOOR Win32.Agent.biiw runtime detection (backdoor.rules)
 * 1:19749 <-> DISABLED <-> BACKDOOR Trojan.Win32.Agent.chgp contact to server (backdoor.rules)
 * 1:19750 <-> DISABLED <-> BACKDOOR PWS.Win32.Zbot.PJ contact to server (backdoor.rules)
 * 1:19751 <-> DISABLED <-> BACKDOOR Worm.Win32.Sohanad.bm contact to server (backdoor.rules)
 * 1:19752 <-> DISABLED <-> BACKDOOR Trojan.Downloader.Win32.Agent.bkwx contact to server (backdoor.rules)
 * 1:19755 <-> DISABLED <-> BACKDOOR Trojan.Win32.Alphabet contact to server (backdoor.rules)
 * 1:19757 <-> DISABLED <-> BACKDOOR Win32.Agent.bqlu contact to server (backdoor.rules)
 * 1:19758 <-> DISABLED <-> BACKDOOR Win32.Small.yw contact to server (backdoor.rules)
 * 1:19782 <-> DISABLED <-> BACKDOOR Trojan.Win32.AVKill.bc contact to server (backdoor.rules)
 * 1:19783 <-> DISABLED <-> BACKDOOR Win32.Banload.agcw runtime detection (backdoor.rules)
 * 1:1980 <-> DISABLED <-> BACKDOOR DeepThroat 3.1 Connection (backdoor.rules)
 * 1:19800 <-> DISABLED <-> BACKDOOR Win32.Pher.ij Runtime Detection (backdoor.rules)
 * 1:19801 <-> ENABLED <-> BOTNET-CNC Trojan.Tracur contact to server (botnet-cnc.rules)
 * 1:19803 <-> DISABLED <-> BACKDOOR Win32.Renos.FH contact to server (backdoor.rules)
 * 1:19802 <-> DISABLED <-> BACKDOOR Win32.Wixud.B contact to server (backdoor.rules)
 * 1:19804 <-> DISABLED <-> BACKDOOR Trojan.Win32.VB.ktq contact to server (backdoor.rules)
 * 1:19833 <-> DISABLED <-> BACKDOOR Win32.Banload.bda runtime detection (backdoor.rules)
 * 1:19861 <-> DISABLED <-> BACKDOOR Win32.Agent.cqcv contact to server attempt (backdoor.rules)
 * 1:19905 <-> DISABLED <-> BACKDOOR Win32.Small.jog runtime detection (backdoor.rules)
 * 1:19947 <-> DISABLED <-> BACKDOOR Win32.Agent.amwd outbound connection (backdoor.rules)
 * 1:19971 <-> DISABLED <-> BOTNET-CNC Win32.Mudrop.lj runtime detection (botnet-cnc.rules)
 * 1:19976 <-> DISABLED <-> BOTNET-CNC Worm.Win32.Koobface.hy runtime detection (botnet-cnc.rules)
 * 1:20055 <-> DISABLED <-> FILE-OTHER Oracle Java runtime JPEGImageReader overflow attempt (file-other.rules)
 * 1:20064 <-> DISABLED <-> BOTNET-CNC Malware Trojan.Win32.Clemag.A contact to server (botnet-cnc.rules)
 * 1:20158 <-> DISABLED <-> POLICY-OTHER Oracle GlassFish Server default credentials login attempt (policy-other.rules)
 * 1:20239 <-> DISABLED <-> WEB-CLIENT Oracle Java GIF LZW minimum code size overflow attempt (web-client.rules)
 * 1:20259 <-> DISABLED <-> FILE-OTHER Microsoft Agent Helper Malicious JAR download attempt (file-other.rules)
 * 1:20525 <-> DISABLED <-> BOTNET-CNC Trojan.Duqu contact to C&C server (botnet-cnc.rules)
 * 1:20561 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.PWSBanker.SHE contact to cnc-server (botnet-cnc.rules)
 * 1:20562 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.PWSBanker.SHE contact to cnc-server (botnet-cnc.rules)
 * 1:20569 <-> DISABLED <-> BOTNET-CNC Win32.Small.kb outbound connection (botnet-cnc.rules)
 * 1:20570 <-> DISABLED <-> BOTNET-CNC Win32.Small.kb outbound connection (botnet-cnc.rules)
 * 1:20571 <-> DISABLED <-> BOTNET-CNC Win32.Small.kb outbound connection (botnet-cnc.rules)
 * 1:23784 <-> ENABLED <-> WEB-PHP Symantec Web Gateway blocked.php id parameter sql injection attempt (web-php.rules)
 * 1:23783 <-> ENABLED <-> WEB-PHP Symantec Web Gateway pbcontrol.php filename parameter command injection attempt (web-php.rules)
 * 1:23782 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Buzus.kych connect to cnc-server (botnet-cnc.rules)
 * 1:23634 <-> DISABLED <-> BOTNET-CNC Trojan.Kegotip variant connect to cnc-server (botnet-cnc.rules)
 * 1:23780 <-> DISABLED <-> BOTNET-CNC Trojan.Begfanit.A outbound communication (botnet-cnc.rules)
 * 1:23632 <-> ENABLED <-> EXPLOIT HP Data Protector Express stack buffer overflow attempt (exploit.rules)
 * 1:23633 <-> ENABLED <-> BOTNET-CNC Trojan.Kegotip variant report to cnc-server (botnet-cnc.rules)
 * 1:23628 <-> ENABLED <-> BOTNET-CNC Trojan.Win32.Pincav variant outbound connection (botnet-cnc.rules)
 * 1:23630 <-> DISABLED <-> BOTNET-CNC Trojan.YMrelay variant connect to cnc-server (botnet-cnc.rules)
 * 1:23610 <-> DISABLED <-> BOTNET-CNC Worm.Crass.A outbound connection (botnet-cnc.rules)
 * 1:23614 <-> ENABLED <-> WEB-CLIENT Oracle JavaScript heap exploitation library usage attempt (web-client.rules)
 * 1:23607 <-> DISABLED <-> BOTNET-CNC Trojan.Sofacy.A outbound communication (botnet-cnc.rules)
 * 1:23600 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Gamarue.F outbound connection (botnet-cnc.rules)
 * 1:23606 <-> DISABLED <-> BOTNET-CNC Trojan.Sofacy.A outbound communication (botnet-cnc.rules)
 * 1:23598 <-> DISABLED <-> BOTNET-CNC Win32.Slagent outgoing connection (botnet-cnc.rules)
 * 1:23599 <-> DISABLED <-> BOTNET-CNC Win32.Slagent outgoing connection (botnet-cnc.rules)
 * 1:23595 <-> DISABLED <-> BOTNET-CNC Trojan.Papras variant connect to cnc-server (botnet-cnc.rules)
 * 1:23597 <-> DISABLED <-> BOTNET-CNC Trojan.VB.DHD connect to cnc-server (botnet-cnc.rules)
 * 1:23593 <-> DISABLED <-> BOTNET-CNC Trojan.Smoaler variant connect to cnc-server (botnet-cnc.rules)
 * 1:23594 <-> DISABLED <-> BOTNET-CNC Trojan.Papras variant connect to cnc-server (botnet-cnc.rules)
 * 1:23495 <-> DISABLED <-> BACKDOOR Trojan.Kugdifod.A outbound connection (backdoor.rules)
 * 1:23560 <-> ENABLED <-> FILE-OTHER Oracle Java Zip file directory record overflow attempt (file-other.rules)
 * 1:23491 <-> DISABLED <-> BOTNET-CNC Trojan.Kura connect to cnc-server (botnet-cnc.rules)
 * 1:23494 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Onitab.A outbound connection (botnet-cnc.rules)
 * 1:23485 <-> ENABLED <-> WEB-PHP Wordpress Invit0r plugin php upload attempt (web-php.rules)
 * 1:23490 <-> DISABLED <-> WEB-CLIENT Oracle Java MixerSequencer RMF MIDI structure handling exploit attempt (web-client.rules)
 * 1:23483 <-> DISABLED <-> BACKDOOR Backdoor.Georbot file download (backdoor.rules)
 * 1:23469 <-> DISABLED <-> BOTNET-CNC Trojan.Dropper outbound connection (botnet-cnc.rules)
 * 1:23467 <-> DISABLED <-> BOTNET-CNC Win32.Mazben file download (botnet-cnc.rules)
 * 1:23468 <-> DISABLED <-> BOTNET-CNC Trojan.Dropper outbound connection (botnet-cnc.rules)
 * 1:23451 <-> DISABLED <-> BACKDOOR Win32.RedSip.A outbound connection (backdoor.rules)
 * 1:23460 <-> DISABLED <-> BOTNET-CNC Trojan.Belesak.A outbound connection (botnet-cnc.rules)
 * 1:23449 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Servstart.ax connect to cnc-server (botnet-cnc.rules)
 * 1:23450 <-> DISABLED <-> BOTNET-CNC Trojan.McRat connect to server (botnet-cnc.rules)
 * 1:23448 <-> DISABLED <-> BOTNET-CNC Worm WIN32.Psyokym.b connect to cnc-server (botnet-cnc.rules)
 * 1:23447 <-> DISABLED <-> BOTNET-CNC Trojan.Sojax.A outbound connection (botnet-cnc.rules)
 * 1:23446 <-> DISABLED <-> BOTNET-CNC Trojan.Sojax.A runtime detection (botnet-cnc.rules)
 * 1:23405 <-> DISABLED <-> WEB-PHP PHP-Nuke index.php SQL injection attempt (web-php.rules)
 * 1:23406 <-> DISABLED <-> WEB-PHP PHP-Nuke index.php SQL injection attempt (web-php.rules)
 * 1:23394 <-> ENABLED <-> BOTNET-CNC Trojan Win32.Vbvoleur.a connect to cnc-server (botnet-cnc.rules)
 * 1:23399 <-> DISABLED <-> BOTNET-CNC Trojan Win32.Govdi.A connect to cnc-server (botnet-cnc.rules)
 * 1:23389 <-> DISABLED <-> BOTNET-CNC Trojan Java.Arratomref variant outbound connection (botnet-cnc.rules)
 * 1:23390 <-> DISABLED <-> BOTNET-CNC Trojan Java.Arratomref variant outbound connection (botnet-cnc.rules)
 * 1:23383 <-> DISABLED <-> BACKDOOR Trojan.Chaori.A runtime detection - initial connection (backdoor.rules)
 * 1:23387 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker outbound connection (botnet-cnc.rules)
 * 1:23380 <-> DISABLED <-> BOTNET-CNC Trojan.Ventana initial outbound connection (botnet-cnc.rules)
 * 1:23382 <-> ENABLED <-> BOTNET-CNC Trojan.SpyEye outbound connection (botnet-cnc.rules)
 * 1:23378 <-> DISABLED <-> BOTNET-CNC Trojan.Sasfis runtime detection (botnet-cnc.rules)
 * 1:23379 <-> DISABLED <-> BOTNET-CNC Trojan.Leepload variant outbound connection (botnet-cnc.rules)
 * 1:23346 <-> DISABLED <-> FILE-OTHER Oracle outside in Lotus 1-2-3 heap overflow attempt (file-other.rules)
 * 1:23377 <-> DISABLED <-> BOTNET-CNC Trojan.Sasfis runtime detection (botnet-cnc.rules)
 * 1:23345 <-> DISABLED <-> BOTNET-CNC RunTime Trojan Win32.tchfro.A outbound connection (botnet-cnc.rules)
 * 1:23343 <-> DISABLED <-> BOTNET-CNC Trojan.Agent initial connection (botnet-cnc.rules)
 * 1:23344 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Harvso.A outbound connection (botnet-cnc.rules)
 * 1:23339 <-> DISABLED <-> BACKDOOR Prier.A runtime detection - initial connection (backdoor.rules)
 * 1:23342 <-> ENABLED <-> BOTNET-CNC Trojan.Agent initial connection (botnet-cnc.rules)
 * 1:23337 <-> DISABLED <-> BACKDOOR Bluenet.A runtime detection - initial connection (backdoor.rules)
 * 1:23338 <-> DISABLED <-> BACKDOOR Spindest.A runtime detection - initial connection (backdoor.rules)
 * 1:23335 <-> ENABLED <-> BOTNET-CNC Trojan.Swisyn outbound connection (botnet-cnc.rules)
 * 1:23336 <-> DISABLED <-> BACKDOOR Linfo.A runtime detection - initial connection (backdoor.rules)
 * 1:23333 <-> DISABLED <-> BOTNET-CNC Trojan.Banker initial C&C checkin (botnet-cnc.rules)
 * 1:23334 <-> DISABLED <-> BOTNET-CNC Trojan.Downloader initial C&C checkin (botnet-cnc.rules)
 * 1:23331 <-> DISABLED <-> BOTNET-CNC Trojan.Mybot outbound connection (botnet-cnc.rules)
 * 1:23332 <-> ENABLED <-> BOTNET-CNC Trojan.Win32-Dishigy outbound connection (botnet-cnc.rules)
 * 1:23277 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:23276 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:20584 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-type headers malicious redirect attempt (web-client.rules)
 * 1:20585 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-length headers malicious redirect attempt (web-client.rules)
 * 1:20586 <-> DISABLED <-> WEB-CLIENT Mozilla multiple content-disposition headers malicious redirect attempt (web-client.rules)
 * 1:20587 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Larchik.A backdoor phishing (botnet-cnc.rules)
 * 1:20595 <-> DISABLED <-> BOTNET-CNC Win32.Ixeshe.F backdoor access (botnet-cnc.rules)
 * 1:20596 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection (botnet-cnc.rules)
 * 1:20597 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection (botnet-cnc.rules)
 * 1:20598 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection (botnet-cnc.rules)
 * 1:20599 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Smoaler.A trojan injection (botnet-cnc.rules)
 * 1:20604 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Buzus.isqy trojan phishing (botnet-cnc.rules)
 * 1:20605 <-> DISABLED <-> BOTNET-CNC Win32.R2d2.A contact to cnc server (botnet-cnc.rules)
 * 1:20606 <-> DISABLED <-> BOTNET-CNC Win32.Domsingx.A contact to C&C server (botnet-cnc.rules)
 * 1:20622 <-> DISABLED <-> FILE-OTHER Oracle Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:20626 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Shylock.A contact to C&C server (botnet-cnc.rules)
 * 1:20627 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Shylock.A C&C server response (botnet-cnc.rules)
 * 1:20630 <-> DISABLED <-> BOTNET-CNC Win32.Winnti.A contact to cnc server (botnet-cnc.rules)
 * 1:20639 <-> DISABLED <-> BOTNET-CNC Malware Trojan.Win32.Higest.N outbound connection (botnet-cnc.rules)
 * 1:20676 <-> DISABLED <-> BOTNET-CNC Win32.EggDrop.acn connect to cnc-server (botnet-cnc.rules)
 * 1:20677 <-> DISABLED <-> BOTNET-CNC Win32.EggDrop.acn connect to cnc-server (botnet-cnc.rules)
 * 1:20678 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Genome.aior contact to cnc-server (botnet-cnc.rules)
 * 1:20679 <-> DISABLED <-> BOTNET-CNC Win32.Syrutrk connect to cnc-server (botnet-cnc.rules)
 * 1:20681 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Agent.NMS connect to cnc-server (botnet-cnc.rules)
 * 1:20682 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Agent.NMS connect to cnc-server (botnet-cnc.rules)
 * 1:20683 <-> DISABLED <-> BOTNET-CNC Cleanvaccine connect to cnc-server (botnet-cnc.rules)
 * 1:20684 <-> DISABLED <-> BOTNET-CNC Cleanvaccine connect to cnc-server (botnet-cnc.rules)
 * 1:20685 <-> DISABLED <-> BOTNET-CNC Win32.Heloag.A connect to cnc-server (botnet-cnc.rules)
 * 1:20686 <-> DISABLED <-> BOTNET-CNC Win32.Virut.BM connect to client (botnet-cnc.rules)
 * 1:20687 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Genome.akhg connect to cnc-server (botnet-cnc.rules)
 * 1:20688 <-> DISABLED <-> BOTNET-CNC Trojan-Spy.Win32.Zbot.Jeib connect to cnc-server (botnet-cnc.rules)
 * 1:20689 <-> DISABLED <-> BOTNET-CNC Trojan-Spy.Win32.Zbot.Jeib connect to cnc-server (botnet-cnc.rules)
 * 1:20691 <-> DISABLED <-> POLICY-OTHER Cisco Network Registrar default credentials authentication attempt (policy-other.rules)
 * 1:20692 <-> DISABLED <-> POLICY-OTHER Cisco network registrar default credentials authentication attempt (policy-other.rules)
 * 1:20693 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Blackcontrol.A contact to cnc-server (botnet-cnc.rules)
 * 1:20694 <-> DISABLED <-> BOTNET-CNC Win32.SSonce.A backdoor access (botnet-cnc.rules)
 * 1:20695 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.GZW connect to cnc server (botnet-cnc.rules)
 * 1:20696 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Ransom.CK connect to cnc server (botnet-cnc.rules)
 * 1:20697 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Ransom.CK connect to cnc server (botnet-cnc.rules)
 * 1:20831 <-> DISABLED <-> FILE-OTHER Oracle Java Applet Rhino script engine remote code execution attempt (file-other.rules)
 * 1:20900 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:21028 <-> DISABLED <-> BOTNET-CNC Trojan.Usinec connect to server (botnet-cnc.rules)
 * 1:21055 <-> DISABLED <-> BACKDOOR Win32.Utka.A outbound connection (backdoor.rules)
 * 1:21056 <-> ENABLED <-> FILE-OTHER Oracle Java attempt to write in system32 (file-other.rules)
 * 1:21107 <-> DISABLED <-> FILE-OTHER MJM Quickplayer s3m buffer overflow (file-other.rules)
 * 1:21159 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:21160 <-> ENABLED <-> FILE-OTHER Microsoft Windows GDI+ TIFF file parsing heap overflow attempt (file-other.rules)
 * 1:21167 <-> DISABLED <-> FILE-OTHER Microsoft Windows Media MIDI file memory corruption attempt (file-other.rules)
 * 1:21387 <-> DISABLED <-> FILE-OTHER Oracle Java runtime RMIConnectionImpl deserialization execution attempt (file-other.rules)
 * 1:21402 <-> DISABLED <-> BACKDOOR Win32.Ponfoy.A runtime detection (backdoor.rules)
 * 1:21413 <-> DISABLED <-> FILE-OTHER PeaZip command injection attempt (file-other.rules)
 * 1:21420 <-> DISABLED <-> FILE-OTHER RealNetworks RealPlayer compressed skin overflow attempt (file-other.rules)
 * 1:21424 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Ghodow.A connect to cnc (botnet-cnc.rules)
 * 1:21425 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Ghodow.A exe file download (botnet-cnc.rules)
 * 1:21448 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Webmoner.zu connect to server (botnet-cnc.rules)
 * 1:21449 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Obitel install (botnet-cnc.rules)
 * 1:21450 <-> DISABLED <-> BOTNET-CNC Trojan-Downloader.Win32.Obitel connect to cnc server (botnet-cnc.rules)
 * 1:21451 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Agent.djvk malicious hosts file download (botnet-cnc.rules)
 * 1:21452 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Agent.djvk connect to server (botnet-cnc.rules)
 * 1:21460 <-> DISABLED <-> BOTNET-CNC Win32.DarkComet inbound connection (botnet-cnc.rules)
 * 1:21470 <-> DISABLED <-> BOTNET-CNC Trojan.Krap.Gy connect to server (botnet-cnc.rules)
 * 1:21472 <-> DISABLED <-> BOTNET-CNC Trojan.Delf.tzp download (botnet-cnc.rules)
 * 1:21481 <-> ENABLED <-> WEB-CLIENT Oracle Java Web Start arbitrary command execution attempt (web-client.rules)
 * 1:21484 <-> DISABLED <-> FILE-OTHER ZIP file name overflow attempt (file-other.rules)
 * 1:21501 <-> DISABLED <-> WEB-CLIENT Oracle JavaScript file upload keystroke hijack attempt (web-client.rules)
 * 1:21502 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.VBbot.V connect to server (botnet-cnc.rules)
 * 1:21512 <-> DISABLED <-> BACKDOOR Backdoor.Win32.Zegost.B runtime detection (backdoor.rules)
 * 1:21514 <-> DISABLED <-> BOTNET-CNC Trojan.Banbra connect to server (botnet-cnc.rules)
 * 1:21518 <-> DISABLED <-> BOTNET-CNC Trojan.Agent-59544 connect to server (botnet-cnc.rules)
 * 1:21520 <-> DISABLED <-> BOTNET-CNC Trojan.Bayrob initial connection (botnet-cnc.rules)
 * 1:21521 <-> DISABLED <-> BOTNET-CNC Trojan.Bayrob update connection (botnet-cnc.rules)
 * 1:21523 <-> DISABLED <-> BOTNET-CNC Trojan.Kazy variant outbound connection (botnet-cnc.rules)
 * 1:21540 <-> DISABLED <-> BOTNET-CNC Trojan.Buzus application download (botnet-cnc.rules)
 * 1:21541 <-> DISABLED <-> BOTNET-CNC Trojan.Buzus connect to server (botnet-cnc.rules)
 * 1:21542 <-> DISABLED <-> BOTNET-CNC Trojan.Buzus firefox extension download (botnet-cnc.rules)
 * 1:21543 <-> DISABLED <-> BOTNET-CNC Trojan.Buzus html page download (botnet-cnc.rules)
 * 1:21547 <-> ENABLED <-> BOTNET-CNC Win32.Trojan.Kazy variant outbound connection (botnet-cnc.rules)
 * 1:21548 <-> ENABLED <-> BOTNET-CNC Cutwail landing page connection (botnet-cnc.rules)
 * 1:21553 <-> DISABLED <-> BOTNET-CNC Trojan.Agent.cpze connect to server (botnet-cnc.rules)
 * 1:21554 <-> DISABLED <-> BOTNET-CNC Trojan.Waledac.exe download (botnet-cnc.rules)
 * 1:21557 <-> DISABLED <-> FILE-OTHER Apple OSX ZIP archive shell script execution attempt (file-other.rules)
 * 1:21667 <-> ENABLED <-> FILE-OTHER Oracle Java JRE sandbox Atomic breach attempt (file-other.rules)
 * 1:21958 <-> DISABLED <-> BOTNET-CNC QDIGIT protocol connection to server (botnet-cnc.rules)
 * 1:21959 <-> DISABLED <-> BOTNET-CNC UPDATE communication protocol connection to server (botnet-cnc.rules)
 * 1:21960 <-> DISABLED <-> BOTNET-CNC LURK communication protocol connection to server (botnet-cnc.rules)
 * 1:21961 <-> DISABLED <-> BOTNET-CNC IP2B communication protocol connection to server (botnet-cnc.rules)
 * 1:21962 <-> DISABLED <-> BOTNET-CNC BB communication protocol connection to server (botnet-cnc.rules)
 * 1:21963 <-> DISABLED <-> BOTNET-CNC X-Shell 601 communication protocol connection to server (botnet-cnc.rules)
 * 1:21964 <-> DISABLED <-> BOTNET-CNC Murcy protocol connection to server (botnet-cnc.rules)
 * 1:21966 <-> DISABLED <-> BOTNET-CNC Trojan.Pasmu connect to server (botnet-cnc.rules)
 * 1:21968 <-> DISABLED <-> BACKDOOR Backdoor.Rebhip.A outbound connection type A (backdoor.rules)
 * 1:21969 <-> DISABLED <-> BACKDOOR Backdoor.Rebhip.A outbound connection type B (backdoor.rules)
 * 1:21970 <-> DISABLED <-> BACKDOOR Backdoor.Zlob.P variant outbound connection (backdoor.rules)
 * 1:21971 <-> DISABLED <-> BACKDOOR Backdoor.Zlob.P variant inbound communication (backdoor.rules)
 * 1:21972 <-> DISABLED <-> BACKDOOR Backdoor.ZZSlash outbound connection (backdoor.rules)
 * 1:21973 <-> DISABLED <-> BACKDOOR Backdoor.ZZSlash runtime detection (backdoor.rules)
 * 1:21977 <-> DISABLED <-> BACKDOOR Backdoor.Pinit outbound connection (backdoor.rules)
 * 1:21978 <-> DISABLED <-> BACKDOOR Backdoor.Nervos variant outbound connection (backdoor.rules)
 * 1:21979 <-> DISABLED <-> BACKDOOR Backdoor.Nervos variant inbound communication (backdoor.rules)
 * 1:21997 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banker.bgcp contact to server (botnet-cnc.rules)
 * 1:21998 <-> DISABLED <-> BOTNET-CNC Trojan.Win32.Banload.PQC contact to server (botnet-cnc.rules)
 * 1:22000 <-> DISABLED <-> BOTNET-CNC Worm.VB.amna outbound connection A (botnet-cnc.rules)
 * 1:22001 <-> DISABLED <-> BOTNET-CNC Worm.VB.amna outbound connection type B (botnet-cnc.rules)
 * 1:22047 <-> ENABLED <-> BOTNET-CNC Trojan.Jokbot variant outbound connection (botnet-cnc.rules)
 * 1:22048 <-> ENABLED <-> BOTNET-CNC Trojan.Zeus P2P outbound communication (botnet-cnc.rules)
 * 1:22054 <-> ENABLED <-> BOTNET-CNC Trojan.Prorat variant outbound connection (botnet-cnc.rules)
 * 1:22063 <-> ENABLED <-> WEB-PHP PHP-CGI remote file include attempt (web-php.rules)
 * 1:22064 <-> ENABLED <-> WEB-PHP PHP-CGI command injection attempt (web-php.rules)
 * 1:22095 <-> ENABLED <-> BACKDOOR Backdoor.Win32.Agent outbound connection (backdoor.rules)
 * 1:22097 <-> DISABLED <-> WEB-PHP PHP-CGI command injection attempt (web-php.rules)
 * 1:23008 <-> DISABLED <-> FILE-OTHER Oracle Java Rhino script engine remote code execution attempt (file-other.rules)
 * 1:23048 <-> DISABLED <-> WEB-ACTIVEX McAfee Virtual Technician Security Bypass ActiveX clsid attempt (web-activex.rules)
 * 1:23049 <-> DISABLED <-> WEB-ACTIVEX McAfee Virtual Technician Security Bypass ActiveX function call attempt (web-activex.rules)
 * 1:23050 <-> DISABLED <-> WEB-ACTIVEX McAfee Virtual Technician Security Bypass ActiveX function call attempt (web-activex.rules)
 * 1:23103 <-> ENABLED <-> BOTNET-CNC Trojan.Bublik variant outbound connection (botnet-cnc.rules)
 * 1:23104 <-> ENABLED <-> BOTNET-CNC Trojan.Scar variant outbound connection (botnet-cnc.rules)
 * 1:23177 <-> DISABLED <-> WEB-PHP Symantec Web Gateway timer.php cross site scripting attempt (web-php.rules)
 * 1:23242 <-> ENABLED <-> BOTNET-CNC Win32.Banker.boxg connect to cnc server (botnet-cnc.rules)
 * 1:23243 <-> ENABLED <-> FILE-OTHER Oracle Java Zip file directory record overflow attempt (file-other.rules)
 * 1:23306 <-> DISABLED <-> BOTNET-CNC Trojan.Stealer connect to server (botnet-cnc.rules)
 * 1:23244 <-> ENABLED <-> BOTNET-CNC Trojan.Kuluoz variant outbound connection (botnet-cnc.rules)
 * 1:23308 <-> DISABLED <-> BOTNET-CNC Trojan.Downloader.Bucriv outbound connection (botnet-cnc.rules)
 * 1:23317 <-> DISABLED <-> BOTNET-CNC Trojan.Dropper initial outbound connection (botnet-cnc.rules)
 * 1:23245 <-> ENABLED <-> BOTNET-CNC Trojan.Downloader variant outbound connection (botnet-cnc.rules)
 * 1:23251 <-> DISABLED <-> BOTNET-CNC Trojan.Spyeye variant outbound connection (botnet-cnc.rules)
 * 1:23252 <-> DISABLED <-> BOTNET-CNC MacOS.MacKontrol variant outbound connection (botnet-cnc.rules)
 * 1:23254 <-> ENABLED <-> BOTNET-CNC Trojan.Win32.Delf.CL connect to cnc-server (botnet-cnc.rules)
 * 1:23255 <-> DISABLED <-> BOTNET-CNC Trojan.Duojeen runtime detection (botnet-cnc.rules)
 * 1:23257 <-> DISABLED <-> BOTNET-CNC Trojan.Duojeen variant outbound connection (botnet-cnc.rules)
 * 1:23262 <-> ENABLED <-> BOTNET-CNC Trojan.Banker outbound connection (botnet-cnc.rules)
 * 1:23269 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:23273 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:23274 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:23275 <-> ENABLED <-> FILE-OTHER Oracle Java field bytecode verifier cache code execution attempt (file-other.rules)
 * 1:15563 <-> ENABLED <-> BOTNET-CNC RSPlug Trojan server connection (botnet-cnc.rules)
 * 1:23968 <-> ENABLED <-> BOTNET-CNC WIN.Trojan.Crisis outbound connection (botnet-cnc.rules)
 * 1:23963 <-> DISABLED <-> BACKDOOR WIN32.Runagry variant outbound connection (backdoor.rules)
 * 1:23953 <-> DISABLED <-> BOTNET-CNC Trojan.Comfoo variant connect to cnc-server (botnet-cnc.rules)
 * 1:23949 <-> DISABLED <-> BOTNET-CNC W32.Trojan.TKcik variant connect to cnc-server (botnet-cnc.rules)
 * 1:23307 <-> ENABLED <-> BOTNET-CNC Trojan.Dropper connect to server (botnet-cnc.rules)
 * 1:23948 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Sicisono variant connect to cnc-server (botnet-cnc.rules)
 * 1:23946 <-> ENABLED <-> BACKDOOR Trojan.Backdoor file download (backdoor.rules)
 * 1:23945 <-> ENABLED <-> BACKDOOR Trojan.Backdoor outbound connection (backdoor.rules)
 * 1:23944 <-> DISABLED <-> WEB-PHP empty zip file upload attempt (web-php.rules)
 * 1:23943 <-> ENABLED <-> FILE-OTHER Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-other.rules)
 * 1:23941 <-> DISABLED <-> BOTNET-CNC OSX.Trojan.Aharm variant connect to cnc-server (botnet-cnc.rules)
 * 1:23936 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Zakahic variant connect to cnc-server (botnet-cnc.rules)
 * 1:23935 <-> DISABLED <-> BOTNET-CNC Win.Trojan.Zakahic variant connect to cnc-server (botnet-cnc.rules)
 * 1:23877 <-> DISABLED <-> BOTNET-CNC W32.Trojan.Dtfanri variant connect to cnc-server (botnet-cnc.rules)
 * 1:23876 <-> DISABLED <-> BOTNET-CNC W32.Trojan.Scirib variant connect to cnc-server (botnet-cnc.rules)
 * 1:23844 <-> DISABLED <-> FILE-OFFICE Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code execution attempt (file-office.rules)
 * 1:23826 <-> ENABLED <-> BOTNET-CNC FinFisher outbound connection (botnet-cnc.rules)
 * 1:23839 <-> ENABLED <-> NETBIOS SMB Microsoft Windows RAP API NetServerEnum2 long server name buffer overflow attempt (netbios.rules)
 * 1:23825 <-> ENABLED <-> BOTNET-CNC FinFisher initial outbound connection (botnet-cnc.rules)
 * 1:23796 <-> DISABLED <-> WEB-PHP exif invalid tag data buffer overflow attempt (web-php.rules)
 * 1:15957 <-> DISABLED <-> FILE-OTHER Sophos Anti-Virus zip file handling DoS attempt (file-other.rules)
 * 1:23788 <-> DISABLED <-> BOTNET-CNC Trojan.Locotout variant connect to cnc-server (botnet-cnc.rules)
 * 1:15730 <-> ENABLED <-> BOTNET-CNC Delf Trojan POST (botnet-cnc.rules)
 * 1:15565 <-> ENABLED <-> BOTNET-CNC RSPlug Trojan file download (botnet-cnc.rules)
 * 1:13876 <-> DISABLED <-> BACKDOOR zlob.acc runtime detection (backdoor.rules)
 * 1:13815 <-> DISABLED <-> BACKDOOR zombget.03 runtime detection (backdoor.rules)
 * 1:14083 <-> DISABLED <-> BACKDOOR trojan agent.aarm runtime detection - download other malware (backdoor.rules)
 * 1:10062 <-> DISABLED <-> WEB-CLIENT Oracle Java Virtual Machine malformed GIF buffer overflow attempt (web-client.rules)
 * 1:13941 <-> DISABLED <-> BACKDOOR trojan agent.nac runtime detection - click fraud (backdoor.rules)
 * 1:13942 <-> DISABLED <-> BACKDOOR trojan agent.nac runtime detection - call home (backdoor.rules)
 * 1:14082 <-> DISABLED <-> BACKDOOR trojan agent.aarm runtime detection - spread via spam (backdoor.rules)
 * 1:14081 <-> DISABLED <-> BACKDOOR trojan agent.aarm runtime detection - call home (backdoor.rules)
 * 1:15297 <-> DISABLED <-> BOTNET-CNC Trojan.Bankpatch.C report home (botnet-cnc.rules)
 * 1:15238 <-> DISABLED <-> FILE-OTHER Apple QuickTime for Java toQTPointer function memory corruption attempt (file-other.rules)
 * 1:15295 <-> DISABLED <-> BOTNET-CNC Trojan.Bankpatch.C configuration (botnet-cnc.rules)
 * 1:23787 <-> DISABLED <-> BOTNET-CNC Trojan.Locotout variant connect to cnc-server (botnet-cnc.rules)
 * 1:15564 <-> ENABLED <-> BOTNET-CNC RSPlug Trojan file download (botnet-cnc.rules)
 * 1:15296 <-> DISABLED <-> BOTNET-CNC Trojan.Bankpatch.C malicious file download (botnet-cnc.rules)