Sourcefire VRT Rules Update

Date: 2012-09-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2.9.3.0.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:24109 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules)
 * 1:24086 <-> ENABLED <-> SPYWARE-PUT Adware.AdultAds outbound connection (spyware-put.rules)
 * 1:24111 <-> ENABLED <-> BLACKLIST User-Agent known malicious user agent - Post (blacklist.rules)
 * 1:24102 <-> ENABLED <-> MALWARE-OTHER Possible Kuluoz spamvertised URL in email (malware-other.rules)
 * 1:24095 <-> DISABLED <-> APP-DETECT Teamviewer installer download attempt (app-detect.rules)
 * 1:24094 <-> DISABLED <-> APP-DETECT Teamviewer control server ping (app-detect.rules)
 * 1:24098 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules)
 * 1:24104 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules)
 * 1:24107 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24093 <-> DISABLED <-> WEB-PHP RFC1867 file-upload implementation denial of service attempt (web-php.rules)
 * 1:24103 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules)
 * 1:24089 <-> ENABLED <-> WEB-MISC Microsoft WebDAV PROPFIND request (web-misc.rules)
 * 1:24087 <-> ENABLED <-> MALWARE-CNC Win32.Bledoor TCP tunnel in UDP attempt (malware-cnc.rules)
 * 1:24110 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules)
 * 1:24097 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules)
 * 1:24106 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules)
 * 1:24085 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24105 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules)
 * 1:24091 <-> DISABLED <-> WEB-MISC SAP NetWeaver SOAP interface command injection attempt (web-misc.rules)
 * 1:24096 <-> DISABLED <-> APP-DETECT Teamviewer remote connection attempt (app-detect.rules)
 * 1:24084 <-> ENABLED <-> FILE-OTHER Oracle Java privileged protection domain exploitation attempt (file-other.rules)
 * 1:24100 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24088 <-> ENABLED <-> MALWARE-CNC Win32.Bledoor TCP tunnel in ICMP attempt (malware-cnc.rules)
 * 1:24092 <-> DISABLED <-> MALWARE-CNC WIN.Trojan.Clisbot outbound connection attempt (malware-cnc.rules)
 * 1:24090 <-> DISABLED <-> WEB-MISC Microsoft Windows WebDAV invalid character argument injection attempt (web-misc.rules)
 * 1:24101 <-> ENABLED <-> FILE-IDENTIFY PLF file attachment detected (file-identify.rules)
 * 1:24108 <-> ENABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules)
 * 1:24099 <-> ENABLED <-> MALWARE-OTHER Malvertising redirection attempt (malware-other.rules)

Modified Rules:


 * 1:989 <-> DISABLED <-> MALWARE-CNC sensepost.exe command shell (malware-cnc.rules)
 * 1:9844 <-> DISABLED <-> FILE-MULTIMEDIA VLC Media Player udp URI format string attempt (file-multimedia.rules)
 * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules)
 * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules)
 * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules)
 * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules)
 * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules)
 * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:9801 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player or Explorer Malformed MIDI File DOS attempt (file-multimedia.rules)
 * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules)
 * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules)
 * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 runtime detection - php notification (malware-cnc.rules)
 * 1:9637 <-> DISABLED <-> FILE-OTHER Adobe Download Manger dm.ini stack overflow attempt (file-other.rules)
 * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules)
 * 1:8445 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows RTF file with embedded object package download attempt (file-multimedia.rules)
 * 1:8443 <-> DISABLED <-> BROWSER-FIREFOX Mozilla regular expression heap corruption attempt (browser-firefox.rules)
 * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules)
 * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules)
 * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a runtime detection - client update (malware-cnc.rules)
 * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules)
 * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules)
 * 1:8077 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules)
 * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules)
 * 1:8075 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules)
 * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules)
 * 1:8058 <-> DISABLED <-> BROWSER-FIREFOX Mozilla javascript navigator object access (browser-firefox.rules)
 * 1:7861 <-> DISABLED <-> APP-DETECT Google Desktop activity (app-detect.rules)
 * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules)
 * 1:7821 <-> DISABLED <-> MALWARE-BACKDOOR nightcreature beta 0.01 runtime detection (malware-backdoor.rules)
 * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules)
 * 1:7817 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules)
 * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules)
 * 1:7811 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - telnet initial (malware-backdoor.rules)
 * 1:7810 <-> DISABLED <-> MALWARE-BACKDOOR nuclear uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules)
 * 1:7808 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules)
 * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules)
 * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 runtime detection - ie hijacker (malware-cnc.rules)
 * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules)
 * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules)
 * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules)
 * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules)
 * 1:7799 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules)
 * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules)
 * 1:7797 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules)
 * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:7795 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:7794 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set (malware-backdoor.rules)
 * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules)
 * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules)
 * 1:7789 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection directory listing - server to client (malware-backdoor.rules)
 * 1:7788 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection directory listing - client to server (malware-backdoor.rules)
 * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules)
 * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules)
 * 1:7782 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager - flowbit set (malware-backdoor.rules)
 * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules)
 * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules)
 * 1:7776 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set (malware-backdoor.rules)
 * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:7774 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set (malware-backdoor.rules)
 * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:7772 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set (malware-backdoor.rules)
 * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:7770 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set (malware-backdoor.rules)
 * 1:7769 <-> DISABLED <-> MALWARE-BACKDOOR data rape runtime detection - execute program server-to-client (malware-backdoor.rules)
 * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules)
 * 1:7766 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server (malware-backdoor.rules)
 * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules)
 * 1:7764 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-to-server (malware-backdoor.rules)
 * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules)
 * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 runtime detection - icq notification (malware-cnc.rules)
 * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules)
 * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules)
 * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules)
 * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules)
 * 1:7754 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 (malware-backdoor.rules)
 * 1:7753 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 (malware-backdoor.rules)
 * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7751 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 2 (malware-backdoor.rules)
 * 1:7750 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection - flowbit set 1 (malware-backdoor.rules)
 * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:7748 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message - flowbit set (malware-backdoor.rules)
 * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7746 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules)
 * 1:7744 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection - flowbit set (malware-backdoor.rules)
 * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules)
 * 1:7742 <-> DISABLED <-> MALWARE-CNC nova 1.0 runtime detection - cgi notification client-to-server (malware-cnc.rules)
 * 1:7741 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - initial connection with pwd set (malware-backdoor.rules)
 * 1:7740 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - initial connection with pwd set - flowbit set (malware-backdoor.rules)
 * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules)
 * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules)
 * 1:7735 <-> DISABLED <-> MALWARE-BACKDOOR bionet 4.05 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7734 <-> DISABLED <-> MALWARE-BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules)
 * 1:7731 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client (malware-backdoor.rules)
 * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules)
 * 1:7728 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules)
 * 1:7726 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command - flowbit set (malware-backdoor.rules)
 * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7723 <-> DISABLED <-> MALWARE-BACKDOOR wollf runtime detection (malware-backdoor.rules)
 * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules)
 * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules)
 * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules)
 * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:7718 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules)
 * 1:7716 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection (malware-backdoor.rules)
 * 1:7715 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - flowbit set 2 (malware-backdoor.rules)
 * 1:7714 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - flowbit set 1 (malware-backdoor.rules)
 * 1:7713 <-> DISABLED <-> MALWARE-BACKDOOR amitis v1.3 runtime detection - email notification (malware-backdoor.rules)
 * 1:7712 <-> DISABLED <-> MALWARE-BACKDOOR amitis runtime detection victim to attacker (malware-backdoor.rules)
 * 1:7711 <-> DISABLED <-> MALWARE-BACKDOOR amitis runtime command detection attacker to victim (malware-backdoor.rules)
 * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7709 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7708 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules)
 * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:7705 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules)
 * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules)
 * 1:7702 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set (malware-backdoor.rules)
 * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules)
 * 1:7700 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat - flowbit set (malware-backdoor.rules)
 * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules)
 * 1:7698 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application - flowbit set (malware-backdoor.rules)
 * 1:7697 <-> DISABLED <-> MALWARE-BACKDOOR hanky panky 1.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7696 <-> DISABLED <-> MALWARE-BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 2 (malware-backdoor.rules)
 * 1:7695 <-> DISABLED <-> MALWARE-BACKDOOR hanky panky 1.1 runtime detection - initial connection - flowbit set 1 (malware-backdoor.rules)
 * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules)
 * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules)
 * 1:7690 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager - flowbit set (malware-backdoor.rules)
 * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules)
 * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules)
 * 1:7687 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser client-to-server (malware-backdoor.rules)
 * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules)
 * 1:7685 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info client-to-server (malware-backdoor.rules)
 * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules)
 * 1:7682 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection - flowbit set (malware-backdoor.rules)
 * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules)
 * 1:7680 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file - flowbit set (malware-backdoor.rules)
 * 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules)
 * 1:7678 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file - flowbit set (malware-backdoor.rules)
 * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules)
 * 1:7676 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules)
 * 1:7674 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection - flowbit set 2 (malware-backdoor.rules)
 * 1:7673 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection - flowbit set 1 (malware-backdoor.rules)
 * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules)
 * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules)
 * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules)
 * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules)
 * 1:7668 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 - flowbit set (malware-backdoor.rules)
 * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules)
 * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7664 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - flowbit set (malware-backdoor.rules)
 * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7662 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules)
 * 1:7660 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request - flowbit set (malware-backdoor.rules)
 * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7651 <-> DISABLED <-> MALWARE-BACKDOOR small uploader 1.01 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7650 <-> DISABLED <-> MALWARE-BACKDOOR small uploader 1.01 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7649 <-> DISABLED <-> MALWARE-BACKDOOR minicom lite runtime detection - server-to-client (malware-backdoor.rules)
 * 1:7648 <-> DISABLED <-> MALWARE-BACKDOOR minicom lite runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7647 <-> DISABLED <-> MALWARE-BACKDOOR minicom lite runtime detection - udp (malware-backdoor.rules)
 * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules)
 * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7645 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection - flowbit set (malware-backdoor.rules)
 * 1:7643 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol takeover runtime detection (malware-backdoor.rules)
 * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - server-to-client (malware-backdoor.rules)
 * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7640 <-> DISABLED <-> MALWARE-CNC air runtime detection - webmail notification (malware-cnc.rules)
 * 1:7639 <-> DISABLED <-> MALWARE-CNC air runtime detection - php notification (malware-cnc.rules)
 * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR ncph runtime detection - initial connection (malware-backdoor.rules)
 * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 runtime detection - icq notification (malware-cnc.rules)
 * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules)
 * 1:7635 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set (malware-backdoor.rules)
 * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules)
 * 1:7633 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set (malware-backdoor.rules)
 * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules)
 * 1:7631 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set (malware-backdoor.rules)
 * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules)
 * 1:7628 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 (malware-backdoor.rules)
 * 1:7627 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 (malware-backdoor.rules)
 * 1:7626 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 (malware-backdoor.rules)
 * 1:7625 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 (malware-backdoor.rules)
 * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data communication (malware-backdoor.rules)
 * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules)
 * 1:7622 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 3 (malware-backdoor.rules)
 * 1:7621 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request - flowbit 2 (malware-backdoor.rules)
 * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules)
 * 1:7620 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 (malware-backdoor.rules)
 * 1:7618 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 (malware-backdoor.rules)
 * 1:7617 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 (malware-backdoor.rules)
 * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules)
 * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules)
 * 1:7608 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat - flowbit set (malware-backdoor.rules)
 * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:7606 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info - flowbit set (malware-backdoor.rules)
 * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:7604 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set (malware-backdoor.rules)
 * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules)
 * 1:7121 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection (malware-backdoor.rules)
 * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules)
 * 1:7119 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection (malware-backdoor.rules)
 * 1:7118 <-> DISABLED <-> MALWARE-CNC y3k 1.2 runtime detection - user-agent string detected (malware-cnc.rules)
 * 1:7116 <-> ENABLED <-> MALWARE-CNC y3k 1.2 runtime detection - icq notification (malware-cnc.rules)
 * 1:7067 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:7066 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (malware-backdoor.rules)
 * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules)
 * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules)
 * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules)
 * 1:7073 <-> DISABLED <-> MALWARE-CNC W32.dumaru.gen runtime detection - notification (malware-cnc.rules)
 * 1:7115 <-> ENABLED <-> MALWARE-BACKDOOR ghost 2.3 runtime detection (malware-backdoor.rules)
 * 1:7074 <-> DISABLED <-> MALWARE-CNC W32.dumaru.gen runtime detection - cmd (malware-cnc.rules)
 * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules)
 * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 runtime detection - cgi notification (malware-cnc.rules)
 * 1:7114 <-> ENABLED <-> MALWARE-BACKDOOR donalddick v1.5b3 runtime detection (malware-backdoor.rules)
 * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 runtime detection - icq notification (malware-cnc.rules)
 * 1:7078 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection flowbit 1 (malware-backdoor.rules)
 * 1:7079 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection flowbit 2 (malware-backdoor.rules)
 * 1:7080 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection flowbit 3 (malware-backdoor.rules)
 * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules)
 * 1:7113 <-> DISABLED <-> MALWARE-BACKDOOR donalddick v1.5b3 runtime detection (malware-backdoor.rules)
 * 1:7082 <-> DISABLED <-> MALWARE-BACKDOOR mosucker3.0 runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7083 <-> DISABLED <-> MALWARE-BACKDOOR mosucker3.0 runtime detection - server-to-client1 (malware-backdoor.rules)
 * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7085 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection (malware-backdoor.rules)
 * 1:7112 <-> ENABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:7087 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with correct password client-to-server (malware-backdoor.rules)
 * 1:7088 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with correct password server-to-client (malware-backdoor.rules)
 * 1:7089 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password -client-to-server (malware-backdoor.rules)
 * 1:7111 <-> DISABLED <-> MALWARE-BACKDOOR fearless lite 1.01 runtime detection (malware-backdoor.rules)
 * 1:7090 <-> DISABLED <-> MALWARE-BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password server-to-client (malware-backdoor.rules)
 * 1:7091 <-> ENABLED <-> MALWARE-BACKDOOR serveme runtime detection (malware-backdoor.rules)
 * 1:7096 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - logon (malware-backdoor.rules)
 * 1:7097 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - execute file (malware-backdoor.rules)
 * 1:7108 <-> ENABLED <-> MALWARE-BACKDOOR undetected runtime detection (malware-backdoor.rules)
 * 1:7098 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - get password (malware-backdoor.rules)
 * 1:7107 <-> DISABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:7106 <-> DISABLED <-> MALWARE-BACKDOOR girlfriend runtime detection (malware-backdoor.rules)
 * 1:7105 <-> ENABLED <-> MALWARE-BACKDOOR aol admin runtime detection (malware-backdoor.rules)
 * 1:7104 <-> DISABLED <-> MALWARE-BACKDOOR aol admin runtime detection (malware-backdoor.rules)
 * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 runtime detection - init connection (malware-cnc.rules)
 * 1:7065 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 (malware-backdoor.rules)
 * 1:7101 <-> DISABLED <-> MALWARE-BACKDOOR gwboy 0.92 runtime detection (malware-backdoor.rules)
 * 1:7099 <-> ENABLED <-> MALWARE-BACKDOOR remote hack 1.5 runtime detection - start keylogger (malware-backdoor.rules)
 * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:10103 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10104 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection (malware-backdoor.rules)
 * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules)
 * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules)
 * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules)
 * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10110 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection (malware-backdoor.rules)
 * 1:10111 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10115 <-> DISABLED <-> FILE-IMAGE Microsoft Windows WMF DOS attempt (file-image.rules)
 * 1:10130 <-> DISABLED <-> POLICY-OTHER VERITAS NetBackup system - execution function call access (policy-other.rules)
 * 1:10131 <-> DISABLED <-> BROWSER-FIREFOX Mozilla compareTo arbitrary code execution attempt (browser-firefox.rules)
 * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules)
 * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules)
 * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules)
 * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution attempt (malware-backdoor.rules)
 * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution attempt (malware-backdoor.rules)
 * 1:10441 <-> DISABLED <-> SPYWARE-PUT Hacker-Tool statwin runtime detection (spyware-put.rules)
 * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules)
 * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules)
 * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules)
 * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules)
 * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b runtime detection - icq notification (malware-cnc.rules)
 * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules)
 * 1:10450 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules)
 * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10455 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules)
 * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules)
 * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules)
 * 1:10460 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10462 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:105 <-> DISABLED <-> MALWARE-BACKDOOR - Dagger_1.4.0 (malware-backdoor.rules)
 * 1:108 <-> DISABLED <-> MALWARE-BACKDOOR QAZ Worm Client Login access (malware-backdoor.rules)
 * 1:110 <-> DISABLED <-> MALWARE-BACKDOOR netbus getinfo (malware-backdoor.rules)
 * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules)
 * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules)
 * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules)
 * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules)
 * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules)
 * 1:11322 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:115 <-> DISABLED <-> MALWARE-BACKDOOR NetBus Pro 2.0 connection established (malware-backdoor.rules)
 * 1:117 <-> DISABLED <-> MALWARE-BACKDOOR Infector.1.x (malware-backdoor.rules)
 * 1:119 <-> DISABLED <-> MALWARE-BACKDOOR Doly 2.0 access (malware-backdoor.rules)
 * 1:11949 <-> DISABLED <-> MALWARE-BACKDOOR lame rat v1.0 runtime detection (malware-backdoor.rules)
 * 1:11951 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - init connection request (malware-backdoor.rules)
 * 1:11952 <-> DISABLED <-> MALWARE-BACKDOOR winshadow runtime detection - udp response (malware-backdoor.rules)
 * 1:11953 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:11954 <-> DISABLED <-> MALWARE-BACKDOOR supervisor plus runtime detection (malware-backdoor.rules)
 * 1:12051 <-> DISABLED <-> MALWARE-BACKDOOR ultimate rat 2.1 runtime detection (malware-backdoor.rules)
 * 1:12052 <-> DISABLED <-> MALWARE-BACKDOOR the[x] 1.2 runtime detection - execute command (malware-backdoor.rules)
 * 1:12053 <-> DISABLED <-> MALWARE-BACKDOOR trail of destruction 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:12054 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection - flowbit set (malware-backdoor.rules)
 * 1:12055 <-> DISABLED <-> MALWARE-BACKDOOR tron runtime detection - init connection (malware-backdoor.rules)
 * 1:121 <-> DISABLED <-> MALWARE-BACKDOOR Infector 1.6 Client to Server Connection Request (malware-backdoor.rules)
 * 1:12142 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12143 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - init connection (malware-backdoor.rules)
 * 1:12144 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12145 <-> DISABLED <-> MALWARE-BACKDOOR access remote pc runtime detection - rpc setup (malware-backdoor.rules)
 * 1:12146 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12147 <-> DISABLED <-> MALWARE-BACKDOOR blue eye 1.0b runtime detection - init connection (malware-backdoor.rules)
 * 1:12148 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12149 <-> DISABLED <-> MALWARE-BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection (malware-backdoor.rules)
 * 1:12150 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12151 <-> DISABLED <-> MALWARE-BACKDOOR cafeini 1.0 runtime detection (malware-backdoor.rules)
 * 1:12152 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - init connection (malware-backdoor.rules)
 * 1:12153 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12154 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12155 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - download file (malware-backdoor.rules)
 * 1:12156 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12157 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12158 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - upload file (malware-backdoor.rules)
 * 1:12159 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - keylogging (malware-backdoor.rules)
 * 1:12160 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12161 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12162 <-> DISABLED <-> MALWARE-BACKDOOR optix pro v1.32 runtime detection - screen capturing (malware-backdoor.rules)
 * 1:12163 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12164 <-> DISABLED <-> MALWARE-BACKDOOR cobra uploader 1.0 runtime detection (malware-backdoor.rules)
 * 1:12165 <-> DISABLED <-> MALWARE-CNC lithium 1.02 runtime detection (malware-cnc.rules)
 * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 runtime detection (malware-cnc.rules)
 * 1:12219 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL wallclock parsing buffer overflow (file-multimedia.rules)
 * 1:12233 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12234 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with no password (malware-backdoor.rules)
 * 1:12235 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12236 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - connect with password (malware-backdoor.rules)
 * 1:12237 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12238 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.10 runtime detection - ftp (malware-backdoor.rules)
 * 1:12240 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12241 <-> DISABLED <-> MALWARE-BACKDOOR genie 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:12242 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12243 <-> DISABLED <-> MALWARE-BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12244 <-> DISABLED <-> MALWARE-BACKDOOR itadem trojan 3.0 runtime detection (malware-backdoor.rules)
 * 1:12245 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b3 runtime detection (malware-backdoor.rules)
 * 1:12297 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12298 <-> DISABLED <-> MALWARE-BACKDOOR bifrost v1.2.1 runtime detection (malware-backdoor.rules)
 * 1:12373 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12374 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:12375 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12376 <-> DISABLED <-> MALWARE-BACKDOOR radmin 3.0 runtime detection - login & remote control (malware-backdoor.rules)
 * 1:12377 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12378 <-> DISABLED <-> MALWARE-BACKDOOR shark 2.3.2 runtime detection (malware-backdoor.rules)
 * 1:12661 <-> DISABLED <-> MALWARE-CNC troll.a runtime detection (malware-cnc.rules)
 * 1:12675 <-> DISABLED <-> MALWARE-BACKDOOR Versi TheTheef Detection (malware-backdoor.rules)
 * 1:12684 <-> DISABLED <-> MALWARE-BACKDOOR Sygate Remote Administration Engine (malware-backdoor.rules)
 * 1:12699 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12700 <-> DISABLED <-> MALWARE-BACKDOOR poison ivy 2.3.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:12724 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12725 <-> DISABLED <-> MALWARE-BACKDOOR dark moon 4.11 runtime detection (malware-backdoor.rules)
 * 1:12726 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12727 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.35 runtime detection (malware-backdoor.rules)
 * 1:12757 <-> ENABLED <-> FILE-IMAGE Apple QuickTime uncompressed PICT stack overflow attempt (file-image.rules)
 * 1:12983 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt (file-multimedia.rules)
 * 1:13245 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 runtime detection - init connection (malware-backdoor.rules)
 * 1:13246 <-> DISABLED <-> MALWARE-BACKDOOR troya 1.4 runtime detection - init connection (malware-backdoor.rules)
 * 1:13247 <-> DISABLED <-> MALWARE-BACKDOOR yuri 1.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13357 <-> DISABLED <-> MYSQL failed Oracle Mysql login attempt (mysql.rules)
 * 1:13358 <-> DISABLED <-> MYSQL Oracle Mysql login attempt from unauthorized location (mysql.rules)
 * 1:13359 <-> DISABLED <-> APP-DETECT failed IMAP login attempt - invalid username/password (app-detect.rules)
 * 1:13360 <-> DISABLED <-> APP-DETECT failed FTP login attempt (app-detect.rules)
 * 1:13506 <-> DISABLED <-> MALWARE-BACKDOOR evilotus 1.3.2 runtime detection - init connection (malware-backdoor.rules)
 * 1:13507 <-> DISABLED <-> MALWARE-CNC evilotus 1.3.2 runtime detection - init connection (malware-cnc.rules)
 * 1:13508 <-> DISABLED <-> MALWARE-CNC xploit 1.4.5 runtime detection (malware-cnc.rules)
 * 1:13586 <-> DISABLED <-> APP-DETECT SSH server detected on non-standard port (app-detect.rules)
 * 1:13593 <-> DISABLED <-> MYSQL yaSSL SSL Hello Message Buffer Overflow attempt (mysql.rules)
 * 1:13625 <-> DISABLED <-> MALWARE-CNC MBR rootkit HTTP POST activity detected (malware-cnc.rules)
 * 1:13654 <-> DISABLED <-> MALWARE-CNC nuclear rat 2.1 runtime detection - init connection (malware-cnc.rules)
 * 1:13655 <-> DISABLED <-> MALWARE-CNC nuclear rat 2.1 runtime detection - init connection (malware-cnc.rules)
 * 1:13807 <-> DISABLED <-> FILE-IMAGE Microsoft Windows metafile SetPaletteEntries heap overflow attempt (file-image.rules)
 * 1:13814 <-> DISABLED <-> MALWARE-CNC passhax runtime detection - initial connection (malware-cnc.rules)
 * 1:13815 <-> DISABLED <-> MALWARE-CNC zombget.03 runtime detection (malware-cnc.rules)
 * 1:13823 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX SAMI file parsing buffer overflow attempt (file-multimedia.rules)
 * 1:13824 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt (file-multimedia.rules)
 * 1:13856 <-> DISABLED <-> MALWARE-CNC wintrim.z runtime detection (malware-cnc.rules)
 * 1:13865 <-> DISABLED <-> FILE-IMAGE BMP image handler buffer overflow attempt (file-image.rules)
 * 1:13876 <-> DISABLED <-> MALWARE-CNC zlob.acc runtime detection (malware-cnc.rules)
 * 1:13877 <-> DISABLED <-> MALWARE-CNC Trojan-spy.win32.delf.uv runtime detection (malware-cnc.rules)
 * 1:13878 <-> DISABLED <-> MALWARE-CNC Trojan-spy.win32.delf.uv runtime detection (malware-cnc.rules)
 * 1:13888 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules)
 * 1:13889 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules)
 * 1:13890 <-> DISABLED <-> FILE-OTHER Microsoft SQL Server Backup Database File integer overflow attempt (file-other.rules)
 * 1:13893 <-> DISABLED <-> FILE-OTHER Microsoft malformed saved search heap corruption attempt (file-other.rules)
 * 1:13898 <-> DISABLED <-> APP-DETECT iTunes client request for server info (app-detect.rules)
 * 1:13899 <-> DISABLED <-> APP-DETECT iTunes client login attempt (app-detect.rules)
 * 1:13900 <-> DISABLED <-> APP-DETECT iTunes server multicast DNS response (app-detect.rules)
 * 1:13941 <-> DISABLED <-> MALWARE-CNC Trojan agent.nac runtime detection - click fraud (malware-cnc.rules)
 * 1:13942 <-> DISABLED <-> MALWARE-CNC Trojan agent.nac runtime detection - call home (malware-cnc.rules)
 * 1:13944 <-> DISABLED <-> MALWARE-CNC Trojan small.gy runtime detection - get whitelist (malware-cnc.rules)
 * 1:13945 <-> DISABLED <-> MALWARE-CNC Trojan small.gy runtime detection - update (malware-cnc.rules)
 * 1:14019 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules)
 * 1:14020 <-> DISABLED <-> FILE-MULTIMEDIA CyberLink PowerDVD playlist file handling stack overflow attempt (file-multimedia.rules)
 * 1:14039 <-> ENABLED <-> FILE-OTHER GNOME Project libxslt RC4 key string buffer overflow attempt (file-other.rules)
 * 1:14081 <-> DISABLED <-> MALWARE-CNC Trojan agent.aarm runtime detection - call home (malware-cnc.rules)
 * 1:14082 <-> DISABLED <-> MALWARE-CNC Trojan agent.aarm runtime detection - spread via spam (malware-cnc.rules)
 * 1:14083 <-> DISABLED <-> MALWARE-CNC Trojan agent.aarm runtime detection - download other malware (malware-cnc.rules)
 * 1:14084 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c runtime detection - download cfg.bin (malware-cnc.rules)
 * 1:14085 <-> DISABLED <-> MALWARE-CNC infostealer.banker.c runtime detection - collect user info (malware-cnc.rules)
 * 1:14086 <-> DISABLED <-> MALWARE-CNC Adware.Win32.Agent.BM runtime detection 1 (malware-cnc.rules)
 * 1:14087 <-> DISABLED <-> MALWARE-CNC Adware.Win32.Agent.BM runtime detection 2 (malware-cnc.rules)
 * 1:141 <-> DISABLED <-> MALWARE-BACKDOOR HackAttack 1.20 Connect (malware-backdoor.rules)
 * 1:146 <-> DISABLED <-> MALWARE-BACKDOOR NetSphere access (malware-backdoor.rules)
 * 1:147 <-> DISABLED <-> MALWARE-BACKDOOR GateCrasher (malware-backdoor.rules)
 * 1:15082 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office Word rtf malformed dpcallout buffer overflow attempt (file-multimedia.rules)
 * 1:15105 <-> ENABLED <-> FILE-IMAGE Microsoft GDI WMF file parsing integer overflow attempt (file-image.rules)
 * 1:15106 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office Word .rtf file integer overflow attempt (file-multimedia.rules)
 * 1:15107 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office Word .rtf file stylesheet buffer overflow attempt (file-multimedia.rules)
 * 1:15157 <-> ENABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player XSPF memory corruption attempt (file-multimedia.rules)
 * 1:15164 <-> ENABLED <-> BROWSER-FIREFOX Mozilla Products SVG Layout Engine Index Parameter memory corruption attempt (browser-firefox.rules)
 * 1:15165 <-> ENABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:15185 <-> DISABLED <-> APP-DETECT Nintendo Wii SSL Server Hello (app-detect.rules)
 * 1:152 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Connection (malware-backdoor.rules)
 * 1:15472 <-> DISABLED <-> FILE-MULTIMEDIA Multiple MP3 player PLS buffer overflow attempt (file-multimedia.rules)
 * 1:15473 <-> DISABLED <-> FILE-MULTIMEDIA Multiple media players M3U playlist file handling buffer overflow attempt (file-multimedia.rules)
 * 1:15523 <-> ENABLED <-> NETBIOS Microsoft Windows srvsvc NetrShareEnum netname overflow attempt (netbios.rules)
 * 1:15693 <-> ENABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table overflow attempt (file-other.rules)
 * 1:15694 <-> ENABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table integer overflow attempt (file-other.rules)
 * 1:15695 <-> DISABLED <-> FILE-OTHER Microsoft Windows Embedded Open Type Font malformed name table platform type 3 integer overflow attempt (file-other.rules)
 * 1:157 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Client FTP Open Request (malware-backdoor.rules)
 * 1:158 <-> DISABLED <-> MALWARE-BACKDOOR BackConstruction 2.1 Server FTP Open Reply (malware-backdoor.rules)
 * 1:15866 <-> DISABLED <-> FILE-OTHER libxml2 file processing long entity overflow attempt (file-other.rules)
 * 1:15871 <-> ENABLED <-> FILE-MULTIMEDIA FFmpeg 4xm processing memory corruption attempt (file-multimedia.rules)
 * 1:15946 <-> DISABLED <-> FILE-OTHER Microsoft Windows Vista Feed Headlines Gagdet code execution attempt (file-other.rules)
 * 1:15965 <-> DISABLED <-> NETBIOS Microsoft Explorer long share name buffer overflow attempt (netbios.rules)
 * 1:15999 <-> ENABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules)
 * 1:16005 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers JavaScript argument passing code execution attempt (browser-firefox.rules)
 * 1:16009 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products overflow event handling memory corruption attempt (browser-firefox.rules)
 * 1:16016 <-> DISABLED <-> NETBIOS Microsoft client for netware overflow attempt (netbios.rules)
 * 1:16027 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp midi file header overflow attempt (file-multimedia.rules)
 * 1:16036 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products QueryInterface method memory corruption attempt (browser-firefox.rules)
 * 1:16037 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products graphics and XML features integer overflows attempt (browser-firefox.rules)
 * 1:16038 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird WYSIWYG engine filtering IFRAME JavaScript execution attempt (browser-firefox.rules)
 * 1:16042 <-> DISABLED <-> BROWSER-FIREFOX Mozilla browsers CSS moz-binding cross domain scripting attempt (browser-firefox.rules)
 * 1:16054 <-> DISABLED <-> FILE-IMAGE Apple QuickTime bitmap multiple header overflow (file-image.rules)
 * 1:16062 <-> DISABLED <-> FILE-OTHER ACD Systems ACDSee Products XPM values section buffer overflow attempt (file-other.rules)
 * 1:16066 <-> DISABLED <-> NETBIOS Microsoft Windows Server driver crafted SMB data denial of service (netbios.rules)
 * 1:16093 <-> DISABLED <-> MALWARE-CNC bugsprey runtime detection - initial connection (malware-cnc.rules)
 * 1:16094 <-> DISABLED <-> MALWARE-CNC Trojan exchan.gen variant runtime detection (malware-cnc.rules)
 * 1:16095 <-> DISABLED <-> MALWARE-CNC td.exe runtime detection - getfile (malware-cnc.rules)
 * 1:16096 <-> DISABLED <-> MALWARE-CNC td.exe runtime detection - download (malware-cnc.rules)
 * 1:16097 <-> DISABLED <-> MALWARE-CNC Trojan win32.agent.vvm runtime detection (malware-cnc.rules)
 * 1:16098 <-> DISABLED <-> MALWARE-CNC win32.cekar variant runtime detection (malware-cnc.rules)
 * 1:16099 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.win32.agent.wdv runtime detection (malware-cnc.rules)
 * 1:161 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Client connect (malware-backdoor.rules)
 * 1:16100 <-> DISABLED <-> MALWARE-CNC Trojan-downloader.win32.delf.phh runtime detection - file.exe (malware-cnc.rules)
 * 1:16101 <-> DISABLED <-> MALWARE-CNC Trojan-downloader.win32.delf.phh runtime detection - 57329.exe (malware-cnc.rules)
 * 1:16102 <-> DISABLED <-> MALWARE-CNC Trojan-downloader.win32.delf.phh runtime detection - sft_ver1.1454.0.exe (malware-cnc.rules)
 * 1:16103 <-> DISABLED <-> MALWARE-CNC lost door 3.0 runtime detection - init (malware-cnc.rules)
 * 1:16104 <-> DISABLED <-> MALWARE-CNC lost door 3.0 runtime detection - init (malware-cnc.rules)
 * 1:16105 <-> DISABLED <-> MALWARE-CNC Trojan.zlob runtime detection - topqualityads (malware-cnc.rules)
 * 1:16106 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro runtime detection - init (malware-cnc.rules)
 * 1:16107 <-> DISABLED <-> MALWARE-CNC synrat 2.1 pro runtime detection - init (malware-cnc.rules)
 * 1:16108 <-> DISABLED <-> MALWARE-CNC Trojan exchanger.gen2 runtime detection (malware-cnc.rules)
 * 1:16109 <-> DISABLED <-> MALWARE-CNC Trojan-downloader.win32.zlob.wwv runtime detection - onestoponlineshop (malware-cnc.rules)
 * 1:16110 <-> DISABLED <-> MALWARE-CNC Trojan-downloader.win32.zlob.wwv runtime detection - childhe (malware-cnc.rules)
 * 1:16111 <-> DISABLED <-> MALWARE-CNC Trojan-downloader.win32.zlob.wwv installtime detection (malware-cnc.rules)
 * 1:16112 <-> DISABLED <-> MALWARE-CNC Trojan.agent.vhb runtime detection - contact remote server (malware-cnc.rules)
 * 1:16113 <-> DISABLED <-> MALWARE-CNC Trojan.agent.vhb runtime detection - request login page (malware-cnc.rules)
 * 1:16124 <-> DISABLED <-> MALWARE-CNC Trojan.nsis.agent.s runtime detection (malware-cnc.rules)
 * 1:16139 <-> DISABLED <-> MALWARE-CNC Trojan.gen2 runtime detection - scanner page (malware-cnc.rules)
 * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules)
 * 1:16153 <-> DISABLED <-> FILE-IMAGE Microsoft Windows malformed WMF meta escape record memory corruption (file-image.rules)
 * 1:162 <-> DISABLED <-> MALWARE-BACKDOOR Matrix 2.0 Server access (malware-backdoor.rules)
 * 1:16242 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b runtime detection - adload (malware-cnc.rules)
 * 1:16243 <-> DISABLED <-> MALWARE-CNC downloader-ash.gen.b runtime detection - 3264.php (malware-cnc.rules)
 * 1:16268 <-> ENABLED <-> MALWARE-CNC Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16269 <-> ENABLED <-> MALWARE-CNC Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:16272 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb runtime detection - lordhack (malware-cnc.rules)
 * 1:16273 <-> DISABLED <-> MALWARE-CNC Trojan-dropper.irc.tkb runtime detection - dxcpm (malware-cnc.rules)
 * 1:16279 <-> DISABLED <-> SPYWARE-PUT rogue-software windows antivirus 2008 runtime detection - pre-sale page (spyware-put.rules)
 * 1:16280 <-> DISABLED <-> SPYWARE-PUT rogue-software windows antivirus 2008 runtime detection - registration and payment page (spyware-put.rules)
 * 1:16289 <-> ENABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16291 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Network Security Services regexp heap overflow attempt (browser-firefox.rules)
 * 1:16292 <-> DISABLED <-> BROWSER-FIREFOX Mozilla CSS value counter overflow attempt (browser-firefox.rules)
 * 1:163 <-> DISABLED <-> MALWARE-BACKDOOR WinCrash 1.0 Server Active (malware-backdoor.rules)
 * 1:16309 <-> ENABLED <-> ORACLE auth_sesskey buffer overflow attempt (oracle.rules)
 * 1:16358 <-> DISABLED <-> MALWARE-CNC bugsprey runtime detection - initial connection (malware-cnc.rules)
 * 1:16363 <-> DISABLED <-> FILE-EXECUTABLE potentially executable file upload via FTP (file-executable.rules)
 * 1:16517 <-> ENABLED <-> FILE-OTHER Free Download Manager .torrent parsing comment overflow attempt (file-other.rules)
 * 1:16518 <-> ENABLED <-> FILE-OTHER Free Download Manager .torrent parsing announce overflow attempt (file-other.rules)
 * 1:16519 <-> ENABLED <-> FILE-OTHER Free Download Manager .torrent parsing name overflow attempt (file-other.rules)
 * 1:16520 <-> ENABLED <-> FILE-OTHER Free Download Manager .torrent parsing path overflow attempt (file-other.rules)
 * 1:16543 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player codec code execution attempt (file-multimedia.rules)
 * 1:16600 <-> DISABLED <-> MALWARE-CNC Otlard Trojan activity (malware-cnc.rules)
 * 1:16664 <-> ENABLED <-> FILE-PDF Adobe Reader and Acrobat authplay.dll vulnerability exploit attempt (file-pdf.rules)
 * 1:16680 <-> DISABLED <-> APP-DETECT Tandberg VCS SSH default key (app-detect.rules)
 * 1:16684 <-> DISABLED <-> NETBIOS Samba smbd Session Setup AndX security blob length dos attempt (netbios.rules)
 * 1:16692 <-> DISABLED <-> FILE-MULTIMEDIA BlazeVideo BlazeDVD PLF playlist file name buffer overflow attempt (file-multimedia.rules)
 * 1:16734 <-> DISABLED <-> FILE-OTHER UltraISO CUE file handling stack buffer overflow attempt (file-other.rules)
 * 1:16739 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:16743 <-> DISABLED <-> FILE-OTHER Cain & Abel Remote Desktop Protocol file handling buffer overflow attempt (file-other.rules)
 * 1:16751 <-> ENABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules)
 * 1:16752 <-> ENABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player SMB module Win32AddConnection buffer overflow attempt (file-multimedia.rules)
 * 1:16804 <-> DISABLED <-> MALWARE-CNC Win32.Qakbot.E - initial load (malware-cnc.rules)
 * 1:16805 <-> DISABLED <-> MALWARE-CNC Win32.Qakbot.E config check (malware-cnc.rules)
 * 1:16806 <-> DISABLED <-> MALWARE-CNC Win32.Qakbot.E - FTP upload seclog (malware-cnc.rules)
 * 1:16807 <-> DISABLED <-> MALWARE-CNC Win32.Qakbot.E - FTP Upload ps_dump (malware-cnc.rules)
 * 1:16808 <-> DISABLED <-> MALWARE-CNC Win32.Qakbot.E - register client (malware-cnc.rules)
 * 1:17056 <-> DISABLED <-> NETBIOS Novell NetIdentity Agent XTIERRPCPIPE remote code execution attempt (netbios.rules)
 * 1:17057 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules)
 * 1:17110 <-> DISABLED <-> APP-DETECT VxWorks remote debugging agent login attempt (app-detect.rules)
 * 1:17120 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office Word rich text format unexpected field type memory corruption attempt 1 (file-multimedia.rules)
 * 1:17121 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office Word rich text format unexpected field type memory corruption attempt 2 (file-multimedia.rules)
 * 1:17122 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office Word rich text format unexpected field type memory corruption attempt 3 (file-multimedia.rules)
 * 1:17123 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office Word rich text format invalid field size memory corruption attempt (file-multimedia.rules)
 * 1:17135 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules)
 * 1:17148 <-> ENABLED <-> FILE-MULTIMEDIA VideoLAN VLC renamed zip file handling code execution attempt - 1 (file-multimedia.rules)
 * 1:17152 <-> DISABLED <-> NETBIOS Samba smbd flags2 header parsing denial of service attempt (netbios.rules)
 * 1:17166 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple products JavaScript string replace buffer overflow attempt (browser-firefox.rules)
 * 1:17210 <-> DISABLED <-> FILE-EXECUTABLE Portable Executable binary file transfer over SMB (file-executable.rules)
 * 1:17238 <-> ENABLED <-> FILE-OTHER ACD Systems ACDSee Products XBM file handling buffer overflow attempt (file-other.rules)
 * 1:17272 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer AVI parsing buffer overflow attempt (file-multimedia.rules)
 * 1:17276 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17277 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17278 <-> DISABLED <-> FILE-OTHER Multiple vendor Antivirus magic byte detection evasion attempt (file-other.rules)
 * 1:17305 <-> ENABLED <-> SPECIFIC-THREATS ClamAV libclamav PE file handling integer overflow attempt (specific-threats.rules)
 * 1:17330 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GRE WMF Handling Memory Read Exception attempt (file-image.rules)
 * 1:17352 <-> DISABLED <-> FILE-OTHER ClamAV CHM File Handling Integer Overflow attempt (file-other.rules)
 * 1:17366 <-> ENABLED <-> FILE-OTHER Microsoft Help Workshop HPJ OPTIONS section buffer overflow attempt (file-other.rules)
 * 1:17388 <-> DISABLED <-> FILE-IMAGE OpenOffice EMF file EMR record parsing integer overflow attempt (file-image.rules)
 * 1:17403 <-> ENABLED <-> FILE-MULTIMEDIA OpenOffice RTF File parsing heap buffer overflow attempt (file-multimedia.rules)
 * 1:17409 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products IDN Spoofing Vulnerability Attempt (browser-firefox.rules)
 * 1:17482 <-> DISABLED <-> BROWSER-FIREFOX Mozilla NNTP URL Handling Buffer Overflow attempt (browser-firefox.rules)
 * 1:17548 <-> ENABLED <-> FILE-MULTIMEDIA Apple QuickTime SMIL File Handling Integer Overflow attempt (file-multimedia.rules)
 * 1:17630 <-> ENABLED <-> BROWSER-FIREFOX Mozilla multiple products CSSValue array memory corruption attempt (browser-firefox.rules)
 * 1:17678 <-> DISABLED <-> FILE-IMAGE Adobe BMP image handler buffer overflow attempt (file-image.rules)
 * 1:17743 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office Word RTF parsing memory corruption (file-multimedia.rules)
 * 1:17752 <-> ENABLED <-> FILE-OTHER OpenType Font file parsing denial of service attempt (file-other.rules)
 * 1:17773 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player Firefox plugin memory corruption attempt (file-multimedia.rules)
 * 1:17803 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk memory corruption attempt (file-other.rules)
 * 1:17806 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules)
 * 1:17807 <-> ENABLED <-> FILE-OTHER Adobe Shockwave Director rcsL chunk remote code execution attempt (file-other.rules)
 * 1:18186 <-> ENABLED <-> BROWSER-FIREFOX Mozilla products -moz-grid and -moz-grid-group display styles code execution attempt (browser-firefox.rules)
 * 1:18219 <-> DISABLED <-> FILE-OTHER Microsoft Windows ATMFD font driver remote code execution attempt (file-other.rules)
 * 1:18229 <-> ENABLED <-> FILE-IMAGE Microsoft FlashPix tile length overflow attempt (file-image.rules)
 * 1:18237 <-> ENABLED <-> FILE-IMAGE Microsoft Windows Flashpix graphics filter fpx32.flt remote code execution attempt (file-image.rules)
 * 1:18250 <-> ENABLED <-> BROWSER-FIREFOX Mozilla products EscapeAttributeValue integer overflow attempt (browser-firefox.rules)
 * 1:18275 <-> DISABLED <-> FILE-IDENTIFY HyperText Markup Language file download request (file-identify.rules)
 * 1:18286 <-> ENABLED <-> BROWSER-FIREFOX Mozilla products element style change memory corruption code execution attempt (browser-firefox.rules)
 * 1:18296 <-> ENABLED <-> BROWSER-FIREFOX Mozilla products frame comment objects manipulation memory corruption attempt (browser-firefox.rules)
 * 1:1843 <-> DISABLED <-> MALWARE-BACKDOOR trinity connection attempt (malware-backdoor.rules)
 * 1:18483 <-> ENABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules)
 * 1:18484 <-> ENABLED <-> FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt (file-multimedia.rules)
 * 1:185 <-> DISABLED <-> MALWARE-BACKDOOR CDK (malware-backdoor.rules)
 * 1:18510 <-> ENABLED <-> FILE-IMAGE Apple QuickTime FlashPix Movie file integer overflow attempt (file-image.rules)
 * 1:1853 <-> DISABLED <-> MALWARE-BACKDOOR win-trin00 connection attempt (malware-backdoor.rules)
 * 1:18537 <-> ENABLED <-> FILE-OTHER OpenOffice.org XPM file processing integer overflow attempt (file-other.rules)
 * 1:18561 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT file overread buffer overflow attempt (file-image.rules)
 * 1:18583 <-> DISABLED <-> FILE-IMAGE Microsoft Windows wmf integer overflow attempt (file-image.rules)
 * 1:18589 <-> DISABLED <-> NETBIOS Novell Client NetIdentity Agent remote arbitrary pointer dereference code execution attempt (netbios.rules)
 * 1:18608 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules)
 * 1:18609 <-> DISABLED <-> APP-DETECT Dropbox desktop software in use (app-detect.rules)
 * 1:18618 <-> DISABLED <-> MALWARE-CNC Win32.Scar.dpvy/Parkchicers.A/Delf checkin (malware-cnc.rules)
 * 1:18645 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules)
 * 1:18680 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed pfragments field (file-multimedia.rules)
 * 1:18685 <-> DISABLED <-> FILE-MULTIMEDIA RTF file with embedded OLE object (file-multimedia.rules)
 * 1:18700 <-> DISABLED <-> MALWARE-CNC Win32.BHO.argt checkin (malware-cnc.rules)
 * 1:18702 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed pfragments field (file-multimedia.rules)
 * 1:18703 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed pfragments field (file-multimedia.rules)
 * 1:18704 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed second pfragments field (file-multimedia.rules)
 * 1:18705 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed second pfragments field (file-multimedia.rules)
 * 1:18706 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed second pfragments field (file-multimedia.rules)
 * 1:18762 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI /blog.updata?v= - Win32-Agent-GRW (malware-cnc.rules)
 * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules)
 * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules)
 * 1:18782 <-> DISABLED <-> MALWARE-CNC URI Request for known malicious URI - Chinese Rootkit.Win32.Fisp.a (malware-cnc.rules)
 * 1:18809 <-> DISABLED <-> BROWSER-FIREFOX Mozilla EnsureCachedAttrPraramArrays integer overflow attempt (browser-firefox.rules)
 * 1:18900 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (W32.Swizzor -- malware-cnc.rules)
 * 1:18928 <-> DISABLED <-> FILE-MULTIMEDIA Apple QuickTime streaming debug error logging buffer overflow attempt (file-multimedia.rules)
 * 1:18942 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacProtector (malware-cnc.rules)
 * 1:18943 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - MacDefender (malware-cnc.rules)
 * 1:18984 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - Win32/Trojanclicker (malware-cnc.rules)
 * 1:19023 <-> DISABLED <-> MALWARE-CNC IRC.Zapchast.zwrc outbound connection (malware-cnc.rules)
 * 1:19055 <-> ENABLED <-> MALWARE-CNC Win32.Gosik.A registration (malware-cnc.rules)
 * 1:19063 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker string size overflow attempt (file-multimedia.rules)
 * 1:19169 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer vidplin.dll avi header parsing execution attempt (file-multimedia.rules)
 * 1:19312 <-> DISABLED <-> MALWARE-CNC Trojan Win32.Agent.aah outbound connection (malware-cnc.rules)
 * 1:19320 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules)
 * 1:19321 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Products nsCSSValue Array Index Integer Overflow (browser-firefox.rules)
 * 1:19326 <-> DISABLED <-> SPYWARE-PUT Classroom Spy Professional runtime detection - initial connection (spyware-put.rules)
 * 1:19327 <-> DISABLED <-> SPYWARE-PUT Classroom Spy Professional runtime detection - initial connection (spyware-put.rules)
 * 1:19415 <-> DISABLED <-> MALWARE-CNC vsFTPd 2.3.4 backdoor connection (malware-cnc.rules)
 * 1:19431 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules)
 * 1:19432 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI Timestamp buffer overflow attempt (file-multimedia.rules)
 * 1:195 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response (malware-backdoor.rules)
 * 1:19560 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes PLS file parsing buffer overflow attempt (file-multimedia.rules)
 * 1:19621 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Soft Components AdjMmsEng.dll PLS file processing buffer overflow attempt (file-multimedia.rules)
 * 1:1980 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection (malware-backdoor.rules)
 * 1:1981 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 3150 (malware-backdoor.rules)
 * 1:1982 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 3150 (malware-backdoor.rules)
 * 1:1983 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Connection attempt on port 4120 (malware-backdoor.rules)
 * 1:1984 <-> DISABLED <-> MALWARE-BACKDOOR DeepThroat 3.1 Server Response on port 4120 (malware-backdoor.rules)
 * 1:1985 <-> DISABLED <-> MALWARE-BACKDOOR Doly 1.5 server response (malware-backdoor.rules)
 * 1:19883 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC Media Player libdirectx_plugin.dll AMV parsing buffer overflow attempt (file-multimedia.rules)
 * 1:19908 <-> DISABLED <-> FILE-IMAGE Apple QuickTime PICT Image PnSize Opcode Stack Buffer Overflow attempt (file-image.rules)
 * 1:19911 <-> ENABLED <-> FILE-OTHER Microsoft SYmbolic LinK stack overflow attempt (file-other.rules)
 * 1:19927 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19928 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19929 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19930 <-> DISABLED <-> MALWARE-BACKDOOR BRX Rat 0.02 inbound connection (malware-backdoor.rules)
 * 1:19956 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Movie Maker project file heap buffer overflow attempt (file-multimedia.rules)
 * 1:20133 <-> DISABLED <-> FILE-OTHER Microsoft MHTML XSS attempt (file-other.rules)
 * 1:20157 <-> DISABLED <-> ORACLE Oracle GlassFish Server war file upload attempt (oracle.rules)
 * 1:20224 <-> DISABLED <-> FILE-MULTIMEDIA MPlayer SMI file buffer overflow attempt (file-multimedia.rules)
 * 1:20227 <-> DISABLED <-> FILE-MULTIMEDIA VideoLAN VLC webm memory corruption attempt (file-multimedia.rules)
 * 1:20237 <-> DISABLED <-> FILE-MULTIMEDIA MultiMedia Jukebox playlist file handling heap overflow attempt (file-multimedia.rules)
 * 1:20288 <-> ENABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer QCP parsing buffer overflow attempt (file-multimedia.rules)
 * 1:20443 <-> DISABLED <-> APP-DETECT Apple OSX Remote Mouse usage (app-detect.rules)
 * 1:20553 <-> DISABLED <-> FILE-MULTIMEDIA Un4seen Developments XMPlay crafted ASX file buffer overflow attempt (file-multimedia.rules)
 * 1:20558 <-> ENABLED <-> EXPLOIT-KIT URI request for known malicious URI /stat2.php (exploit-kit.rules)
 * 1:20559 <-> DISABLED <-> FILE-MULTIMEDIA Nullsoft Winamp MIDI file buffer overflow attempt (file-multimedia.rules)
 * 1:20565 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules)
 * 1:20566 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp AMF file buffer overflow attempt (file-other.rules)
 * 1:20572 <-> DISABLED <-> FILE-OTHER Microsoft Windows Font Library file buffer overflow attempt (file-other.rules)
 * 1:20583 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple location headers malicious redirect attempt (browser-firefox.rules)
 * 1:20584 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-type headers malicious redirect attempt (browser-firefox.rules)
 * 1:20585 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-length headers malicious redirect attempt (browser-firefox.rules)
 * 1:20586 <-> DISABLED <-> BROWSER-FIREFOX Mozilla multiple content-disposition headers malicious redirect attempt (browser-firefox.rules)
 * 1:20666 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules)
 * 1:20667 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Thunderbird / SeaMonkey Content-Type header buffer overflow attempt (browser-firefox.rules)
 * 1:20668 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - /content/v1.jar (exploit-kit.rules)
 * 1:20669 <-> DISABLED <-> EXPLOIT-KIT URI request for known malicious URI - w.php?f= (exploit-kit.rules)
 * 1:20673 <-> DISABLED <-> FILE-MULTIMEDIA invalid VLC media player SMB URI download attempt (file-multimedia.rules)
 * 1:20729 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL object valueOf code execution attempt (browser-firefox.rules)
 * 1:20730 <-> DISABLED <-> BROWSER-FIREFOX Mozilla XBL.method.eval call (browser-firefox.rules)
 * 1:20734 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Player digital video recording buffer overflow attempt (file-multimedia.rules)
 * 1:20739 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Object.watch parent access attempt (browser-firefox.rules)
 * 1:20742 <-> DISABLED <-> BROWSER-FIREFOX Mozilla PLUGINSPAGE javascript execution attempt (browser-firefox.rules)
 * 1:208 <-> DISABLED <-> MALWARE-BACKDOOR PhaseZero Server Active on Network (malware-backdoor.rules)
 * 1:20814 <-> DISABLED <-> BROWSER-FIREFOX Mozilla favicon href javascript execution attempt (browser-firefox.rules)
 * 1:20842 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20843 <-> DISABLED <-> FILE-OTHER Interactive Data eSignal stack buffer overflow attempt (file-other.rules)
 * 1:20853 <-> DISABLED <-> FILE-OTHER DAZ Studio dangerous scripting method attempt (file-other.rules)
 * 1:20861 <-> DISABLED <-> FILE-OTHER Autodesk Maya dangerous scripting method attempt (file-other.rules)
 * 1:20870 <-> DISABLED <-> FILE-OTHER Autodesk 3D Studio Maxscript dangerous scripting method attempt (file-other.rules)
 * 1:20889 <-> ENABLED <-> FILE-OTHER Video Spirit visprj buffer overflow (file-other.rules)
 * 1:209 <-> DISABLED <-> MALWARE-BACKDOOR w00w00 attempt (malware-backdoor.rules)
 * 1:210 <-> DISABLED <-> MALWARE-BACKDOOR attempt (malware-backdoor.rules)
 * 1:2100 <-> DISABLED <-> MALWARE-BACKDOOR SubSeven 2.1 Gold server connection response (malware-backdoor.rules)
 * 1:21019 <-> DISABLED <-> FILE-OTHER Cytel Studio string stack overflow attempt (file-other.rules)
 * 1:21020 <-> DISABLED <-> FILE-OTHER Cytel Studio row overflow attempt (file-other.rules)
 * 1:21021 <-> DISABLED <-> FILE-OTHER Cytel Studio USE command overflow attempt (file-other.rules)
 * 1:21070 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit pdf exploit page request (exploit-kit.rules)
 * 1:21071 <-> ENABLED <-> EXPLOIT-KIT Eleanore exploit kit post-exploit page request (exploit-kit.rules)
 * 1:21096 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit control panel access (exploit-kit.rules)
 * 1:21097 <-> ENABLED <-> EXPLOIT-KIT Crimepack exploit kit post-exploit download request (exploit-kit.rules)
 * 1:211 <-> DISABLED <-> MALWARE-BACKDOOR MISC r00t attempt (malware-backdoor.rules)
 * 1:21107 <-> DISABLED <-> FILE-MULTIMEDIA MJM Quickplayer s3m buffer overflow (file-multimedia.rules)
 * 1:21154 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules)
 * 1:21155 <-> DISABLED <-> BROWSER-FIREFOX Mozilla products floating point buffer overflow attempt (browser-firefox.rules)
 * 1:21171 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules)
 * 1:21172 <-> DISABLED <-> APP-DETECT Thunder p2p application activity detection (app-detect.rules)
 * 1:21190 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules)
 * 1:21191 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products MozOrientation loading attempt (browser-firefox.rules)
 * 1:212 <-> DISABLED <-> MALWARE-BACKDOOR MISC rewt attempt (malware-backdoor.rules)
 * 1:2124 <-> DISABLED <-> MALWARE-BACKDOOR Remote PC Access connection attempt (malware-backdoor.rules)
 * 1:21281 <-> DISABLED <-> NETBIOS Microsoft Windows ATMFD font driver malicious font file remote code execution attempt (netbios.rules)
 * 1:213 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt (malware-backdoor.rules)
 * 1:21332 <-> DISABLED <-> APP-DETECT Synergy network kvm usage detected (app-detect.rules)
 * 1:214 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt lrkr0x (malware-backdoor.rules)
 * 1:21423 <-> DISABLED <-> FILE-OFFICE Microsoft Office Publisher Opltc memory corruption attempt (file-office.rules)
 * 1:21439 <-> DISABLED <-> FILE-IMAGE Microsoft Windows GDI+ arbitrary code execution attempt (file-image.rules)
 * 1:21446 <-> DISABLED <-> WEB-ACTIVEX FileSystemObject clsid access (web-activex.rules)
 * 1:21447 <-> ENABLED <-> WEB-ACTIVEX FileSystemObject function call (web-activex.rules)
 * 1:21459 <-> ENABLED <-> MALWARE-TOOLS Havij advanced SQL injection tool user-agent string (malware-tools.rules)
 * 1:215 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit attempt (malware-backdoor.rules)
 * 1:21524 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows object packager dialogue code execution attempt (file-multimedia.rules)
 * 1:21555 <-> ENABLED <-> MALWARE-OTHER Horde javascript.php href backdoor (malware-other.rules)
 * 1:21587 <-> DISABLED <-> FILE-OTHER VisiWave VWR file parsing code execution attempt (file-other.rules)
 * 1:216 <-> DISABLED <-> MALWARE-BACKDOOR MISC Linux rootkit satori attempt (malware-backdoor.rules)
 * 1:21641 <-> DISABLED <-> MALWARE-OTHER Possible banking trojan with known banking strings (malware-other.rules)
 * 1:21642 <-> DISABLED <-> MALWARE-OTHER Possible malicious jar file download page (malware-other.rules)
 * 1:21689 <-> DISABLED <-> FILE-IDENTIFY Hypertext Markup Language file attachment detected (file-identify.rules)
 * 1:21690 <-> DISABLED <-> FILE-IDENTIFY Hypertext Markup Language file attachment detected (file-identify.rules)
 * 1:217 <-> DISABLED <-> MALWARE-BACKDOOR MISC sm4ck attempt (malware-backdoor.rules)
 * 1:21766 <-> ENABLED <-> FILE-IMAGE Apple QuickDraw PICT images ARGB records handling memory corruption attempt (file-image.rules)
 * 1:218 <-> DISABLED <-> MALWARE-BACKDOOR MISC Solaris 2.5 attempt (malware-backdoor.rules)
 * 1:21805 <-> DISABLED <-> FILE-MULTIMEDIA HT-MP3Player file parsing boundary buffer overflow attempt (file-multimedia.rules)
 * 1:21853 <-> DISABLED <-> APP-DETECT ptunnel icmp proxy (app-detect.rules)
 * 1:219 <-> DISABLED <-> MALWARE-BACKDOOR HidePak backdoor attempt (malware-backdoor.rules)
 * 1:21902 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-multimedia.rules)
 * 1:21903 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-multimedia.rules)
 * 1:21904 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-multimedia.rules)
 * 1:21905 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-multimedia.rules)
 * 1:21906 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-multimedia.rules)
 * 1:21907 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Office rtf document generic exploit indicator (file-multimedia.rules)
 * 1:21937 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-multimedia.rules)
 * 1:21938 <-> ENABLED <-> TELNET RuggedCom default backdoor login attempt (telnet.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win32.Litmpuca.A Runtime Detection (malware-cnc.rules)
 * 1:21953 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:21954 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products HTML href shell attempt (browser-firefox.rules)
 * 1:21985 <-> ENABLED <-> FILE-IMAGE libpng png_inflate buffer overflow attempt (file-image.rules)
 * 1:21986 <-> ENABLED <-> FILE-IMAGE libpng png_inflate buffer overflow attempt (file-image.rules)
 * 1:21987 <-> ENABLED <-> FILE-IMAGE libpng png_inflate buffer overflow attempt (file-image.rules)
 * 1:220 <-> DISABLED <-> MALWARE-BACKDOOR HideSource backdoor attempt (malware-backdoor.rules)
 * 1:22088 <-> ENABLED <-> EXPLOIT-KIT Blackhole Exploit Kit javascript service method (exploit-kit.rules)
 * 1:22101 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed pfragments field (file-multimedia.rules)
 * 1:22102 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office RTF malformed pfragments field (file-multimedia.rules)
 * 1:22104 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22105 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22106 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22107 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22108 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:22109 <-> ENABLED <-> FILE-IMAGE libpng chunk decompression integer overflow attempt (file-image.rules)
 * 1:2271 <-> DISABLED <-> MALWARE-BACKDOOR FsSniffer connection attempt (malware-backdoor.rules)
 * 1:23100 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:23101 <-> DISABLED <-> FILE-OTHER Cisco WebEx recording integer overflow attempt (file-other.rules)
 * 1:23106 <-> ENABLED <-> EXPLOIT-KIT SET java applet load attempt (exploit-kit.rules)
 * 1:23110 <-> DISABLED <-> FILE-IMAGE Microsoft Windows graphics rendering engine buffer overflow attempt (file-image.rules)
 * 1:23271 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules)
 * 1:23272 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules)
 * 1:23305 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows common controls MSCOMCTL.OCX buffer overflow attempt (file-multimedia.rules)
 * 1:23314 <-> DISABLED <-> NETBIOS SMB invalid character argument injection attempt (netbios.rules)
 * 1:23350 <-> DISABLED <-> MALWARE-OTHER potential clickjacking via css pointer-events attempt (malware-other.rules)
 * 1:23484 <-> DISABLED <-> INDICATOR-COMPROMISE Wordpress Invit0r plugin non-image file upload attempt (indicator-compromise.rules)
 * 1:23499 <-> DISABLED <-> FILE-OTHER Microsoft Windows CUR file parsing overflow attempt (file-other.rules)
 * 1:23511 <-> ENABLED <-> FILE-PDF Adobe Reader and Acrobat authplay.dll vulnerability exploit attempt (file-pdf.rules)
 * 1:23567 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Windows AVI Header insufficient data corruption attempt (file-multimedia.rules)
 * 1:23587 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules)
 * 1:23588 <-> DISABLED <-> FILE-MULTIMEDIA Apple iTunes Extended M3U playlist record overflow attempt (file-multimedia.rules)
 * 1:23616 <-> DISABLED <-> APP-DETECT Amazon Kindle 3.0 User-Agent string requested (app-detect.rules)
 * 1:23617 <-> DISABLED <-> APP-DETECT Amazon Kindle chrome-scriptable-plugin attempt (app-detect.rules)
 * 1:23669 <-> DISABLED <-> FILE-IDENTIFY SIP log file magic detected (file-identify.rules)
 * 1:2375 <-> DISABLED <-> MALWARE-CNC DoomJuice/mydoom.a backdoor upload/execute (malware-cnc.rules)
 * 1:23789 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules)
 * 1:23790 <-> DISABLED <-> BROWSER-FIREFOX Mozilla Multiple Products table frames memory corruption attempt (browser-firefox.rules)
 * 1:23844 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code execution attempt (file-multimedia.rules)
 * 1:23845 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code execution attempt (file-multimedia.rules)
 * 1:23943 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Visual Basic 6.0 malformed AVI buffer overflow attempt (file-multimedia.rules)
 * 1:23978 <-> ENABLED <-> MALWARE-CNC Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:24006 <-> DISABLED <-> FILE-MULTIMEDIA Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code execution attempt (file-multimedia.rules)
 * 1:24010 <-> DISABLED <-> MALWARE-CNC runtime Trojan.Radil outbound connection (malware-cnc.rules)
 * 1:24015 <-> ENABLED <-> MALWARE-CNC W32.Trojan.Magania variant connect to cnc-server (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC W32.Trojan.Hufysk variant connect to cnc-server (malware-cnc.rules)
 * 1:2550 <-> DISABLED <-> FILE-OTHER Nullsoft Winamp XM file buffer overflow attempt (file-other.rules)
 * 1:3009 <-> DISABLED <-> MALWARE-BACKDOOR NetBus Pro 2.0 connection request (malware-backdoor.rules)
 * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules)
 * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules)
 * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules)
 * 1:3013 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection request (malware-cnc.rules)
 * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection established (malware-cnc.rules)
 * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection established (malware-cnc.rules)
 * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection established port 63536 (malware-cnc.rules)
 * 1:3063 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection request (malware-backdoor.rules)
 * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules)
 * 1:3079 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows ANI file parsing overflow (file-multimedia.rules)
 * 1:3081 <-> DISABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect (malware-backdoor.rules)
 * 1:3082 <-> DISABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connect Client Response (malware-backdoor.rules)
 * 1:3083 <-> ENABLED <-> MALWARE-BACKDOOR Y3KRAT 1.5 Connection confirmation (malware-backdoor.rules)
 * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules)
 * 1:3473 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer SMIL file overflow attempt (file-multimedia.rules)
 * 1:3628 <-> DISABLED <-> APP-DETECT Data Rescue IDA Pro startup license check attempt (app-detect.rules)
 * 1:3632 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Bitmap width integer overflow attempt (file-image.rules)
 * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules)
 * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules)
 * 1:3823 <-> DISABLED <-> FILE-MULTIMEDIA RealNetworks RealPlayer realtext file bad version buffer overflow attempt (file-multimedia.rules)
 * 1:4060 <-> DISABLED <-> APP-DETECT remote desktop protocol attempted administrator connection request (app-detect.rules)
 * 1:4643 <-> DISABLED <-> FILE-OTHER Microsoft Windows malformed shortcut file buffer overflow attempt (file-other.rules)
 * 1:493 <-> DISABLED <-> APP-DETECT psyBNC access (app-detect.rules)
 * 1:560 <-> DISABLED <-> APP-DETECT VNC server response (app-detect.rules)
 * 1:566 <-> DISABLED <-> APP-DETECT PCAnywhere server response (app-detect.rules)
 * 1:5711 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player zero length bitmap heap overflow attempt (file-image.rules)
 * 1:5712 <-> DISABLED <-> FILE-IMAGE Microsoft Windows Media Player invalid data offset bitmap heap overflow attempt (file-image.rules)
 * 1:5741 <-> DISABLED <-> FILE-OTHER Microsoft HTML help workshop buffer overflow attempt (file-other.rules)
 * 1:5797 <-> DISABLED <-> APP-DETECT Kontiki runtime detection (app-detect.rules)
 * 1:6012 <-> DISABLED <-> MALWARE-BACKDOOR coolcat runtime connection detection - tcp 1 (malware-backdoor.rules)
 * 1:6013 <-> DISABLED <-> MALWARE-BACKDOOR coolcat runtime connection detection - tcp 2 (malware-backdoor.rules)
 * 1:6014 <-> DISABLED <-> MALWARE-BACKDOOR coolcat runtime connection detection - tcp 3 (malware-backdoor.rules)
 * 1:6015 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules)
 * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 runtime detection - icq notification (malware-cnc.rules)
 * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 runtime detection - cgi notification (malware-cnc.rules)
 * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 runtime detection - php notification (malware-cnc.rules)
 * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules)
 * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules)
 * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 runtime detection - icq notification (malware-cnc.rules)
 * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules)
 * 1:6025 <-> DISABLED <-> MALWARE-BACKDOOR tequila bandita 1.2 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules)
 * 1:6027 <-> DISABLED <-> MALWARE-BACKDOOR netshadow runtime detection (malware-backdoor.rules)
 * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules)
 * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 runtime detection - icq notification (malware-cnc.rules)
 * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules)
 * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 runtime detection - notification (malware-cnc.rules)
 * 1:6040 <-> DISABLED <-> MALWARE-BACKDOOR fade 1.0 runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:6041 <-> DISABLED <-> MALWARE-BACKDOOR fade 1.0 runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 runtime detection - php notification (malware-cnc.rules)
 * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 runtime detection - cgi notification (malware-cnc.rules)
 * 1:6044 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6045 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6047 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules)
 * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules)
 * 1:6049 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules)
 * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules)
 * 1:6051 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules)
 * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules)
 * 1:6053 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules)
 * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules)
 * 1:6055 <-> DISABLED <-> MALWARE-BACKDOOR bifrose 1.1 runtime detection (malware-backdoor.rules)
 * 1:6056 <-> DISABLED <-> MALWARE-BACKDOOR bifrose 1.1 runtime detection (malware-backdoor.rules)
 * 1:6057 <-> DISABLED <-> MALWARE-BACKDOOR bifrose 1.1 runtime detection (malware-backdoor.rules)
 * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 runtime detection - icq notification (malware-cnc.rules)
 * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 runtime detection - cgi notification (malware-cnc.rules)
 * 1:6060 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6061 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6063 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules)
 * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules)
 * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules)
 * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 runtime detection - icq notification (malware-cnc.rules)
 * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules)
 * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 runtime detection - icq notification (malware-cnc.rules)
 * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6074 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server (malware-backdoor.rules)
 * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules)
 * 1:6077 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules)
 * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules)
 * 1:6079 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules)
 * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules)
 * 1:6081 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules)
 * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules)
 * 1:6083 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules)
 * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules)
 * 1:6085 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules)
 * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules)
 * 1:6087 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules)
 * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:6089 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules)
 * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules)
 * 1:6091 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules)
 * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules)
 * 1:6093 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules)
 * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules)
 * 1:6095 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection (malware-backdoor.rules)
 * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:6097 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules)
 * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules)
 * 1:6099 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules)
 * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules)
 * 1:6101 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules)
 * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules)
 * 1:6103 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules)
 * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules)
 * 1:6105 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection (malware-backdoor.rules)
 * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules)
 * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules)
 * 1:6108 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules)
 * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules)
 * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules)
 * 1:6111 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules)
 * 1:6112 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules)
 * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules)
 * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules)
 * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 runtime detection - icq notification (malware-cnc.rules)
 * 1:6116 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules)
 * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules)
 * 1:6118 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection client-to-server (malware-backdoor.rules)
 * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6120 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file client-to-server (malware-backdoor.rules)
 * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules)
 * 1:6122 <-> DISABLED <-> MALWARE-BACKDOOR millenium v1.0 runtime detection (malware-backdoor.rules)
 * 1:6123 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping client-to-server (malware-backdoor.rules)
 * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules)
 * 1:6125 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules)
 * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules)
 * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules)
 * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules)
 * 1:6129 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection (malware-backdoor.rules)
 * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules)
 * 1:6131 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection (malware-backdoor.rules)
 * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules)
 * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules)
 * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules)
 * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules)
 * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules)
 * 1:614 <-> DISABLED <-> MALWARE-BACKDOOR hack-a-tack attempt (malware-backdoor.rules)
 * 1:6141 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - init conn (malware-backdoor.rules)
 * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules)
 * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules)
 * 1:6144 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 1 (malware-backdoor.rules)
 * 1:6145 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option server-to-client (malware-backdoor.rules)
 * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules)
 * 1:6147 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address client-to-server (malware-backdoor.rules)
 * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules)
 * 1:6149 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules)
 * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules)
 * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules)
 * 1:6152 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir client-to-server (malware-backdoor.rules)
 * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules)
 * 1:6154 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info client-to-server (malware-backdoor.rules)
 * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules)
 * 1:6156 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view client-to-server (malware-backdoor.rules)
 * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules)
 * 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules)
 * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules)
 * 1:6164 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules)
 * 1:6167 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper client-to-server (malware-backdoor.rules)
 * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules)
 * 1:6169 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules)
 * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules)
 * 1:6171 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection (malware-backdoor.rules)
 * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules)
 * 1:6173 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection (malware-backdoor.rules)
 * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules)
 * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules)
 * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules)
 * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules)
 * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules)
 * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules)
 * 1:6180 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules)
 * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules)
 * 1:6285 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection - set flowbit (malware-backdoor.rules)
 * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules)
 * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules)
 * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules)
 * 1:6289 <-> DISABLED <-> MALWARE-BACKDOOR netspy runtime detection - command pattern client-to-server (malware-backdoor.rules)
 * 1:6290 <-> DISABLED <-> MALWARE-BACKDOOR netspy runtime detection - command pattern server-to-client (malware-backdoor.rules)
 * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 runtime detection (malware-cnc.rules)
 * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6293 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit (malware-backdoor.rules)
 * 1:6294 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit (malware-backdoor.rules)
 * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules)
 * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 runtime detection - icq notification 1 (malware-cnc.rules)
 * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 runtime detection - icq notification 2 (malware-cnc.rules)
 * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 runtime detection - icq notification (malware-cnc.rules)
 * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules)
 * 1:6302 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection - set flowbit (malware-backdoor.rules)
 * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules)
 * 1:6304 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection - set flowbit (malware-backdoor.rules)
 * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules)
 * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules)
 * 1:6307 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection - set flowbit (malware-backdoor.rules)
 * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules)
 * 1:6309 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password request (malware-backdoor.rules)
 * 1:6310 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password send (malware-backdoor.rules)
 * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules)
 * 1:6312 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message send (malware-backdoor.rules)
 * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules)
 * 1:6314 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser request (malware-backdoor.rules)
 * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules)
 * 1:6316 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager request (malware-backdoor.rules)
 * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules)
 * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules)
 * 1:6319 <-> DISABLED <-> MALWARE-BACKDOOR evilftp runtime detection - init connection (malware-backdoor.rules)
 * 1:6320 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive (malware-backdoor.rules)
 * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules)
 * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules)
 * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6326 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules)
 * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules)
 * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules)
 * 1:6329 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat client-to-server (malware-backdoor.rules)
 * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules)
 * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 runtime detection - notification (malware-cnc.rules)
 * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules)
 * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules)
 * 1:6335 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit (malware-backdoor.rules)
 * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules)
 * 1:6337 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command - set flowbit (malware-backdoor.rules)
 * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules)
 * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules)
 * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death runtime detection - initial connection server-to-client (malware-cnc.rules)
 * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules)
 * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules)
 * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules)
 * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules)
 * 1:6400 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection client-to-server (malware-backdoor.rules)
 * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules)
 * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules)
 * 1:6472 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager client-to-server (malware-backdoor.rules)
 * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules)
 * 1:6474 <-> DISABLED <-> MALWARE-CNC W32.loosky.gen runtime detection - notification (malware-cnc.rules)
 * 1:6475 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection - flowbit set (malware-backdoor.rules)
 * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules)
 * 1:6497 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules)
 * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules)
 * 1:6505 <-> DISABLED <-> FILE-IMAGE Apple QuickTime fpx file SectNumMiniFAT overflow attempt (file-image.rules)
 * 1:7032 <-> DISABLED <-> APP-DETECT GoToMyPC startup (app-detect.rules)
 * 1:7033 <-> DISABLED <-> APP-DETECT GoToMyPC local service running (app-detect.rules)
 * 1:7034 <-> DISABLED <-> APP-DETECT GoToMyPC remote control attempt (app-detect.rules)
 * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules)
 * 1:7058 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file flowbit 1 (malware-backdoor.rules)
 * 1:7059 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log flowbit 2 (malware-backdoor.rules)
 * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules)
 * 1:7061 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download log flowbit 1 (malware-backdoor.rules)
 * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules)
 * 3:18676 <-> ENABLED <-> WEB-CLIENT Microsoft Office Excel DV record buffer overflow attempt (web-client.rules)