Sourcefire VRT Rules Update

Date: 2008-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version CURRENT.

The format of the file is:

sid - Message (rule group)

New rules:
14615 <-> EXPLOIT Sun Java web console format string attempt (exploit.rules)
14616 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
14617 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules)
14618 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat object call overflow attempt (netbios.rules)
14619 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat object call overflow attempt (netbios.rules)
14620 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian object call overflow attempt (netbios.rules)
14621 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat little endian object call overflow attempt (netbios.rules)
14622 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
14623 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
14624 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules)
14625 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian object call overflow attempt (netbios.rules)
14626 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal object call overflow attempt (netbios.rules)
14627 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal object call overflow attempt (netbios.rules)

Updated rules:
 103 <-> DELETED BACKDOOR subseven 22 (deleted.rules)
 107 <-> DELETED BACKDOOR subseven DEFCON8 2.1 acces s (deleted.rules)
 503 <-> DELETED MISC Source Port 20 to <1024 (deleted.rules)
 504 <-> DELETED MISC source port 53 to <1024 (deleted.rules)
1991 <-> CHAT MSN login attempt (chat.rules)
2523 <-> DOS BGP spoofed connection reset attempt (dos.rules)
3554 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian alter context attempt (netbios.rules)
3555 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian alter context attempt (netbios.rules)
3556 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm alter context attempt (netbios.rules)
3557 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm alter context attempt (netbios.rules)
3558 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm little endian bind attempt (netbios.rules)
3559 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm little endian bind attempt (netbios.rules)
3560 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm bind attempt (netbios.rules)
3561 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm bind attempt (netbios.rules)
3590 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3591 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3592 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject overflow attempt (netbios.rules)
3593 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject overflow attempt (netbios.rules)
3594 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3595 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMDeleteObject overflow attempt (netbios.rules)
3596 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject little endian overflow attempt (netbios.rules)
3597 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMDeleteObject overflow attempt (netbios.rules)
3598 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject object call overflow attempt (netbios.rules)
3599 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject object call overflow attempt (netbios.rules)
3600 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMDeleteObject little endian object call overflow attempt (netbios.rules)
3601 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMDeleteObject little endian object call overflow attempt (netbios.rules)
5742 <-> SPYWARE-PUT Keylogger activitylogger runtime detection (spyware-put.rules)
5744 <-> SPYWARE-PUT Hijacker actualnames runtime detection - online.php request (spyware-put.rules)
5749 <-> SPYWARE-PUT Trackware alexa runtime detection (spyware-put.rules)
5750 <-> SPYWARE-PUT Adware dogpile runtime detection (spyware-put.rules)
5760 <-> SPYWARE-PUT Hijacker marketscore runtime detection (spyware-put.rules)
5764 <-> SPYWARE-PUT Hijacker begin2search runtime detection - fcgi query (spyware-put.rules)
5765 <-> SPYWARE-PUT Hijacker begin2search runtime detection - ico query (spyware-put.rules)
5767 <-> SPYWARE-PUT Hijacker begin2search runtime detection - download unauthorized code (spyware-put.rules)
5773 <-> SPYWARE-PUT Adware forbes runtime detection (spyware-put.rules)
5774 <-> SPYWARE-PUT Hijacker freescratch runtime detection - get card (spyware-put.rules)
5775 <-> SPYWARE-PUT Hijacker freescratch runtime detection - scratch card (spyware-put.rules)
5776 <-> SPYWARE-PUT Trickler grokster runtime detection (spyware-put.rules)
5794 <-> SPYWARE-PUT Hijacker coolwebsearch.aboutblank variant runtime detection (spyware-put.rules)
5796 <-> SPYWARE-PUT Adware keenvalue runtime detection (spyware-put.rules)
5797 <-> POLICY kontiki runtime detection (policy.rules)
5801 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 1 (spyware-put.rules)
5802 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - track activity 2 (spyware-put.rules)
5803 <-> SPYWARE-PUT Trackware myway speedbar / mywebsearch toolbar runtime detection - collect information (spyware-put.rules)
5805 <-> SPYWARE-PUT Trackware myway speedbar runtime detection - switch engines (spyware-put.rules)
5807 <-> SPYWARE-PUT Hijacker shopathomeselect runtime detection (spyware-put.rules)
5824 <-> SPYWARE-PUT Dialer stripplayer runtime detection (spyware-put.rules)
5825 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - start tuner (spyware-put.rules)
5828 <-> SPYWARE-PUT Adware broadcasturban tuner runtime detection - connect to station (spyware-put.rules)
5829 <-> SPYWARE-PUT Trickler clipgenie runtime detection (spyware-put.rules)
5830 <-> SPYWARE-PUT Hijacker comet systems runtime detection - track activity (spyware-put.rules)
5831 <-> SPYWARE-PUT Hijacker comet systems runtime detection - update requests (spyware-put.rules)
5832 <-> SPYWARE-PUT Hijacker comet systems runtime search detection - search request 1 (spyware-put.rules)
5835 <-> SPYWARE-PUT Adware gamespy_arcade runtime detection (spyware-put.rules)
5836 <-> SPYWARE-PUT Trickler nictech.bm2 runtime detection (spyware-put.rules)
5837 <-> SPYWARE-PUT Trackware ucmore runtime detection - track activity (spyware-put.rules)
5838 <-> SPYWARE-PUT Trackware ucmore runtime detection - get sponsor/ad links (spyware-put.rules)
5841 <-> SPYWARE-PUT Trickler minibug runtime detection - retrieve weather information (spyware-put.rules)
5842 <-> SPYWARE-PUT Trickler minibug runtime detection - ads (spyware-put.rules)
5846 <-> SPYWARE-PUT Trickler VX2/DLmax/BestOffers/Aurora runtime detection (spyware-put.rules)
5852 <-> SPYWARE-PUT Adware warez_p2p runtime detection - cache.dat request (spyware-put.rules)
5853 <-> SPYWARE-PUT Adware warez_p2p runtime detection - download ads (spyware-put.rules)
5858 <-> SPYWARE-PUT Adware praizetoolbar runtime detection (spyware-put.rules)
5865 <-> SPYWARE-PUT Adware zapspot runtime detection - pop up ads (spyware-put.rules)
5866 <-> SPYWARE-PUT Hijacker couponbar runtime detection - download new coupon offers and links (spyware-put.rules)
5867 <-> SPYWARE-PUT Hijacker couponbar runtime detection - get updates to toolbar buttons (spyware-put.rules)
5871 <-> SPYWARE-PUT Trickler VX2/ABetterInternet transponder thinstaller runtime detection - post information (spyware-put.rules)
5879 <-> SPYWARE-PUT Adware trustyfiles v2.4.0.4 runtime detection - update notification (spyware-put.rules)
5881 <-> SPYWARE-PUT Keylogger spyagent runtime detect - ftp delivery (spyware-put.rules)
5889 <-> SPYWARE-PUT Hijacker shopnav runtime detection - collect information (spyware-put.rules)
5890 <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 1 (spyware-put.rules)
5891 <-> SPYWARE-PUT Hijacker shopnav runtime detection - self-update request 2 (spyware-put.rules)
5896 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - tcp port 407 (spyware-put.rules)
5897 <-> SPYWARE-PUT Hacker-Tool timbuktu pro runtime detection - udp port 407 (spyware-put.rules)
5899 <-> SPYWARE-PUT Trackware adtools-screenmate runtime detection - generate desktop alert (spyware-put.rules)
5903 <-> SPYWARE-PUT Adware download accelerator plus runtime detection - get ads (spyware-put.rules)
5910 <-> SPYWARE-PUT Trackware casalemedia runtime detection (spyware-put.rules)
5914 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - configuration download (spyware-put.rules)
5915 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - autosearch hijack (spyware-put.rules)
5916 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - sidebar search (spyware-put.rules)
5917 <-> SPYWARE-PUT Hijacker locatorstoolbar runtime detection - toolbar search (spyware-put.rules)
5918 <-> SPYWARE-PUT Hijacker painter runtime detection - ping 'alive' signal (spyware-put.rules)
5921 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - send user url request (spyware-put.rules)
5922 <-> SPYWARE-PUT Trackware fftoolbar toolbar runtime detection - display advertisement news (spyware-put.rules)
5925 <-> SPYWARE-PUT Adware active shopper runtime detection - check (spyware-put.rules)
5926 <-> SPYWARE-PUT Adware active shopper runtime detection - collect information (spyware-put.rules)
5927 <-> SPYWARE-PUT Adware cashbar runtime detection - .smx requests (spyware-put.rules)
5928 <-> SPYWARE-PUT Adware cashbar runtime detection - ads request (spyware-put.rules)
5929 <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 1 (spyware-put.rules)
5930 <-> SPYWARE-PUT Adware cashbar runtime detection - pop-up ad 2 (spyware-put.rules)
5932 <-> SPYWARE-PUT Adware cashbar runtime detection - stats track (spyware-put.rules)
5939 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - get cfg (spyware-put.rules)
5940 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - search request (spyware-put.rules)
5942 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - pass information to its controlling server (spyware-put.rules)
5943 <-> SPYWARE-PUT Trackware supreme toolbar runtime detection - third party information collection (spyware-put.rules)
5944 <-> SPYWARE-PUT Adware free access bar runtime detection 1 (spyware-put.rules)
5945 <-> SPYWARE-PUT Adware weirdontheweb runtime detection - track.cgi request (spyware-put.rules)
5946 <-> SPYWARE-PUT Adware weirdontheweb runtime detection - monitor user web activity (spyware-put.rules)
5949 <-> SPYWARE-PUT Trackware iggsey toolbar detection - simpleticker.htm request (spyware-put.rules)
5950 <-> SPYWARE-PUT Trackware iggsey toolbar detection - pass information to server (spyware-put.rules)
5951 <-> SPYWARE-PUT Trackware iggsey toolbar detection - search request (spyware-put.rules)
5954 <-> SPYWARE-PUT Trackware browserpal runtime detection - post user info to server (spyware-put.rules)
5961 <-> SPYWARE-PUT Hijacker searchfast detection - news ticker (spyware-put.rules)
5966 <-> SPYWARE-PUT trackware searchinweb detection - search request (spyware-put.rules)
5970 <-> SPYWARE-PUT hijacker smart finder detection - keys update (spyware-put.rules)
5971 <-> SPYWARE-PUT hijacker smart finder detection - track hits (spyware-put.rules)
5973 <-> SPYWARE-PUT hijacker smart finder detection - search engines hijack (spyware-put.rules)
5974 <-> SPYWARE-PUT hijacker smart finder detection - pop-up ads (spyware-put.rules)
5975 <-> SPYWARE-PUT hijacker topfive searchassistant detection - search request (spyware-put.rules)
5976 <-> SPYWARE-PUT hijacker topfive searchassistant detection - side search (spyware-put.rules)
5977 <-> SPYWARE-PUT hijacker topfive searchassistant detection - post user information to server (spyware-put.rules)
5978 <-> SPYWARE-PUT hijacker topfive searchassistant detection - update (spyware-put.rules)
5979 <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - track user ip address (spyware-put.rules)
5980 <-> SPYWARE-PUT Trackware anwb toolbar runtime detection - display advertisement (spyware-put.rules)
5981 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - autosearch hijack or search in toolbar (spyware-put.rules)
5982 <-> SPYWARE-PUT Hijacker seeqtoolbar runtime detection - email login page (spyware-put.rules)
5983 <-> SPYWARE-PUT Adware powerstrip runtime detection (spyware-put.rules)
5986 <-> SPYWARE-PUT Trickler teomasearchbar runtime detection (spyware-put.rules)
5987 <-> SPYWARE-PUT Hijacker wishbone runtime detection (spyware-put.rules)
5988 <-> SPYWARE-PUT Trackware windupdates-mediagateway runtime detection - post data (spyware-put.rules)
5989 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get config (spyware-put.rules)
5990 <-> SPYWARE-PUT Adware broadcastpc runtime detection - get up-to-date movie/tv/ad information (spyware-put.rules)
5992 <-> SPYWARE-PUT Hijacker getmirar runtime detection - get keyword-related content (spyware-put.rules)
5993 <-> SPYWARE-PUT Hijacker getmirar runtime detection - track activity (spyware-put.rules)
5994 <-> SPYWARE-PUT Hijacker getmirar runtime detection - click related button (spyware-put.rules)
5995 <-> SPYWARE-PUT Adware offeragent runtime detection - information checking (spyware-put.rules)
5996 <-> SPYWARE-PUT Adware offeragent runtime detection - ads request (spyware-put.rules)
6107 <-> BACKDOOR backage 3.1 runtime detection (backdoor.rules)
6122 <-> BACKDOOR millenium v1.0 runtime detection (backdoor.rules)
6127 <-> BACKDOOR dkangel runtime detection - udp client-to-server (backdoor.rules)
6128 <-> BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (backdoor.rules)
6146 <-> BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (backdoor.rules)
6174 <-> BACKDOOR cookie monster 0.24 runtime detection - file explorer (backdoor.rules)
6176 <-> BACKDOOR guptachar 2.0 runtime detection (backdoor.rules)
6189 <-> SPYWARE-PUT Trackware try2find detection (spyware-put.rules)
6191 <-> SPYWARE-PUT Trackware onetoolbar runtime detection (spyware-put.rules)
6192 <-> SPYWARE-PUT Adware seekmo runtime detection - reporting keyword (spyware-put.rules)
6196 <-> SPYWARE-PUT Hijacker smart shopper runtime detection - services requests (spyware-put.rules)
6197 <-> SPYWARE-PUT Hijacker smart shopper runtime detection - track/upgrade/report activities (spyware-put.rules)
6198 <-> SPYWARE-PUT Trackware squaretrade side bar runtime detection - collect user information (spyware-put.rules)
6199 <-> SPYWARE-PUT Hijacker smart search runtime detection - hijack/ads (spyware-put.rules)
6200 <-> SPYWARE-PUT Hijacker smart search runtime detection - get settings (spyware-put.rules)
6203 <-> SPYWARE-PUT Trickler farmmext runtime detection - drk.syn request (spyware-put.rules)
6206 <-> SPYWARE-PUT Hacker-Tool sin stealer 1.1 runtime detection (spyware-put.rules)
6207 <-> SPYWARE-PUT Keylogger winsession runtime detection - smtp (spyware-put.rules)
6208 <-> SPYWARE-PUT Keylogger winsession runtime detection - ftp (spyware-put.rules)
6209 <-> SPYWARE-PUT Adware deskwizz/zquest runtime detection - get config information / ad banner (spyware-put.rules)
6212 <-> SPYWARE-PUT Adware commonname runtime detection (spyware-put.rules)
6213 <-> SPYWARE-PUT Hijacker 7fasst runtime detection - auto requests (spyware-put.rules)
6219 <-> SPYWARE-PUT Adware bonzibuddy runtime detection (spyware-put.rules)
6220 <-> SPYWARE-PUT Keylogger boss everyware runtime detection (spyware-put.rules)
6222 <-> SPYWARE-PUT Adware delfin media viewer runtime detection - contact server (spyware-put.rules)
6223 <-> SPYWARE-PUT Adware delfin media viewer runtime detection - retrieve schedule (spyware-put.rules)
6225 <-> SPYWARE-PUT Adware exact.bargainbuddy runtime detection - ads - getsize request (spyware-put.rules)
6228 <-> SPYWARE-PUT Adware exact.bargainbuddy runtime detection - disclaimer text (spyware-put.rules)
6232 <-> SPYWARE-PUT Adware mirar runtime detection - thumbnail (spyware-put.rules)
6233 <-> SPYWARE-PUT Adware mirar runtime detection - delayed (spyware-put.rules)
6237 <-> SPYWARE-PUT Adware lop runtime detection - check update request (spyware-put.rules)
6239 <-> SPYWARE-PUT Adware lop runtime detection - collect info request 2 (spyware-put.rules)
6241 <-> SPYWARE-PUT Adware lop runtime detection - ie autosearch hijack (spyware-put.rules)
6250 <-> SPYWARE-PUT Adware hotbar runtime detection - hotbar user-agent (spyware-put.rules)
6251 <-> SPYWARE-PUT Adware hotbar runtime detection - hostie user-agent (spyware-put.rules)
6252 <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - search request (spyware-put.rules)
6254 <-> SPYWARE-PUT Trackware quicksearch toolbar runtime detection - redirect (spyware-put.rules)
6270 <-> SPYWARE-PUT Hijacker topicks runtime detection (spyware-put.rules)
6271 <-> SPYWARE-PUT Trickler bundleware runtime detection (spyware-put.rules)
6275 <-> SPYWARE-PUT Hijacker incredifind runtime detection - cookie (spyware-put.rules)
6281 <-> SPYWARE-PUT Hijacker yoursitebar runtime detection (spyware-put.rules)
6282 <-> SPYWARE-PUT Hijacker customtoolbar runtime detection (spyware-put.rules)
6290 <-> BACKDOOR netspy runtime detection - command pattern server-to-client (backdoor.rules)
6321 <-> BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (backdoor.rules)
6322 <-> BACKDOOR ptakks2.1 runtime detection - command pattern (backdoor.rules)
6324 <-> BACKDOOR 3xBackdoor runtime detection (backdoor.rules)
6336 <-> BACKDOOR buttman v0.9p runtime detection - remote control (backdoor.rules)
6341 <-> SPYWARE-PUT Hijacker spediabar user-agent string detected (spyware-put.rules)
6342 <-> SPYWARE-PUT Hijacker spediabar runtime detection - info check (spyware-put.rules)
6343 <-> SPYWARE-PUT Adware targetsaver runtime detection (spyware-put.rules)
6358 <-> SPYWARE-PUT Hijacker need2find search query detection (spyware-put.rules)
6359 <-> SPYWARE-PUT Adware altnet runtime detection - initial retrieval (spyware-put.rules)
6360 <-> SPYWARE-PUT Adware altnet runtime detection - update (spyware-put.rules)
6361 <-> SPYWARE-PUT Adware altnet runtime detection - status report (spyware-put.rules)
6363 <-> SPYWARE-PUT adware surfaccuracy runtime detection (spyware-put.rules)
6364 <-> SPYWARE-PUT Hijacker imeshbar runtime detection (spyware-put.rules)
6365 <-> SPYWARE-PUT Other-Technologies sony rootkit runtime detection (spyware-put.rules)
6372 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get wsliveup.dat (spyware-put.rules)
6373 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - stbarpat.dat (spyware-put.rules)
6374 <-> SPYWARE-PUT Trickler spyblocs eblocs detection - get spyblpat.dat/spyblini.ini (spyware-put.rules)
6377 <-> SPYWARE-PUT Hijacker girafa toolbar - browser hijack (spyware-put.rules)
6384 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (spyware-put.rules)
6385 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (spyware-put.rules)
6386 <-> SPYWARE-PUT Keylogger stealthwatcher 2000 runtime detection - agent up notification (spyware-put.rules)
6398 <-> BACKDOOR http rat runtime detection - http (backdoor.rules)
6467 <-> CHAT jabber traffic detected (chat.rules)
6477 <-> SPYWARE-PUT Hacker-Tool beee runtime detection - smtp (spyware-put.rules)
6478 <-> SPYWARE-PUT Trackware searchingall toolbar runtime detection - send user url request (spyware-put.rules)
6480 <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - home page (spyware-put.rules)
6481 <-> SPYWARE-PUT Hijacker cws.cameup runtime detection - search (spyware-put.rules)
6482 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - get info (spyware-put.rules)
6483 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - home page hijacker (spyware-put.rules)
6484 <-> SPYWARE-PUT Hijacker makemesearch toolbar runtime detection - search (spyware-put.rules)
6487 <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - check updates (spyware-put.rules)
6488 <-> SPYWARE-PUT Adware searchnugget toolbar runtime detection - redirect mistyped urls (spyware-put.rules)
6489 <-> SPYWARE-PUT Hijacker analyze IE runtime detection - default page hijacker (spyware-put.rules)
6490 <-> SPYWARE-PUT Dialer yeaknet runtime detection - home page hijacker (spyware-put.rules)
6494 <-> SPYWARE-PUT Adware yourenhancement runtime detection (spyware-put.rules)
6496 <-> SPYWARE-PUT Adware adpowerzone runtime detection (spyware-put.rules)
7050 <-> SPYWARE-PUT Hijacker freecruise toolbar runtime detection (spyware-put.rules)
7055 <-> SPYWARE-PUT Hijacker vip01 biz runtime detection - adv (spyware-put.rules)
7068 <-> BACKDOOR delta source 0.5 beta runtime detection - ping (backdoor.rules)
7069 <-> BACKDOOR delta source 0.5 beta runtime detection - pc info (backdoor.rules)
7074 <-> BACKDOOR w32.dumaru.gen@mm runtime detection - cmd (backdoor.rules)
7118 <-> BACKDOOR y3k 1.2 runtime detection - user-agent string detected (backdoor.rules)
7138 <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - version check (spyware-put.rules)
7139 <-> SPYWARE-PUT Other-Technologies clicktrojan runtime detection - fake search query (spyware-put.rules)
7140 <-> SPYWARE-PUT Adware pay-per-click runtime detection - configuration (spyware-put.rules)
7141 <-> SPYWARE-PUT Adware pay-per-click runtime detection - update (spyware-put.rules)
7142 <-> SPYWARE-PUT Adware ares flash downloader 2.04 runtime detection (spyware-put.rules)
7143 <-> SPYWARE-PUT Adware digink.com runtime detection (spyware-put.rules)
7144 <-> SPYWARE-PUT Hijacker cool search runtime detection (spyware-put.rules)
7154 <-> SPYWARE-PUT Keylogger active keylogger home runtime detection (spyware-put.rules)
7169 <-> SPYWARE-PUT Keylogger ab system spy runtime detection - information exchange (spyware-put.rules)
7177 <-> SPYWARE-PUT Keylogger ab system spy runtime detection - info send through email (spyware-put.rules)
7180 <-> SPYWARE-PUT Keylogger desktop detective 2000 runtime detection - init connection (spyware-put.rules)
7185 <-> SPYWARE-PUT Keylogger 007 spy software runtime detection - ftp (spyware-put.rules)
7190 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - host retrieval (spyware-put.rules)
7191 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - url retrieval (spyware-put.rules)
7192 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - sponsor selection (spyware-put.rules)
7193 <-> SPYWARE-PUT Adware trustyfiles v3.1.0.1 runtime detection - startup access (spyware-put.rules)
7194 <-> SPYWARE-PUT Hijacker shopprreports runtime detection - services requests (spyware-put.rules)
7195 <-> SPYWARE-PUT Hijacker shopprreports runtime detection - track/upgrade/report activities (spyware-put.rules)
7504 <-> SPYWARE-PUT Keylogger actualspy runtime detection - ftp-data (spyware-put.rules)
7505 <-> SPYWARE-PUT Keylogger actualspy runtime detection - smtp (spyware-put.rules)
7511 <-> SPYWARE-PUT Trickler edonkey2000 runtime detection - get ads page (spyware-put.rules)
7514 <-> SPYWARE-PUT Keylogger watchdog runtime detection - send out info to server periodically (spyware-put.rules)
7515 <-> SPYWARE-PUT Keylogger watchdog runtime detection - remote monitoring (spyware-put.rules)
7516 <-> SPYWARE-PUT Trickler hmtoolbar runtime detection (spyware-put.rules)
7518 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - get up-to-date news info (spyware-put.rules)
7522 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - search toolbar request 2 (spyware-put.rules)
7523 <-> SPYWARE-PUT Trackware earthlink toolbar runtime detection - click news button links (spyware-put.rules)
7524 <-> SPYWARE-PUT Hijacker moneybar runtime detection - cgispy counter (spyware-put.rules)
7525 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - barad.asp request (spyware-put.rules)
7526 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - stat counter (spyware-put.rules)
7527 <-> SPYWARE-PUT Trackware hotblox toolbar runtime detection - toolbar find function (spyware-put.rules)
7529 <-> SPYWARE-PUT Snoopware halflife jacker runtime detection (spyware-put.rules)
7531 <-> SPYWARE-PUT Trickler mediaseek.pl client runtime detection - login (spyware-put.rules)
7532 <-> SPYWARE-PUT Adware piolet runtime detection - user-agent (spyware-put.rules)
7533 <-> SPYWARE-PUT Adware piolet runtime detection - ads request (spyware-put.rules)
7534 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - ie hijacking (spyware-put.rules)
7535 <-> SPYWARE-PUT Hijacker clearsearch variant runtime detection - pass information (spyware-put.rules)
7537 <-> SPYWARE-PUT Trackware arrow search runtime detection (spyware-put.rules)
7539 <-> SPYWARE-PUT Keylogger eye spy pro 1.0 runtime detection (spyware-put.rules)
7547 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent status monitoring (spyware-put.rules)
7548 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection - agent up notification (spyware-put.rules)
7549 <-> SPYWARE-PUT Keylogger activity monitor 3.8 runtime detection (spyware-put.rules)
7550 <-> SPYWARE-PUT Adware adroar runtime detection (spyware-put.rules)
7551 <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - smtp (spyware-put.rules)
7552 <-> SPYWARE-PUT Keylogger ardamax keylogger runtime detection - ftp (spyware-put.rules)
7557 <-> SPYWARE-PUT Trackware purityscan runtime detection - start up (spyware-put.rules)
7558 <-> SPYWARE-PUT Trackware purityscan runtime detection - installation notify (spyware-put.rules)
7559 <-> SPYWARE-PUT Trackware purityscan runtime detection - track user activity and status (spyware-put.rules)
7562 <-> SPYWARE-PUT Adware morpheus runtime detection - ad 1 (spyware-put.rules)
7563 <-> SPYWARE-PUT Adware morpheus runtime detection - ad 2 (spyware-put.rules)
7567 <-> SPYWARE-PUT Trackware funwebproducts mywebsearchtoolbar-funtools runtime detection (spyware-put.rules)
7569 <-> SPYWARE-PUT Adware lordofsearch runtime detection (spyware-put.rules)
7570 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - ads (spyware-put.rules)
7571 <-> SPYWARE-PUT Hijacker linkspider search bar runtime detection - toolbar search (spyware-put.rules)
7572 <-> SPYWARE-PUT Trickler album galaxy runtime detection - startup data (spyware-put.rules)
7573 <-> SPYWARE-PUT Trickler album galaxy runtime detection - p2p gnutella (spyware-put.rules)
7575 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - weather request (spyware-put.rules)
7576 <-> SPYWARE-PUT Hijacker starware toolbar runtime detection - hijack ie browser (spyware-put.rules)
7581 <-> SPYWARE-PUT Hijacker flashbar runtime detection - user-agent (spyware-put.rules)
7582 <-> SPYWARE-PUT Trickler pcast runtime detection - update checking (spyware-put.rules)
7587 <-> SPYWARE-PUT Trickler urlblaze runtime detection - software information request (spyware-put.rules)
7589 <-> SPYWARE-PUT Trickler urlblaze runtime detection - irc notification (spyware-put.rules)
7593 <-> SPYWARE-PUT Trackware trellian toolbarbrowser runtime detection (spyware-put.rules)
7594 <-> SPYWARE-PUT Adware comedy planet runtime detection - ads (spyware-put.rules)
7597 <-> SPYWARE-PUT Keylogger spy lantern keylogger runtime detection (spyware-put.rules)
7603 <-> SPYWARE-PUT Snoopware big brother v3.5.1 runtime detection - connect to receiver (spyware-put.rules)
7613 <-> BACKDOOR flux 1.0 runtime detection - successful initial connection (backdoor.rules)
7615 <-> BACKDOOR flux 1.0 runtime detection - keep alive (backdoor.rules)
7624 <-> BACKDOOR remote control 1.7 runtime detection - data communication (backdoor.rules)
7642 <-> BACKDOOR am remote client runtime detection - server-to-client (backdoor.rules)
7646 <-> BACKDOOR snipernet 2.1 runtime detection (backdoor.rules)
7647 <-> BACKDOOR minicom lite runtime detection - udp (backdoor.rules)
7649 <-> BACKDOOR minicom lite runtime detection - server-to-client (backdoor.rules)
7655 <-> BACKDOOR small uploader 1.01 runtime detection - remote shell (backdoor.rules)
7669 <-> BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (backdoor.rules)
7706 <-> BACKDOOR omniquad instant remote control runtime detection - initial connection (backdoor.rules)
7711 <-> BACKDOOR amitis runtime command detection attacker to victim (backdoor.rules)
7712 <-> BACKDOOR amitis runtime detection victim to attacker (backdoor.rules)
7727 <-> BACKDOOR reversable ver1.0 runtime detection - execute command (backdoor.rules)
7732 <-> BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (backdoor.rules)
7739 <-> BACKDOOR alexmessomalex runtime detection - grab (backdoor.rules)
7758 <-> BACKDOOR glacier runtime detection - initial connection and directory browse (backdoor.rules)
7759 <-> BACKDOOR glacier runtime detection - screen capture (backdoor.rules)
7760 <-> BACKDOOR netthief runtime detection (backdoor.rules)
7801 <-> BACKDOOR portal of doom runtime detection - udp cts (backdoor.rules)
7802 <-> BACKDOOR portal of doom runtime detection - udp stc (backdoor.rules)
7822 <-> BACKDOOR xbkdr runtime detection (backdoor.rules)
7827 <-> SPYWARE-PUT Adware whenu runtime detection - search request 1 (spyware-put.rules)
7828 <-> SPYWARE-PUT Adware whenu runtime detection - search request 2 (spyware-put.rules)
7829 <-> SPYWARE-PUT Adware gator user-agent detected (spyware-put.rules)
7832 <-> SPYWARE-PUT Hijacker navexcel helper runtime detection - active/update (spyware-put.rules)
7835 <-> SPYWARE-PUT Hacker-Tool nettracker runtime detection - report browsing (spyware-put.rules)
7837 <-> SPYWARE-PUT Keylogger spyoutside runtime detection - email delivery (spyware-put.rules)
7839 <-> SPYWARE-PUT Hijacker rx toolbar runtime detection (spyware-put.rules)
7848 <-> SPYWARE-PUT Hijacker netguide runtime detection (spyware-put.rules)
7856 <-> SPYWARE-PUT Trackware winsysba-a runtime detection - track surfing activity (spyware-put.rules)
8071 <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - search hijack (spyware-put.rules)
8072 <-> SPYWARE-PUT Hijacker findthewebsiteyouneed runtime detection - surf monitor (spyware-put.rules)
8073 <-> SPYWARE-PUT Adware zango toolbar runtime detection (spyware-put.rules)
8358 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - addressbar keyword search hijack (spyware-put.rules)
8359 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - target website display (spyware-put.rules)
8360 <-> SPYWARE-PUT Hijacker yok supersearch runtime detection - search info collect (spyware-put.rules)
8464 <-> SPYWARE-PUT Adware henbang runtime detection (spyware-put.rules)
8467 <-> SPYWARE-PUT Keylogger netobserve runtime detection - remote login response (spyware-put.rules)
8468 <-> SPYWARE-PUT Hijacker accoona runtime detection - collect info (spyware-put.rules)
8542 <-> SPYWARE-PUT Trackware deluxecommunications runtime detection - collect info (spyware-put.rules)
8544 <-> SPYWARE-PUT Keylogger nicespy runtime detection - smtp (spyware-put.rules)
8545 <-> SPYWARE-PUT Adware roogoo runtime detection - surfing monitor (spyware-put.rules)
8549 <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules)
9327 <-> SPECIFIC-THREATS netsky.af smtp propagation detection (specific-threats.rules)
9329 <-> SPECIFIC-THREATS yarner.b smtp propagation detection (specific-threats.rules)
9330 <-> SPECIFIC-THREATS mydoom.e smtp propagation detection (specific-threats.rules)
9331 <-> SPECIFIC-THREATS mydoom.m smtp propagation detection (specific-threats.rules)
9332 <-> SPECIFIC-THREATS mimail.a smtp propagation detection (specific-threats.rules)
9333 <-> SPECIFIC-THREATS mimail.e smtp propagation detection (specific-threats.rules)
9336 <-> SPECIFIC-THREATS netsky.t smtp propagation detection (specific-threats.rules)
9337 <-> SPECIFIC-THREATS netsky.x smtp propagation detection (specific-threats.rules)
9338 <-> SPECIFIC-THREATS mydoom.i smtp propagation detection (specific-threats.rules)
9339 <-> SPECIFIC-THREATS klez.g web propagation detection (specific-threats.rules)
9340 <-> SPECIFIC-THREATS klez.i web propagation detection (specific-threats.rules)
9342 <-> SPECIFIC-THREATS paroc.a smtp propagation detection (specific-threats.rules)
9345 <-> SPECIFIC-THREATS kipis.a smtp propagation detection (specific-threats.rules)
9351 <-> SPECIFIC-THREATS lovgate.a netshare propagation detection (specific-threats.rules)
9352 <-> SPECIFIC-THREATS lovgate.a smtp propagation detection (specific-threats.rules)
9354 <-> SPECIFIC-THREATS deborm.y netshare propagation detection (specific-threats.rules)
9355 <-> SPECIFIC-THREATS deborm.u netshare propagation detection (specific-threats.rules)
9361 <-> SPECIFIC-THREATS mimail.l smtp propagation detection (specific-threats.rules)
9365 <-> SPECIFIC-THREATS cult.c smtp propagation detection (specific-threats.rules)
9366 <-> SPECIFIC-THREATS mimail.s smtp propagation detection (specific-threats.rules)
9372 <-> SPECIFIC-THREATS blebla.a smtp propagation detection (specific-threats.rules)
9373 <-> SPECIFIC-THREATS clepa smtp propagation detection (specific-threats.rules)
9374 <-> SPECIFIC-THREATS creepy.b smtp propagation detection (specific-threats.rules)
9375 <-> SPECIFIC-THREATS duksten.c smtp propagation detection (specific-threats.rules)
9377 <-> SPECIFIC-THREATS mydoom.g smtp propagation detection (specific-threats.rules)
9380 <-> SPECIFIC-THREATS jitux msn messenger propagation detection (specific-threats.rules)
9383 <-> SPECIFIC-THREATS netsky.y smtp propagation detection (specific-threats.rules)
9386 <-> SPECIFIC-THREATS bagle.f smtp propagation detection (specific-threats.rules)
9387 <-> SPECIFIC-THREATS klez.j web propagation detection (specific-threats.rules)
9389 <-> SPECIFIC-THREATS bagle.i smtp propagation detection (specific-threats.rules)
9390 <-> SPECIFIC-THREATS deborm.d netshare propagation detection (specific-threats.rules)
9392 <-> SPECIFIC-THREATS bagle.j smtp propagation detection (specific-threats.rules)
9393 <-> SPECIFIC-THREATS bagle.k smtp propagation detection (specific-threats.rules)
9397 <-> SPECIFIC-THREATS neysid smtp propagation detection (specific-threats.rules)
9400 <-> SPECIFIC-THREATS abotus smtp propagation detection (specific-threats.rules)
9403 <-> SPECIFIC-THREATS netsky.aa smtp propagation detection (specific-threats.rules)
9404 <-> SPECIFIC-THREATS netsky.ac smtp propagation detection (specific-threats.rules)
9405 <-> SPECIFIC-THREATS netsky.af smtp propagation detection (specific-threats.rules)
9407 <-> SPECIFIC-THREATS lovgate.b netshare propagation detection (specific-threats.rules)
9408 <-> SPECIFIC-THREATS lacrow smtp propagation detection (specific-threats.rules)
9413 <-> SPECIFIC-THREATS ganda smtp propagation detection (specific-threats.rules)
9417 <-> SPECIFIC-THREATS bagle.a smtp propagation detection (specific-threats.rules)
9418 <-> SPECIFIC-THREATS bagle.a http notification detection (specific-threats.rules)
9425 <-> SPECIFIC-THREATS netsky attachment (specific-threats.rules)
9622 <-> DOS Spiffit UDP denial of service attempt (dos.rules)
9644 <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules)
9648 <-> SPYWARE-PUT Keylogger emailspypro runtime detection (spyware-put.rules)
9650 <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection (spyware-put.rules)
9652 <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules)
9655 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules)
9657 <-> BACKDOOR bersek 1.0 runtime detection - init connection (backdoor.rules)
9663 <-> BACKDOOR bersek 1.0 runtime detection - start remote shell (backdoor.rules)
9667 <-> BACKDOOR superra runtime detection - issue remote control command (backdoor.rules)
9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules)
9829 <-> SPYWARE-PUT Trackware relevantknowledge runtime detection (spyware-put.rules)
9830 <-> SPYWARE-PUT Keylogger supreme spy runtime detection (spyware-put.rules)
9839 <-> BACKDOOR sun shadow 1.70 runtime detection - keep alive (backdoor.rules)
10088 <-> SPYWARE-PUT Keylogger beyond Keylogger runtime detection - log sent by smtp (spyware-put.rules)
10089 <-> SPYWARE-PUT Keylogger beyond Keylogger runtime detection - log sent by ftp (spyware-put.rules)
10091 <-> SPYWARE-PUT Hacker-Tool spylply.a runtime detection (spyware-put.rules)
10092 <-> SPYWARE-PUT Trackware russian searchbar runtime detection (spyware-put.rules)
10094 <-> SPYWARE-PUT Adware borlan runtime detection (spyware-put.rules)
10095 <-> SPYWARE-PUT Trackware bydou runtime detection (spyware-put.rules)
10096 <-> SPYWARE-PUT Keylogger win32.remotekeylog.b runtime detection - keylog (spyware-put.rules)
10107 <-> BACKDOOR icmp cmd 1.0 runtime detection - pslist (backdoor.rules)
10108 <-> BACKDOOR icmp cmd 1.0 runtime detection - pskill (backdoor.rules)
10113 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules)
10114 <-> SPECIFIC-THREATS Trojan Peacomm command and control propagation detected (specific-threats.rules)
10123 <-> SPECIFIC-THREATS PA168 chipset based IP phone default password attempt (specific-threats.rules)
10124 <-> SPECIFIC-THREATS PA168 chipset based IP phone authentication bypass (specific-threats.rules)
10164 <-> SPYWARE-PUT Adware adclicker-ej runtime detection (spyware-put.rules)
10166 <-> SPYWARE-PUT Trackware baigoo runtime detection (spyware-put.rules)
10168 <-> BACKDOOR one runtime detection (backdoor.rules)
10169 <-> BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (backdoor.rules)
10179 <-> SPYWARE-PUT Trackware bysoo runtime detection (spyware-put.rules)
10180 <-> SPYWARE-PUT Adware eqiso runtime detection (spyware-put.rules)
10181 <-> SPYWARE-PUT Keylogger systemsleuth runtime detection (spyware-put.rules)
10182 <-> SPYWARE-PUT Adware newweb runtime detection (spyware-put.rules)
10183 <-> SPYWARE-PUT Keylogger activity Keylogger runtime detection (spyware-put.rules)
10184 <-> BACKDOOR wow 23 runtime detection (backdoor.rules)
10185 <-> BACKDOOR x-door runtime detection (backdoor.rules)
10438 <-> SPYWARE-PUT Hijacker bazookabar runtime detection (spyware-put.rules)
10440 <-> SPYWARE-PUT Keylogger pc black box runtime detection (spyware-put.rules)
10441 <-> SPYWARE-PUT Hacker-Tool statwin runtime detection (spyware-put.rules)
10443 <-> BACKDOOR acidbattery 1.0 runtime detection - sniff info (backdoor.rules)
10446 <-> BACKDOOR acidbattery 1.0 runtime detection - get server info (backdoor.rules)
10447 <-> BACKDOOR 51d 1b runtime detection - icq notification (backdoor.rules)
10451 <-> BACKDOOR only 1 rat runtime detection - control command (backdoor.rules)
10452 <-> BACKDOOR only 1 rat runtime detection - icmp request (backdoor.rules)
11306 <-> SPYWARE-PUT Snoopware childwebguardian runtime detection - udp broadcast (spyware-put.rules)
11307 <-> SPYWARE-PUT Keylogger computer monitor Keylogger runtime detection (spyware-put.rules)
11311 <-> SPYWARE-PUT Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (spyware-put.rules)
11312 <-> SPYWARE-PUT Trackware uplink runtime detection (spyware-put.rules)
11317 <-> BACKDOOR abremote pro 3.1 runtime detection - init connection (backdoor.rules)
12973 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm alter context attempt (deleted.rules)
12974 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm little endian alter context attempt (deleted.rules)
12975 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm bind attempt (deleted.rules)
12976 <-> DELETED NETBIOS DCERPC NCACN-IP-TCP mqqm little endian bind attempt (deleted.rules)
12977 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12978 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12979 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12980 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
12981 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian overflow attempt (netbios.rules)
12982 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt (netbios.rules)
13210 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules)
13211 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
13212 <-> NETBIOS DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
13213 <-> NETBIOS DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules)
13214 <-> NETBIOS DCERPC NCADG-IP-UDP v4 mqqm QMObjectPathToObjectFormat overflow attempt (netbios.rules)
13215 <-> NETBIOS DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian overflow attempt (netbios.rules)