Sourcefire VRT Update
Date: 2007-01-04
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.
The format of the file is:
sid - Message (rule group)
New rules: 9644 <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules) 9645 <-> SPYWARE-PUT Hijacker sogou runtime detection - keyword hijack (spyware-put.rules) 9646 <-> SPYWARE-PUT Hijacker sogou runtime detection - search through sogou toolbar (spyware-put.rules) 9647 <-> SPYWARE-PUT Keylogger system surveillance pro runtime detection (spyware-put.rules) 9648 <-> SPYWARE-PUT Keylogger emailspypro runtime detection (spyware-put.rules) 9649 <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection - flowbit set (spyware-put.rules) 9650 <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection (spyware-put.rules) 9651 <-> SPYWARE-PUT Hijacker ricercadoppia runtime detection (spyware-put.rules) 9652 <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules) 9653 <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules) 9654 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules) 9655 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules) 9656 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9657 <-> BACKDOOR bersek 1.0 runtime detection - init connection (backdoor.rules) 9658 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9659 <-> BACKDOOR bersek 1.0 runtime detection - file manage (backdoor.rules) 9660 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9661 <-> BACKDOOR bersek 1.0 runtime detection - show processes (backdoor.rules) 9662 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules) 9663 <-> BACKDOOR bersek 1.0 runtime detection - start remote shell (backdoor.rules) 9664 <-> BACKDOOR crossbow 1.12 runtime detection (backdoor.rules) 9665 <-> BACKDOOR crossbow 1.12 runtime detection - init connection (backdoor.rules) 9666 <-> BACKDOOR superra runtime detection - success init connection (backdoor.rules) 9667 <-> BACKDOOR superra runtime detection - issue remote control command (backdoor.rules) 9668 <-> WEB-CLIENT Outlook Recipient Control ActiveX clsid access (web-client.rules) 9669 <-> WEB-CLIENT Outlook Recipient Control ActiveX clsid unicode access (web-client.rules) 9670 <-> WEB-CLIENT Outlook Recipient Control ActiveX function call access (web-client.rules) 9671 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-client.rules) 9672 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid unicode access (web-client.rules) 9673 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX function call access (web-client.rules) 9674 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules) 9675 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules) 9676 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules) 9677 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9678 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules) 9679 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules) 9680 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9681 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules) 9682 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules) 9683 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules) 9684 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules) 9685 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules) 9686 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules) 9687 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode object call attempt (netbios.rules) 9688 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx object call attempt (netbios.rules) 9689 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX andx object call attempt (netbios.rules) 9690 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile andx object call attempt (netbios.rules) 9691 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian andx object call attempt (netbios.rules) 9692 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx object call attempt (netbios.rules) 9693 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian andx object call attempt (netbios.rules) 9694 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian andx object call attempt (netbios.rules) 9695 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx object call attempt (netbios.rules) 9696 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules) 9697 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules) 9698 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules) 9699 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules) 9700 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules) 9701 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx object call attempt (netbios.rules) 9702 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX andx object call attempt (netbios.rules) 9703 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode andx object call attempt (netbios.rules) 9704 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode andx object call attempt (netbios.rules) 9705 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile andx object call attempt (netbios.rules) 9706 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx object call attempt (netbios.rules) 9707 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules) 9708 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules) 9709 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules) 9710 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules) 9711 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules) 9712 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules) 9713 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules) 9714 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules) 9715 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules) 9716 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules) 9717 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules) 9718 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules) 9719 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules) 9720 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules) 9721 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules) 9722 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules) 9723 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules) 9724 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules) 9725 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules) 9726 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules) 9727 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules) 9728 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules) 9729 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules) 9730 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules) 9731 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules) 9732 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules) 9733 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules) 9734 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian andx object call attempt (netbios.rules) 9735 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx object call attempt (netbios.rules) 9736 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9737 <-> NETBIOS DCERPC NCADG-IP-UDP v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9738 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9739 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9740 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9741 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9742 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9743 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9744 <-> NETBIOS DCERPC NCADG-IP-UDP v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9745 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9746 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9747 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9748 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9749 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9750 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 9751 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 9752 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules) 9753 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules) 9754 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules) 9755 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules) 9756 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules) 9757 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules) 9758 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules) 9759 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules) 9760 <-> NETBIOS DCERPC DIRECT-UDP msqueue little endian bind attempt (netbios.rules) 9761 <-> NETBIOS DCERPC DIRECT-UDP msqueue little endian alter context attempt (netbios.rules) 9762 <-> NETBIOS DCERPC DIRECT-UDP msqueue bind attempt (netbios.rules) 9763 <-> NETBIOS DCERPC DIRECT-UDP msqueue alter context attempt (netbios.rules) 9764 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 4 little endian overflow attempt (netbios.rules) 9765 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 little endian overflow attempt (netbios.rules) 9766 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 overflow attempt (netbios.rules) 9767 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 object call overflow attempt (netbios.rules) 9768 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 4 little endian overflow attempt (netbios.rules) 9769 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 4 overflow attempt (netbios.rules) 9770 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 object call overflow attempt (netbios.rules) 9771 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 little endian object call overflow attempt (netbios.rules) 9772 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 overflow attempt (netbios.rules) 9773 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 1 little endian overflow attempt (netbios.rules) 9774 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 little endian overflow attempt (netbios.rules) 9775 <-> NETBIOS DCERPC DIRECT msqueue function 1 little endian overflow attempt (netbios.rules) 9776 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 1 overflow attempt (netbios.rules) 9777 <-> NETBIOS DCERPC DIRECT v4 msqueue function 1 overflow attempt (netbios.rules) 9778 <-> NETBIOS DCERPC DIRECT msqueue function 1 overflow attempt (netbios.rules) 9779 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 overflow attempt (netbios.rules) 9780 <-> NETBIOS DCERPC DIRECT v4 msqueue function 1 little endian overflow attempt (netbios.rules) 9781 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 little endian overflow attempt (netbios.rules) 9782 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 1 little endian overflow attempt (netbios.rules) 9783 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 1 overflow attempt (netbios.rules) 9784 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 object call overflow attempt (netbios.rules) 9785 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 little endian object call overflow attempt (netbios.rules) 9786 <-> NETBIOS DCERPC DIRECT msqueue function 1 little endian object call overflow attempt (netbios.rules) 9787 <-> NETBIOS DCERPC DIRECT msqueue function 1 object call overflow attempt (netbios.rules) 9788 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 object call overflow attempt (netbios.rules) 9789 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 little endian object call overflow attempt (netbios.rules) 9790 <-> EXPLOIT HP-UX lpd command execution attempt (exploit.rules) 9791 <-> WEB-MISC .cmd? access (web-misc.rules) 9792 <-> FTP PASV overflow attempt (ftp.rules) 9793 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid access (web-client.rules) 9794 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid unicode access (web-client.rules) 9795 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX clsid access (web-client.rules) 9796 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX clsid unicode access (web-client.rules) 9797 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX function call access (web-client.rules) 9798 <-> WEB-CLIENT Panda ActiveScan PAVPZ.SOS.1 ActiveX clsid access (web-client.rules) 9799 <-> WEB-CLIENT Panda ActiveScan PAVPZ.SOS.1 ActiveX clsid unicode access (web-client.rules) 9800 <-> WEB-CLIENT Panda ActiveScan PAVPZ.SOS.1 ActiveX function call access (web-client.rules) 9801 <-> WEB-CLIENT Windows Media Player Malformed MIDI File denial of service attempt (web-client.rules) 9802 <-> NETBIOS DCERPC DIRECT brightstor-arc alter context attempt (netbios.rules) 9803 <-> NETBIOS DCERPC DIRECT brightstor-arc little endian alter context attempt (netbios.rules) 9804 <-> NETBIOS DCERPC DIRECT brightstor-arc bind attempt (netbios.rules) 9805 <-> NETBIOS DCERPC DIRECT brightstor-arc little endian bind attempt (netbios.rules) 9806 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus little endian overflow attempt (netbios.rules) 9807 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGroupStatus overflow attempt (netbios.rules) 9808 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus overflow attempt (netbios.rules) 9809 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGroupStatus little endian overflow attempt (netbios.rules) 9810 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus little endian object call overflow attempt (netbios.rules) 9811 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus object call overflow attempt (netbios.rules) 9812 <-> WEB-CLIENT Yahoo Messenger YMailAttach ActiveX function call access (web-client.rules) 9813 <-> EXPLOIT Symantec NetBackup connect_options buffer overflow attempt (exploit.rules) 9814 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX clsid access (web-client.rules) 9815 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX clsid unicode access (web-client.rules) 9816 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX function call access (web-client.rules) 9817 <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX clsid access (web-client.rules) 9818 <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX clsid unicode access (web-client.rules) 9819 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid unicode access (web-client.rules) 9820 <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX function call access (web-client.rules) 9821 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX clsid access (web-client.rules) 9822 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX clsid unicode access (web-client.rules) 9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules) 9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules) 9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules) 9826 <-> WEB-CLIENT Rediff Bol Downloader ActiveX function call access (web-client.rules) 9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules) 9828 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - ftp (spyware-put.rules) 9829 <-> SPYWARE-PUT Trackware relevantknowledge runtime detection (spyware-put.rules) 9830 <-> SPYWARE-PUT Keylogger supreme spy runtime detection (spyware-put.rules) 9831 <-> SPYWARE-PUT Adware u88 runtime detection (spyware-put.rules) 9832 <-> BACKDOOR ieva 1.0 runtime detection - send message (backdoor.rules) 9833 <-> BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (backdoor.rules) 9834 <-> BACKDOOR ieva 1.0 runtime detection - black screen (backdoor.rules) 9835 <-> BACKDOOR ieva 1.0 runtime detection - swap mouse (backdoor.rules) 9836 <-> BACKDOOR ieva 1.0 runtime detection - crazy mouse (backdoor.rules) 9837 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules) 9838 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules) 9839 <-> BACKDOOR sun shadow 1.70 runtime detection - keep alive (backdoor.rules) 9840 <-> WEB-CLIENT QuickTime HREF Track Detected (web-client.rules) Updated rules: 681 <-> MS-SQL/SMB xp_cmdshell program execution (sql.rules) 687 <-> MS-SQL xp_cmdshell - program execution (sql.rules) 976 <-> WEB-MISC .bat? access (web-misc.rules) 1061 <-> WEB-MISC xp_cmdshell attempt (web-misc.rules) 1759 <-> MS-SQL xp_cmdshell program execution 445 (sql.rules) 2352 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode attempt (netbios.rules) 3156 <-> NETBIOS DCERPC DIRECT msqueue alter context attempt (netbios.rules) 3157 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue little endian bind attempt (netbios.rules) 3158 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian object call attempt (netbios.rules) 3159 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX object call attempt (netbios.rules) 3160 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue alter context attempt (netbios.rules) 3161 <-> NETBIOS DCERPC DIRECT msqueue little endian alter context attempt (netbios.rules) 3162 <-> NETBIOS DCERPC DIRECT msqueue little endian bind attempt (netbios.rules) 3163 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue little endian alter context attempt (netbios.rules) 3164 <-> NETBIOS DCERPC DIRECT msqueue bind attempt (netbios.rules) 3165 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue bind attempt (netbios.rules) 3166 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 4 overflow attempt (netbios.rules) 3167 <-> NETBIOS DCERPC DIRECT msqueue function 4 object call overflow attempt (netbios.rules) 3168 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 little endian overflow attempt (netbios.rules) 3169 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (netbios.rules) 3170 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 little endian object call overflow attempt (netbios.rules) 3171 <-> NETBIOS DCERPC DIRECT v4 msqueue function 4 overflow attempt (netbios.rules) 3172 <-> NETBIOS DCERPC DIRECT msqueue function 4 little endian object call overflow attempt (netbios.rules) 3173 <-> NETBIOS DCERPC DIRECT v4 msqueue function 4 little endian overflow attempt (netbios.rules) 3174 <-> NETBIOS DCERPC DIRECT msqueue function 4 overflow attempt (netbios.rules) 3175 <-> NETBIOS DCERPC DIRECT msqueue function 4 little endian overflow attempt (netbios.rules) 3176 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules) 3177 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian object call attempt (netbios.rules) 3178 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian object call attempt (netbios.rules) 3179 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian object call attempt (netbios.rules) 3180 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules) 3181 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian object call attempt (netbios.rules) 3182 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules) 3183 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules) 3184 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules) 3185 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 3186 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules) 3187 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode object call attempt (netbios.rules) 3188 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX object call attempt (netbios.rules) 3189 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode object call attempt (netbios.rules) 3190 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode object call attempt (netbios.rules) 3191 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules) 3425 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian object call attempt (netbios.rules) 3426 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules) 3427 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules) 3428 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 3429 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 3430 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules) 3431 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules) 3432 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules) 3433 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules) 3434 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules) 3435 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules) 3436 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules) 3437 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 3438 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules) 3439 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules) 3440 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules) 4150 <-> WEB-CLIENT Outlook View OVCtl ActiveX function call access (web-client.rules) 8403 <-> WEB-CLIENT XML Schema Cache 6.0 ActiveX CLSID access (web-client.rules) 8404 <-> WEB-CLIENT XML Schema Cache 6.0 ActiveX CLSID unicode access (web-client.rules) 8409 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX clsid access (web-client.rules) 8410 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX clsid unicode access (web-client.rules) 8417 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX function call access (web-client.rules) 8422 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid access (web-client.rules) 8423 <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX function call access (web-client.rules) 8549 <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules) 8723 <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX clsid access (web-client.rules) 8724 <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX clsid unicode access (web-client.rules) 9425 <-> SPECIFIC-THREATS netsky attachment (specific-threats.rules) 9515 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian attempt (netbios.rules) 9517 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX little endian attempt (netbios.rules) 9518 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode attempt (netbios.rules) 9519 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX attempt (netbios.rules) 9520 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian attempt (netbios.rules) 9521 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules) 9522 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode attempt (netbios.rules) 9523 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode attempt (netbios.rules) 9524 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode little endian attempt (netbios.rules) 9525 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX attempt (netbios.rules) 9526 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules) 9527 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules) 9529 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode little endian attempt (netbios.rules) 9530 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules) 9531 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX little endian attempt (netbios.rules) 9562 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode andx attempt (netbios.rules) 9563 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian andx attempt (netbios.rules) 9565 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX little endian andx attempt (netbios.rules) 9566 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode andx attempt (netbios.rules) 9567 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX andx attempt (netbios.rules) 9568 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian andx attempt (netbios.rules) 9569 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance andx attempt (netbios.rules) 9570 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode andx attempt (netbios.rules) 9571 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode andx attempt (netbios.rules) 9572 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode little endian andx attempt (netbios.rules) 9573 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX andx attempt (netbios.rules) 9574 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance little endian andx attempt (netbios.rules) 9575 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance little endian andx attempt (netbios.rules) 9577 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode little endian andx attempt (netbios.rules) 9578 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance andx attempt (netbios.rules) 9579 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX little endian andx attempt (netbios.rules) 9595 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules) 9596 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules) 9597 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules) 9598 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules) 9604 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules) 9605 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules)
