Talos Rules 2016-08-02
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the browser-ie, exploit-kit, file-office, file-other, file-pdf, malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2016-08-02 15:34:39 UTC

Snort Subscriber Rules Update

Date: 2016-08-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39774 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39753 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules)
 * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:39754 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules)
 * 1:39770 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server directory traversal attempt (server-webapp.rules)
 * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules)
 * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39765 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails ActionPack inline content rendering code injection attempt (server-webapp.rules)
 * 1:39749 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39767 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 1:39752 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules)
 * 1:39750 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules)
 * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 3:39757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)
 * 3:39759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)
 * 3:39758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)

Modified Rules:


 * 1:38258 <-> ENABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39730 <-> ENABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34608 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34329 <-> DISABLED <-> MALWARE-CNC Cryptolocker variant inbound connection (malware-cnc.rules)
 * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34029 <-> ENABLED <-> MALWARE-CNC Win.Worm.Tuscas variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34049 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34155 <-> ENABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34322 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> ENABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:34366 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:34460 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> ENABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:35050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:34965 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35254 <-> ENABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:34327 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:38644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:35967 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules)
 * 1:35968 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules)
 * 1:38068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38018 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:39052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:35794 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37323 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:38886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules)
 * 1:38643 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:38588 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38646 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:36522 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:36765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:37637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:36639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:38256 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:36732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36294 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:39064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:37036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37047 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:38116 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:37317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38645 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:37636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:38647 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:37296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:38557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:38067 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:39705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:23493 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begfanit.A outbound connection (malware-cnc.rules)
 * 1:24224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24350 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules)
 * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:26911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:27022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:28072 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:28141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28209 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28210 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28211 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28239 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound connection (malware-cnc.rules)
 * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound connection (malware-cnc.rules)
 * 1:29644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29980 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:30063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30551 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30804 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30923 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30978 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:31014 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection (malware-cnc.rules)
 * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:31168 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31236 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31813 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:31832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31925 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules)
 * 1:32065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32126 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules)
 * 1:32164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules)
 * 1:32188 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy3 outbound connection (malware-cnc.rules)
 * 1:32189 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy2 outbound connection (malware-cnc.rules)
 * 1:32198 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33165 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33756 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules)
 * 1:33757 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules)
 * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33880 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules)
 * 1:33893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)

2016-08-02 15:34:39 UTC

Snort Subscriber Rules Update

Date: 2016-08-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2982.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules)
 * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39750 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39752 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules)
 * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39767 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39749 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39765 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails ActionPack inline content rendering code injection attempt (server-webapp.rules)
 * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules)
 * 1:39770 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server directory traversal attempt (server-webapp.rules)
 * 1:39754 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules)
 * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:39753 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules)
 * 1:39774 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 3:39759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)
 * 3:39757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)

Modified Rules:


 * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:35968 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules)
 * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23493 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begfanit.A outbound connection (malware-cnc.rules)
 * 1:24224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24350 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules)
 * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules)
 * 1:25807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:26911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:27022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:28072 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:28141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28209 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28210 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28211 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28239 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound connection (malware-cnc.rules)
 * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound connection (malware-cnc.rules)
 * 1:29644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29980 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:30063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30551 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30804 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30923 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30978 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:31014 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection (malware-cnc.rules)
 * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:31168 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31236 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31813 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:31832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31925 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules)
 * 1:32065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:32126 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules)
 * 1:32164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules)
 * 1:32188 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy3 outbound connection (malware-cnc.rules)
 * 1:32189 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy2 outbound connection (malware-cnc.rules)
 * 1:32198 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32910 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33165 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33756 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules)
 * 1:33757 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules)
 * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33880 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules)
 * 1:33893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34029 <-> ENABLED <-> MALWARE-CNC Win.Worm.Tuscas variant outbound connection (malware-cnc.rules)
 * 1:34030 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34049 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34155 <-> ENABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34319 <-> ENABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34327 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34329 <-> DISABLED <-> MALWARE-CNC Cryptolocker variant inbound connection (malware-cnc.rules)
 * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34362 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34608 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> ENABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34965 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:35031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:35050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35254 <-> ENABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35794 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35967 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules)
 * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:39738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39730 <-> ENABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:39705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:39052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:38886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38647 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38643 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38588 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38258 <-> ENABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38116 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:38067 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:36294 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:38018 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:36522 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:37637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:36765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:37036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:37047 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:37457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:37323 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:37317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)

2016-08-02 15:34:39 UTC

Snort Subscriber Rules Update

Date: 2016-08-02

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:39774 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qarallax initial outbound connection (malware-cnc.rules)
 * 1:39773 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39772 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39771 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 1:39770 <-> DISABLED <-> SERVER-WEBAPP GoAhead Embedded Web Server directory traversal attempt (server-webapp.rules)
 * 1:39769 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39768 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Alfa download attempt (malware-other.rules)
 * 1:39767 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.Alfa outbound connection (malware-cnc.rules)
 * 1:39766 <-> ENABLED <-> MALWARE-OTHER Win.Downloader.Ogimant outbound connection detected (malware-other.rules)
 * 1:39765 <-> DISABLED <-> SERVER-WEBAPP Ruby on Rails ActionPack inline content rendering code injection attempt (server-webapp.rules)
 * 1:39764 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:39763 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:39756 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39755 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Retefe variant malicious certificate installation page (malware-other.rules)
 * 1:39754 <-> DISABLED <-> EXPLOIT-KIT Sundown exploit kit landing page detected (exploit-kit.rules)
 * 1:39753 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules)
 * 1:39752 <-> ENABLED <-> FILE-PDF Adobe Reader malformed ICC profile memory corruption attempt (file-pdf.rules)
 * 1:39751 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39750 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39749 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39748 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer 9 CTreeNode use after free attempt (browser-ie.rules)
 * 1:39747 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 1:39746 <-> ENABLED <-> MALWARE-OTHER Win.Ransomware.Apocalypse download attempt (malware-other.rules)
 * 1:39745 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.FakeRean outbound connection detection (malware-other.rules)
 * 1:39744 <-> ENABLED <-> MALWARE-TOOLS CKnife penetration testing tool attempt (malware-tools.rules)
 * 3:39757 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39758 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39759 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39760 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0148 attack attempt (file-office.rules)
 * 3:39761 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)
 * 3:39762 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-CAN-0151 attack attempt (file-office.rules)

Modified Rules:


 * 1:39738 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Trans variant outbound connection (malware-cnc.rules)
 * 1:39736 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39735 <-> DISABLED <-> FILE-OTHER VideoCharge buffer overflow SEH attempt (file-other.rules)
 * 1:39730 <-> ENABLED <-> MALWARE-CNC Win.Adware.Xiazai outbound connection (malware-cnc.rules)
 * 1:39705 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus variant inbound connection (malware-cnc.rules)
 * 1:39581 <-> ENABLED <-> MALWARE-CNC Win.Trojan.NanoBot/Perseus initial outbound connection (malware-cnc.rules)
 * 1:39580 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39579 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39578 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant inbound connection (malware-cnc.rules)
 * 1:39577 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39576 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39575 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39574 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39573 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.NanoBot variant outbound connection (malware-cnc.rules)
 * 1:39465 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Unlock92 outbound connection (malware-cnc.rules)
 * 1:39117 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:39086 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39085 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39084 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cript outbound connection (malware-cnc.rules)
 * 1:39064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sinrin initial JS dropper outbound connection (malware-cnc.rules)
 * 1:39052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Adialer variant outbound connection (malware-cnc.rules)
 * 1:38886 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:38647 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38646 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38645 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38643 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jadowndec outbound connection (malware-cnc.rules)
 * 1:38607 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qakbot variant outbound connection (malware-cnc.rules)
 * 1:38588 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38586 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38585 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.DFSCook variant outbound connection (malware-cnc.rules)
 * 1:38557 <-> ENABLED <-> MALWARE-CNC Win.Trojan.GateKeylogger outbound connection (malware-cnc.rules)
 * 1:38516 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38515 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38514 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sweeper outbound connection (malware-cnc.rules)
 * 1:38258 <-> ENABLED <-> MALWARE-CNC Win/Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38257 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38256 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38255 <-> ENABLED <-> MALWARE-CNC Win-Linux.Trojan.Derusbi variant outbound connection (malware-cnc.rules)
 * 1:38116 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Keranger outbound connection (malware-cnc.rules)
 * 1:38070 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38069 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38068 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38067 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer CTreePos type confusion attempt (browser-ie.rules)
 * 1:38018 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex outbound connection (malware-cnc.rules)
 * 1:37637 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37636 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Graftor outbound connection (malware-cnc.rules)
 * 1:37457 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sovfo variant outbound connection (malware-cnc.rules)
 * 1:37323 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Direvex variant outbound connection (malware-cnc.rules)
 * 1:37317 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Radamant inbound connection (malware-cnc.rules)
 * 1:37297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sesramot variant outbound connection (malware-cnc.rules)
 * 1:37228 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37227 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37226 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37225 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Isniffer outbound connection (malware-cnc.rules)
 * 1:37215 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37214 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37213 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37212 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pmabot outbound connection (malware-cnc.rules)
 * 1:37052 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:37047 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonterra outbound connection (malware-cnc.rules)
 * 1:37036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ModPOS outbound connection (malware-cnc.rules)
 * 1:36807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nodslit variant outbound connection (malware-cnc.rules)
 * 1:36765 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Stupeval variant outbound connection (malware-cnc.rules)
 * 1:36732 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit variant outbound connection (malware-cnc.rules)
 * 1:36639 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavex outbound connection (malware-cnc.rules)
 * 1:36522 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banker.NWT variant outbound connection (malware-cnc.rules)
 * 1:36471 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Kemoge outbound connection (malware-cnc.rules)
 * 1:36294 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nisinul variant outbound connection (malware-cnc.rules)
 * 1:36106 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hodoor APT variant outbound connection (malware-cnc.rules)
 * 1:36054 <-> ENABLED <-> MALWARE-CNC Ios.Backdoor.SYNful inbound connection (malware-cnc.rules)
 * 1:35968 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules)
 * 1:35967 <-> DISABLED <-> BROWSER-IE Microsoft Edge sandbox CreateFileW arbitrary file delete attempt (browser-ie.rules)
 * 1:35794 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:35750 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace initial outbound connection (malware-cnc.rules)
 * 1:35749 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.IsSpace outbound connection (malware-cnc.rules)
 * 1:35733 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Potao outbound connection (malware-cnc.rules)
 * 1:35387 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Andromeda initial outbound connection (malware-cnc.rules)
 * 1:35386 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedep initial outbound connection (malware-cnc.rules)
 * 1:35312 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ursnif outbound connection (malware-cnc.rules)
 * 1:35254 <-> ENABLED <-> MALWARE-CNC Win.trojan.Seaduke outbound connection (malware-cnc.rules)
 * 1:35128 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35127 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer local file information disclosure attempt (browser-ie.rules)
 * 1:35050 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elise variant outbound connection (malware-cnc.rules)
 * 1:35031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Konus outbound connection (malware-cnc.rules)
 * 1:34965 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptolocker outbound connection (malware-cnc.rules)
 * 1:34872 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Compfolder variant outbound connection (malware-cnc.rules)
 * 1:34869 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XTalker outbound connection (malware-cnc.rules)
 * 1:34818 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Emdivi outbound connection (malware-cnc.rules)
 * 1:34624 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Crypaura variant outbound connection (malware-cnc.rules)
 * 1:34609 <-> ENABLED <-> MALWARE-CNC Trojan.NitLove variant outbound connection (malware-cnc.rules)
 * 1:34608 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Punkey variant outbound connection (malware-cnc.rules)
 * 1:34572 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zinnemls variant outbound connection (malware-cnc.rules)
 * 1:34567 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.MacVX outbound connection (malware-cnc.rules)
 * 1:34491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MalPutty variant outbound connection (malware-cnc.rules)
 * 1:34489 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nalodew variant outbound connection (malware-cnc.rules)
 * 1:34476 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kriptovor variant outbound connection (malware-cnc.rules)
 * 1:34470 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34469 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nirunte variant outbound connection (malware-cnc.rules)
 * 1:34462 <-> ENABLED <-> MALWARE-CNC Linux.Downloader.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34461 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Mumblehard variant outbound connection (malware-cnc.rules)
 * 1:34460 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mozibe variant outbound connection (malware-cnc.rules)
 * 1:34459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pvzin variant outbound connection (malware-cnc.rules)
 * 1:34366 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Beebone outbound connection (malware-cnc.rules)
 * 1:34362 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mantal variant outbound connection (malware-cnc.rules)
 * 1:34347 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cheprobnk variant outbound connection (malware-cnc.rules)
 * 1:34346 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Backspace outbound connection (malware-cnc.rules)
 * 1:34329 <-> DISABLED <-> MALWARE-CNC Cryptolocker variant inbound connection (malware-cnc.rules)
 * 1:34327 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Bedepshel variant outbound connection (malware-cnc.rules)
 * 1:34322 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:34319 <-> ENABLED <-> MALWARE-CNC Win.Worm.Klogwjds variant outbound connection (malware-cnc.rules)
 * 1:34297 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34296 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Simda variant outbound connection (malware-cnc.rules)
 * 1:34286 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mudrop variant outbound connection (malware-cnc.rules)
 * 1:34263 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34262 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34261 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:34246 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AAEH variant outbound connection (malware-cnc.rules)
 * 1:34219 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Nanocore variant outbound connection (malware-cnc.rules)
 * 1:34155 <-> ENABLED <-> MALWARE-CNC MacOS.Backdoor.Xslcmd outbound connection (malware-cnc.rules)
 * 1:34140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:34132 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Erotimpact variant outbound connection (malware-cnc.rules)
 * 1:34128 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WIntruder outbound connection (malware-cnc.rules)
 * 1:34117 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Zupdax variant outbound connection (malware-cnc.rules)
 * 1:34116 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34115 <-> ENABLED <-> MALWARE-CNC MacOS.Trojan.Wirelurker variant outbound connection (malware-cnc.rules)
 * 1:34050 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Nepigon variant outbound connection (malware-cnc.rules)
 * 1:34049 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.EvilBunny variant outbound connection (malware-cnc.rules)
 * 1:34045 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eitenckay initial outbound connection (malware-cnc.rules)
 * 1:34038 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34037 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34036 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34035 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34034 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34033 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34032 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34030 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex4 initial outbound connection (malware-cnc.rules)
 * 1:34029 <-> ENABLED <-> MALWARE-CNC Win.Worm.Tuscas variant outbound connection (malware-cnc.rules)
 * 1:34026 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34025 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Endstar variant outbound connection (malware-cnc.rules)
 * 1:34013 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ayuther variant outbound connection (malware-cnc.rules)
 * 1:34012 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34011 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34010 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34009 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34008 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34007 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34006 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34005 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34004 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Explosive variant outbound connection (malware-cnc.rules)
 * 1:34003 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34002 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:34001 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Picommex outbound connection (malware-cnc.rules)
 * 1:33997 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33996 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pwexes variant outbound connection (malware-cnc.rules)
 * 1:33966 <-> ENABLED <-> MALWARE-CNC Win.Worm.Mafusc variant outbound connection (malware-cnc.rules)
 * 1:33933 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Penget variant outbound connection (malware-cnc.rules)
 * 1:33931 <-> ENABLED <-> MALWARE-CNC Win.Worm.Goldrv variant outbound connection (malware-cnc.rules)
 * 1:33893 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TeslaCrypt outbound connection (malware-cnc.rules)
 * 1:33880 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Casper outbound connection (malware-cnc.rules)
 * 1:33868 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33866 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33865 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33864 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33863 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33862 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33861 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33860 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33859 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex3 initial outbound connection (malware-cnc.rules)
 * 1:33757 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules)
 * 1:33756 <-> ENABLED <-> MALWARE-CNC Win.Ransomware.CTB-Locker outbound connection (malware-cnc.rules)
 * 1:33755 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33754 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33751 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33750 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33749 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33747 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33746 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33745 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33704 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:33678 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FannyWorm outbound connection (malware-cnc.rules)
 * 1:33650 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tinba outbound connection (malware-cnc.rules)
 * 1:33648 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33647 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33646 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.XORDDoS outbound connection (malware-cnc.rules)
 * 1:33165 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Poweliks outbound connection (malware-cnc.rules)
 * 1:33145 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dridex initial outbound connection (malware-cnc.rules)
 * 1:32910 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32909 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32908 <-> ENABLED <-> MALWARE-CNC Win.Trojan.TinyZBot outbound connection (malware-cnc.rules)
 * 1:32792 <-> ENABLED <-> MALWARE-CNC Win.Virus.Ransomlock inbound connection (malware-cnc.rules)
 * 1:32311 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rehtesyk outbound connection (malware-cnc.rules)
 * 1:32198 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mujormel outbound connection (malware-cnc.rules)
 * 1:32189 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy2 outbound connection (malware-cnc.rules)
 * 1:32188 <-> ENABLED <-> MALWARE-CNC Win.Trojan.BlackEnergy3 outbound connection (malware-cnc.rules)
 * 1:32164 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules)
 * 1:32163 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt (browser-ie.rules)
 * 1:32126 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Lizarbot outbound connection (malware-cnc.rules)
 * 1:32065 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Asprox inbound connection (malware-cnc.rules)
 * 1:31944 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tavdig outbound connection (malware-cnc.rules)
 * 1:31925 <-> ENABLED <-> MALWARE-CNC Linux.Trojan.Jynxkit outbound connection (malware-cnc.rules)
 * 1:31883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Waterspout outbound connection (malware-cnc.rules)
 * 1:31833 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chkbot outbound connection (malware-cnc.rules)
 * 1:31832 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pfinet outbound connection (malware-cnc.rules)
 * 1:31813 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:31768 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31753 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31748 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31744 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31718 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31706 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31693 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31459 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31319 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31290 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31236 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31168 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31136 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:31124 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:31123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gigade variant inbound connection (malware-cnc.rules)
 * 1:31081 <-> ENABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31014 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:30984 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:30978 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30923 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30883 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30882 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30812 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30804 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30752 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30552 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30551 <-> ENABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30482 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30064 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30063 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:29980 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:29924 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29670 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29644 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29616 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger inbound connection (malware-cnc.rules)
 * 1:29615 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Keylogger outbound connection (malware-cnc.rules)
 * 1:29440 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29353 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29340 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29334 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29333 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29332 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29331 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29325 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29307 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29302 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29289 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29155 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29149 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29031 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:28809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dofoil inbound connection (malware-cnc.rules)
 * 1:28807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:28239 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Tuxido outbound connection (malware-cnc.rules)
 * 1:28234 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Hdslogger outbound connection (malware-cnc.rules)
 * 1:28211 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28210 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28209 <-> ENABLED <-> MALWARE-CNC Win.Worm.IRCbot outbound connection (malware-cnc.rules)
 * 1:28143 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Medfos outbound connection (malware-cnc.rules)
 * 1:28141 <-> ENABLED <-> MALWARE-CNC Win.Trojan.banker outbound connection (malware-cnc.rules)
 * 1:28096 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spynet variant connection (malware-cnc.rules)
 * 1:28072 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Omexo outbound connection (malware-cnc.rules)
 * 1:27867 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Dropper outbound connection (malware-cnc.rules)
 * 1:27547 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27546 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27545 <-> ENABLED <-> MALWARE-CNC Osx.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:27201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Neurevt variant outbound connection (malware-cnc.rules)
 * 1:27152 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27150 <-> ENABLED <-> BROWSER-IE Microsoft Internet Explorer use after free attempt (browser-ie.rules)
 * 1:27023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:27022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Netweird.A outbound connection (malware-cnc.rules)
 * 1:26912 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:26911 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Rombrast Trojan outbound connection (malware-cnc.rules)
 * 1:25807 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Urausy Botnet variant outbound connection (malware-cnc.rules)
 * 1:25627 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Reventon variant outbound connection (malware-cnc.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules)
 * 1:24382 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24381 <-> ENABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24350 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24341 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:23780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begfanit.A outbound connection (malware-cnc.rules)
 * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23493 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23492 <-> ENABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:22048 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)