Talos Rules 2017-02-09
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-office, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, malware-other, policy-other, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-02-10 00:49:46 UTC

Snort Subscriber Rules Update

Date: 2017-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41542 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:41541 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:41540 <-> ENABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41539 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Malware.DistTrack (blacklist.rules)
 * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules)
 * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules)
 * 1:41535 <-> DISABLED <-> SERVER-WEBAPP Broadwin WebAccess DOS attempt (server-webapp.rules)
 * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules)
 * 1:41522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules)
 * 1:41521 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules)
 * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules)
 * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules)
 * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)

Modified Rules:


 * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:4142 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:39710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string mozilla/2.0 (blacklist.rules)
 * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:35780 <-> ENABLED <-> FILE-PDF Adobe Reader out of bounds memory read attempt (file-pdf.rules)
 * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules)
 * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules)
 * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules)
 * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules)
 * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules)
 * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules)
 * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules)
 * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules)
 * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules)
 * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules)
 * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules)
 * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules)
 * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules)
 * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules)
 * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules)
 * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules)
 * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules)
 * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules)
 * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules)
 * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules)
 * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules)
 * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules)
 * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules)
 * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules)
 * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules)
 * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules)
 * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules)
 * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules)
 * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules)
 * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules)
 * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules)
 * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules)
 * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules)
 * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules)
 * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules)
 * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules)
 * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string SurfBear (blacklist.rules)
 * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules)
 * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules)
 * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules)
 * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules)
 * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules)
 * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules)
 * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules)
 * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules)
 * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules)
 * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules)
 * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules)
 * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules)
 * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules)
 * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules)
 * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules)
 * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules)
 * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules)
 * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules)
 * 1:18353 <-> ENABLED <-> BLACKLIST User-Agent request for known PUA user agent - SelectRebates (blacklist.rules)
 * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules)
 * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules)
 * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules)
 * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules)
 * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules)
 * 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules)
 * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules)
 * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules)
 * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules)
 * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules)
 * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules)
 * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules)
 * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules)
 * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules)
 * 1:18260 <-> DISABLED <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules)
 * 1:18259 <-> DISABLED <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules)
 * 1:18258 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules)
 * 1:18257 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules)
 * 1:18256 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules)
 * 1:18255 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules)
 * 1:18254 <-> DISABLED <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules)
 * 1:18253 <-> DISABLED <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules)
 * 1:18252 <-> DISABLED <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules)
 * 1:18251 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules)
 * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules)
 * 1:17917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules)
 * 1:17916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules)
 * 1:17915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules)
 * 1:17914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules)
 * 1:17913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules)
 * 1:17912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules)
 * 1:17911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules)
 * 1:17910 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules)
 * 1:17909 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules)
 * 1:17908 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules)
 * 1:17907 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (blacklist.rules)
 * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules)
 * 1:17905 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules)
 * 1:17904 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules)
 * 1:17903 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules)
 * 1:17902 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules)
 * 1:17901 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules)
 * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules)
 * 1:17899 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules)
 * 1:17898 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (blacklist.rules)
 * 1:17897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules)
 * 1:17895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules)
 * 1:17894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules)
 * 1:17893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules)
 * 1:17891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules)
 * 1:17889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules)
 * 1:17887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules)
 * 1:17886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules)
 * 1:17885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules)
 * 1:17884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules)
 * 1:17883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules)
 * 1:17882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules)
 * 1:17881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules)
 * 1:17879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules)
 * 1:17878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules)
 * 1:17876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules)
 * 1:17875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules)
 * 1:17874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules)
 * 1:17873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules)
 * 1:17872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules)
 * 1:17871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules)
 * 1:17870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules)
 * 1:17866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules)
 * 1:17864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules)
 * 1:17863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules)
 * 1:17860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules)
 * 1:17859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules)
 * 1:17858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules)
 * 1:17857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules)
 * 1:17856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules)
 * 1:17855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules)
 * 1:17854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules)
 * 1:17853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules)
 * 1:17851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules)
 * 1:17850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules)
 * 1:17849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules)
 * 1:17847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules)
 * 1:17846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules)
 * 1:17845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules)
 * 1:17844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules)
 * 1:17843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules)
 * 1:17842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules)
 * 1:17840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules)
 * 1:17839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules)
 * 1:17838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules)
 * 1:17837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules)
 * 1:17836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules)
 * 1:17835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules)
 * 1:17834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules)
 * 1:17831 <-> DISABLED <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules)
 * 1:17830 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules)
 * 1:17828 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules)
 * 1:17827 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules)
 * 1:17826 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules)
 * 1:17824 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules)
 * 1:17821 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules)
 * 1:17819 <-> DISABLED <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules)
 * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules)
 * 1:16933 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules)
 * 1:16932 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules)
 * 1:16931 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules)
 * 1:16930 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules)
 * 1:16929 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules)
 * 1:16928 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules)
 * 1:16927 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules)
 * 1:16926 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (blacklist.rules)
 * 1:16925 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules)
 * 1:16924 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules)
 * 1:16923 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules)
 * 1:16922 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules)
 * 1:16921 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules)
 * 1:16920 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules)
 * 1:16919 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules)
 * 1:16918 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules)
 * 1:16917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules)
 * 1:16916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules)
 * 1:16915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules)
 * 1:16914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules)
 * 1:16913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules)
 * 1:16912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules)
 * 1:16911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules)
 * 1:16910 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules)
 * 1:16909 <-> DISABLED <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules)
 * 1:16908 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules)
 * 1:16907 <-> DISABLED <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules)
 * 1:16906 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules)
 * 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules)
 * 1:16902 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16901 <-> DISABLED <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules)
 * 1:16900 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules)
 * 1:16898 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules)
 * 1:16895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules)
 * 1:16893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules)
 * 1:16892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules)
 * 1:16891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules)
 * 1:16888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules)
 * 1:16887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules)
 * 1:16884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules)
 * 1:16883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules)
 * 1:16882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules)
 * 1:16881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules)
 * 1:16878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules)
 * 1:16877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules)
 * 1:16876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules)
 * 1:16875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules)
 * 1:16874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules)
 * 1:16873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules)
 * 1:16872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules)
 * 1:16871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules)
 * 1:16869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules)
 * 1:16868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules)
 * 1:16865 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules)
 * 1:16864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules)
 * 1:16863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16862 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules)
 * 1:16860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules)
 * 1:16859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules)
 * 1:16858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules)
 * 1:16855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules)
 * 1:16854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules)
 * 1:16853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules)
 * 1:16851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules)
 * 1:16850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules)
 * 1:16849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules)
 * 1:16845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules)
 * 1:16843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules)
 * 1:16842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules)
 * 1:16841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules)
 * 1:16837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules)
 * 1:16836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules)
 * 1:16835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules)
 * 1:16833 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16822 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16810 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)

2017-02-10 00:49:46 UTC

Snort Subscriber Rules Update

Date: 2017-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules)
 * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules)
 * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41521 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules)
 * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41542 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:41541 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41535 <-> DISABLED <-> SERVER-WEBAPP Broadwin WebAccess DOS attempt (server-webapp.rules)
 * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41539 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Malware.DistTrack (blacklist.rules)
 * 1:41522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules)
 * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41540 <-> ENABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules)
 * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)

Modified Rules:


 * 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules)
 * 1:16809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16822 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules)
 * 1:16835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules)
 * 1:16837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules)
 * 1:16838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules)
 * 1:16839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules)
 * 1:16843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules)
 * 1:16844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules)
 * 1:16845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules)
 * 1:16847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules)
 * 1:16851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules)
 * 1:16852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules)
 * 1:16853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules)
 * 1:16855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules)
 * 1:16856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules)
 * 1:16858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules)
 * 1:16860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules)
 * 1:16861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules)
 * 1:16862 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules)
 * 1:16865 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules)
 * 1:16868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules)
 * 1:16869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules)
 * 1:16870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules)
 * 1:16871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules)
 * 1:16873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules)
 * 1:16874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules)
 * 1:16875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules)
 * 1:16876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules)
 * 1:16877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules)
 * 1:16878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules)
 * 1:16879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules)
 * 1:16881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules)
 * 1:16883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules)
 * 1:16884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules)
 * 1:16885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules)
 * 1:16887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules)
 * 1:16890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules)
 * 1:16891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules)
 * 1:16893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules)
 * 1:16895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules)
 * 1:16896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules)
 * 1:16898 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16900 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules)
 * 1:16901 <-> DISABLED <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules)
 * 1:16902 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules)
 * 1:16906 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules)
 * 1:16907 <-> DISABLED <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules)
 * 1:16908 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules)
 * 1:16909 <-> DISABLED <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules)
 * 1:16910 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules)
 * 1:16911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules)
 * 1:16912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules)
 * 1:16913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules)
 * 1:16914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules)
 * 1:16915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules)
 * 1:16916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules)
 * 1:16917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules)
 * 1:16918 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules)
 * 1:16919 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules)
 * 1:16920 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules)
 * 1:16921 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules)
 * 1:16922 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules)
 * 1:16923 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules)
 * 1:16924 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules)
 * 1:16925 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules)
 * 1:16926 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (blacklist.rules)
 * 1:16927 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules)
 * 1:16928 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules)
 * 1:16929 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules)
 * 1:16930 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules)
 * 1:16931 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules)
 * 1:16932 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules)
 * 1:16933 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules)
 * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules)
 * 1:17819 <-> DISABLED <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules)
 * 1:17821 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules)
 * 1:17824 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules)
 * 1:17826 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules)
 * 1:17827 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules)
 * 1:17828 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules)
 * 1:17830 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules)
 * 1:17831 <-> DISABLED <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules)
 * 1:17834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules)
 * 1:17835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules)
 * 1:17836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules)
 * 1:17837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules)
 * 1:17838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules)
 * 1:17839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules)
 * 1:17840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules)
 * 1:17842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules)
 * 1:17843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules)
 * 1:17844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules)
 * 1:17845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules)
 * 1:17846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules)
 * 1:17847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules)
 * 1:17849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules)
 * 1:17850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules)
 * 1:17851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules)
 * 1:17853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules)
 * 1:17854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules)
 * 1:17855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules)
 * 1:17856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules)
 * 1:17857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules)
 * 1:17858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules)
 * 1:17859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules)
 * 1:17860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules)
 * 1:17863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules)
 * 1:17864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules)
 * 1:17866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules)
 * 1:17870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules)
 * 1:17871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules)
 * 1:17872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules)
 * 1:17873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules)
 * 1:17874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules)
 * 1:17875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules)
 * 1:17876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules)
 * 1:17878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules)
 * 1:17879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules)
 * 1:17881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules)
 * 1:17882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules)
 * 1:17883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules)
 * 1:17884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules)
 * 1:17885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules)
 * 1:17886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules)
 * 1:17887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules)
 * 1:17889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules)
 * 1:17891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules)
 * 1:17893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules)
 * 1:17894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules)
 * 1:17895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules)
 * 1:17897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules)
 * 1:17898 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (blacklist.rules)
 * 1:17899 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules)
 * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules)
 * 1:17901 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules)
 * 1:17902 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules)
 * 1:17903 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules)
 * 1:17904 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules)
 * 1:17905 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules)
 * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules)
 * 1:17907 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (blacklist.rules)
 * 1:17908 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules)
 * 1:17909 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules)
 * 1:17910 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules)
 * 1:17911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules)
 * 1:17912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules)
 * 1:17913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules)
 * 1:17914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules)
 * 1:17915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules)
 * 1:17916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules)
 * 1:17917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules)
 * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules)
 * 1:18251 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules)
 * 1:18252 <-> DISABLED <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules)
 * 1:18253 <-> DISABLED <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules)
 * 1:18254 <-> DISABLED <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules)
 * 1:18255 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules)
 * 1:18256 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules)
 * 1:18257 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules)
 * 1:18258 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules)
 * 1:18259 <-> DISABLED <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules)
 * 1:18260 <-> DISABLED <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules)
 * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules)
 * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules)
 * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules)
 * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules)
 * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules)
 * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules)
 * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules)
 * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules)
 * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:4142 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:39710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string mozilla/2.0 (blacklist.rules)
 * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules)
 * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules)
 * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules)
 * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules)
 * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules)
 * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules)
 * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules)
 * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules)
 * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules)
 * 1:35780 <-> ENABLED <-> FILE-PDF Adobe Reader out of bounds memory read attempt (file-pdf.rules)
 * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules)
 * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules)
 * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules)
 * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules)
 * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules)
 * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules)
 * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules)
 * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules)
 * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules)
 * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules)
 * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules)
 * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules)
 * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules)
 * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules)
 * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules)
 * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules)
 * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules)
 * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules)
 * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules)
 * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules)
 * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules)
 * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules)
 * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules)
 * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules)
 * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules)
 * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules)
 * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules)
 * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules)
 * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules)
 * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules)
 * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules)
 * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules)
 * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules)
 * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules)
 * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules)
 * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules)
 * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules)
 * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules)
 * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules)
 * 1:18353 <-> ENABLED <-> BLACKLIST User-Agent request for known PUA user agent - SelectRebates (blacklist.rules)
 * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules)
 * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules)
 * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules)
 * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules)
 * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules)
 * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules)
 * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string SurfBear (blacklist.rules)
 * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules)
 * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules)
 * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules)
 * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules)
 * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules)

2017-02-10 00:49:46 UTC

Snort Subscriber Rules Update

Date: 2017-02-09

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:41523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules)
 * 1:41521 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules)
 * 1:41535 <-> DISABLED <-> SERVER-WEBAPP Broadwin WebAccess DOS attempt (server-webapp.rules)
 * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules)
 * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules)
 * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules)
 * 1:41542 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41541 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:41539 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Malware.DistTrack (blacklist.rules)
 * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules)
 * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41540 <-> ENABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 1:41522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules)
 * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules)
 * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules)
 * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
 * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules)
 * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
 * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules)
 * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)

Modified Rules:


 * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:17856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules)
 * 1:17854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules)
 * 1:17855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules)
 * 1:17851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules)
 * 1:17853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules)
 * 1:17850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules)
 * 1:17847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules)
 * 1:17849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules)
 * 1:17845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules)
 * 1:17846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules)
 * 1:17844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules)
 * 1:17843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules)
 * 1:17840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules)
 * 1:17842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules)
 * 1:17838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules)
 * 1:17839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules)
 * 1:17836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules)
 * 1:17837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules)
 * 1:17834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules)
 * 1:17835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules)
 * 1:17831 <-> DISABLED <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules)
 * 1:17828 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules)
 * 1:17830 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules)
 * 1:17826 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules)
 * 1:17827 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules)
 * 1:17821 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules)
 * 1:17824 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules)
 * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules)
 * 1:17819 <-> DISABLED <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules)
 * 1:16932 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules)
 * 1:16933 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules)
 * 1:16931 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules)
 * 1:16929 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules)
 * 1:16930 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules)
 * 1:16928 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules)
 * 1:16926 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (blacklist.rules)
 * 1:16927 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules)
 * 1:16924 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules)
 * 1:16925 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules)
 * 1:16922 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules)
 * 1:16923 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules)
 * 1:16920 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules)
 * 1:16921 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules)
 * 1:16918 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules)
 * 1:16919 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules)
 * 1:16916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules)
 * 1:16917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules)
 * 1:16915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules)
 * 1:16914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules)
 * 1:16912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules)
 * 1:16913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules)
 * 1:16910 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules)
 * 1:16911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules)
 * 1:16908 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules)
 * 1:16909 <-> DISABLED <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules)
 * 1:16907 <-> DISABLED <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules)
 * 1:16906 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules)
 * 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules)
 * 1:16901 <-> DISABLED <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules)
 * 1:16902 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16898 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16900 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules)
 * 1:16895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules)
 * 1:16896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules)
 * 1:16892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules)
 * 1:16893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules)
 * 1:16890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules)
 * 1:16891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules)
 * 1:16884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules)
 * 1:16885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules)
 * 1:16883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules)
 * 1:16881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules)
 * 1:16878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules)
 * 1:16879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules)
 * 1:16876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules)
 * 1:16877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules)
 * 1:16874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules)
 * 1:16875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules)
 * 1:16873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules)
 * 1:16872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules)
 * 1:16870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules)
 * 1:16871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules)
 * 1:16869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules)
 * 1:16864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules)
 * 1:16865 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules)
 * 1:16862 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules)
 * 1:16863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules)
 * 1:16860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules)
 * 1:16859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules)
 * 1:16856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules)
 * 1:16858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules)
 * 1:16854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules)
 * 1:16855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules)
 * 1:16852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules)
 * 1:16853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules)
 * 1:16851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules)
 * 1:16847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules)
 * 1:16846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules)
 * 1:16843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules)
 * 1:16844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules)
 * 1:16841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules)
 * 1:16842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules)
 * 1:16840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules)
 * 1:16839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules)
 * 1:16837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules)
 * 1:16836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules)
 * 1:16834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules)
 * 1:16835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules)
 * 1:16833 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16822 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules)
 * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules)
 * 1:18353 <-> ENABLED <-> BLACKLIST User-Agent request for known PUA user agent - SelectRebates (blacklist.rules)
 * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules)
 * 1:39710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string mozilla/2.0 (blacklist.rules)
 * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules)
 * 1:4142 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules)
 * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules)
 * 1:17857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules)
 * 1:17858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules)
 * 1:17859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules)
 * 1:17860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules)
 * 1:17863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules)
 * 1:17864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules)
 * 1:17866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules)
 * 1:18255 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules)
 * 1:18252 <-> DISABLED <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules)
 * 1:18258 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules)
 * 1:17882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules)
 * 1:17883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules)
 * 1:17884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules)
 * 1:17885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules)
 * 1:17886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules)
 * 1:17887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules)
 * 1:17889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules)
 * 1:17891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules)
 * 1:17893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules)
 * 1:17894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules)
 * 1:17895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules)
 * 1:17897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules)
 * 1:17898 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (blacklist.rules)
 * 1:17899 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules)
 * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules)
 * 1:17901 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules)
 * 1:17902 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules)
 * 1:17903 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules)
 * 1:17904 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules)
 * 1:17905 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules)
 * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules)
 * 1:17907 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (blacklist.rules)
 * 1:17908 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules)
 * 1:17909 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules)
 * 1:17910 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules)
 * 1:17911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules)
 * 1:17912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules)
 * 1:17913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules)
 * 1:17914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules)
 * 1:17915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules)
 * 1:17916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules)
 * 1:17917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules)
 * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules)
 * 1:18251 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules)
 * 1:18253 <-> DISABLED <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules)
 * 1:17881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules)
 * 1:18259 <-> DISABLED <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules)
 * 1:18254 <-> DISABLED <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules)
 * 1:18256 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules)
 * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules)
 * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules)
 * 1:17878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules)
 * 1:17879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules)
 * 1:17876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules)
 * 1:17874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules)
 * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules)
 * 1:17875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules)
 * 1:17872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules)
 * 1:17873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules)
 * 1:17871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules)
 * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules)
 * 1:17870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules)
 * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules)
 * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules)
 * 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules)
 * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules)
 * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules)
 * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:35780 <-> ENABLED <-> FILE-PDF Adobe Reader out of bounds memory read attempt (file-pdf.rules)
 * 1:18260 <-> DISABLED <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules)
 * 1:18257 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules)
 * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules)
 * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules)
 * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules)
 * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules)
 * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules)
 * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules)
 * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules)
 * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules)
 * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules)
 * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string SurfBear (blacklist.rules)
 * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules)
 * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules)
 * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules)
 * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules)
 * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules)
 * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules)
 * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules)
 * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules)
 * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules)
 * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules)
 * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules)
 * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules)
 * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules)
 * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules)
 * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules)
 * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules)
 * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules)
 * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules)
 * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules)
 * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules)
 * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules)
 * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules)
 * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules)
 * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules)
 * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules)
 * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules)
 * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules)
 * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules)
 * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules)
 * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules)
 * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules)
 * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules)
 * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules)
 * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules)
 * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules)
 * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules)
 * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules)
 * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules)
 * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules)
 * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules)
 * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules)
 * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules)
 * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules)
 * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules)
 * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules)
 * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules)
 * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules)
 * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules)
 * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules)
 * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules)