Talos Rules 2017-09-14
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the blacklist, browser-ie, file-office, malware-backdoor, malware-cnc, malware-other, malware-tools and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-09-14 16:11:47 UTC

Snort Subscriber Rules Update

Date: 2017-09-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44364 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:44363 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules)
 * 1:44362 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Sality (blacklist.rules)
 * 1:44361 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44360 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44359 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules)

Modified Rules:


 * 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules)
 * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules)
 * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules)
 * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules)
 * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules)
 * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules)
 * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules)
 * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules)
 * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules)
 * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules)
 * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules)
 * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules)
 * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules)
 * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules)
 * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules)
 * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules)
 * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules)
 * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules)
 * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules)
 * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules)
 * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules)
 * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules)
 * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules)
 * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules)
 * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules)
 * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules)
 * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules)
 * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules)
 * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules)
 * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules)
 * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules)
 * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules)
 * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules)
 * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules)
 * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules)
 * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules)
 * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules)
 * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules)
 * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules)
 * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules)
 * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules)
 * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules)
 * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules)
 * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules)
 * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules)
 * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules)
 * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules)
 * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules)
 * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules)
 * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules)
 * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules)
 * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules)
 * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules)
 * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules)
 * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules)
 * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules)
 * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules)
 * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules)
 * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules)
 * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules)
 * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules)
 * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules)
 * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules)
 * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules)
 * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules)
 * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules)
 * 1:5790 <-> DISABLED <-> MALWARE-OTHER Keylogger pc actmon pro runtime detection - smtp (malware-other.rules)
 * 1:5784 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae urls browsed log (malware-other.rules)
 * 1:5783 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae keystrokes log (malware-other.rules)
 * 1:5782 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae word filtered echelon log (malware-other.rules)
 * 1:5781 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae windows activity logs (malware-other.rules)
 * 1:5780 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe word filtered echelon log (malware-other.rules)
 * 1:5779 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe shell file logs (malware-other.rules)
 * 1:5778 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe windows activity logs (malware-other.rules)
 * 1:5777 <-> DISABLED <-> MALWARE-OTHER Keylogger gurl watcher runtime detection (malware-other.rules)
 * 1:5759 <-> DISABLED <-> MALWARE-OTHER Keylogger fearlesskeyspy runtime detection (malware-other.rules)
 * 1:5742 <-> DISABLED <-> MALWARE-OTHER Keylogger activitylogger runtime detection (malware-other.rules)
 * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:39529 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:39528 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules)
 * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules)
 * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules)
 * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules)
 * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection port 63536 (malware-cnc.rules)
 * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection (malware-cnc.rules)
 * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection (malware-cnc.rules)
 * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules)
 * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules)
 * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules)
 * 1:26853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules)
 * 1:26852 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules)
 * 1:24976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules)
 * 1:24917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules)
 * 1:24916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Dycler variant outbound connection (malware-cnc.rules)
 * 1:24623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork variant outbound connection (malware-cnc.rules)
 * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Barus variant outbound connection (malware-cnc.rules)
 * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules)
 * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules)
 * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules)
 * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot variant outbound connection (malware-cnc.rules)
 * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules)
 * 1:24529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begman variant connection to cnc-server (malware-cnc.rules)
 * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules)
 * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules)
 * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules)
 * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules)
 * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules)
 * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection (malware-cnc.rules)
 * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules)
 * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules)
 * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules)
 * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules)
 * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules)
 * 1:24374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules)
 * 1:24373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules)
 * 1:24369 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign ur.php response detected (malware-cnc.rules)
 * 1:24368 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules)
 * 1:24347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bloropac variant outbound connection (malware-cnc.rules)
 * 1:24346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drexonin variant outbound connection (malware-cnc.rules)
 * 1:24334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flexty variant outbound connection (malware-cnc.rules)
 * 1:24271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Bancos variant outbound connection (malware-cnc.rules)
 * 1:24191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raven variant outbound connection (malware-cnc.rules)
 * 1:24175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules)
 * 1:24174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules)
 * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules)
 * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clisbot variant outbound connection (malware-cnc.rules)
 * 1:24082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules)
 * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules)
 * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransomer variant outbound connection (malware-cnc.rules)
 * 1:23977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome runtime update to cnc-server (malware-cnc.rules)
 * 1:23976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome initial variant outbound connection (malware-cnc.rules)
 * 1:23973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vampols variant inbound connection (malware-cnc.rules)
 * 1:23971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabwak variant outbound connection (malware-cnc.rules)
 * 1:23963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Runagry variant outbound connection (malware-cnc.rules)
 * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules)
 * 1:23953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comfoo variant outbound connection (malware-cnc.rules)
 * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules)
 * 1:23949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TKcik variant outbound connection (malware-cnc.rules)
 * 1:23948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sicisono variant outbound connection (malware-cnc.rules)
 * 1:23941 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Aharm variant outbound connection (malware-cnc.rules)
 * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dtfanri variant outbound connection (malware-cnc.rules)
 * 1:23876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scirib variant outbound connection (malware-cnc.rules)
 * 1:23794 <-> DISABLED <-> MALWARE-CNC known command and control traffic (malware-cnc.rules)
 * 1:23788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules)
 * 1:23787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules)
 * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules)
 * 1:23634 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant outbound connection (malware-cnc.rules)
 * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules)
 * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules)
 * 1:23597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.DHD variant outbound connection (malware-cnc.rules)
 * 1:23595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:23594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:23593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:23495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kugdifod.A variant outbound connection (malware-cnc.rules)
 * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules)
 * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules)
 * 1:23469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:23468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules)
 * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules)
 * 1:23447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules)
 * 1:23446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules)
 * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules)
 * 1:23390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules)
 * 1:23389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules)
 * 1:23387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules)
 * 1:23380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ventana initial variant outbound connection (malware-cnc.rules)
 * 1:23379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leepload variant outbound connection (malware-cnc.rules)
 * 1:23378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules)
 * 1:23377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules)
 * 1:23344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Harvso.A variant outbound connection (malware-cnc.rules)
 * 1:23343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules)
 * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules)
 * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules)
 * 1:23333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker initial C&C checkin (malware-cnc.rules)
 * 1:23317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper initial variant outbound connection (malware-cnc.rules)
 * 1:23308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bucriv variant outbound connection (malware-cnc.rules)
 * 1:23306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealer connect to server (malware-cnc.rules)
 * 1:23257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules)
 * 1:23255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules)
 * 1:23252 <-> DISABLED <-> MALWARE-CNC MacOS.MacKontrol variant outbound connection (malware-cnc.rules)
 * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules)
 * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules)
 * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules)
 * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules)
 * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules)
 * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules)
 * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules)
 * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules)
 * 1:21978 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules)
 * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules)
 * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules)
 * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules)
 * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules)
 * 1:21846 <-> DISABLED <-> MALWARE-CNC TDS Sutra - request in.cgi (malware-cnc.rules)
 * 1:21769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogonInvader.a variant outbound connection (malware-cnc.rules)
 * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules)
 * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules)
 * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules)
 * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules)
 * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules)
 * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules)
 * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules)
 * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules)
 * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules)
 * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules)
 * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:21416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch authentication string detected (malware-cnc.rules)
 * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules)
 * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules)
 * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules)
 * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules)
 * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules)
 * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules)
 * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules)
 * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules)
 * 1:21376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Microjoin activity detected (malware-cnc.rules)
 * 1:21374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose.EF runtime traffic detected (malware-cnc.rules)
 * 1:21373 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules)
 * 1:21372 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules)
 * 1:21369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules)
 * 1:21368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules)
 * 1:21367 <-> DISABLED <-> MALWARE-CNC Win32 VB.abcl runtime traffic detected (malware-cnc.rules)
 * 1:21366 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y INSTALL traffic detected (malware-cnc.rules)
 * 1:21365 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules)
 * 1:21364 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules)
 * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules)
 * 1:21361 <-> DISABLED <-> MALWARE-CNC Worm.Win32.TDownland.ca runtime traffic detected (malware-cnc.rules)
 * 1:21360 <-> DISABLED <-> MALWARE-CNC Win32 Agent.dbzx runtime traffic detected (malware-cnc.rules)
 * 1:21359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.jju runtime traffic detected (malware-cnc.rules)
 * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules)
 * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules)
 * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules)
 * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules)
 * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules)
 * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules)
 * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules)
 * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules)
 * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules)
 * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules)
 * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules)
 * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules)
 * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules)
 * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules)
 * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules)
 * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules)
 * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules)
 * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules)
 * 1:21028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usinec connect to server (malware-cnc.rules)
 * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules)
 * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules)
 * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules)
 * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules)
 * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules)
 * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules)
 * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules)
 * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules)
 * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules)
 * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules)
 * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules)
 * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules)
 * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules)
 * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules)
 * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules)
 * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules)
 * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules)
 * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules)
 * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules)
 * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules)
 * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules)
 * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules)
 * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules)
 * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules)
 * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules)
 * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules)
 * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules)
 * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules)
 * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules)
 * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules)
 * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules)
 * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules)
 * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules)
 * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules)
 * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules)
 * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules)
 * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules)
 * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules)
 * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules)
 * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules)
 * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules)
 * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules)
 * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules)
 * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules)
 * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules)
 * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules)
 * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules)
 * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules)
 * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules)
 * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules)
 * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules)
 * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules)
 * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules)
 * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules)
 * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules)
 * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules)
 * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules)
 * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules)
 * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules)
 * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules)
 * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules)
 * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules)
 * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules)
 * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules)
 * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules)
 * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules)
 * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules)
 * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)
 * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules)
 * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules)
 * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules)
 * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules)
 * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules)
 * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules)
 * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules)
 * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules)
 * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules)
 * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules)
 * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules)
 * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules)
 * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules)
 * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules)
 * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules)
 * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules)
 * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules)
 * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules)
 * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules)
 * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules)
 * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules)
 * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules)
 * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules)
 * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules)
 * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules)
 * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules)
 * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules)
 * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules)
 * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules)
 * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules)
 * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules)
 * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules)
 * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules)
 * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules)
 * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules)
 * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules)
 * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules)
 * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules)
 * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules)
 * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules)
 * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules)
 * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules)
 * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules)
 * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules)
 * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules)
 * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules)
 * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules)
 * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules)
 * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules)
 * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules)
 * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules)
 * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules)
 * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules)
 * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules)
 * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules)
 * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules)
 * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules)
 * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules)
 * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:7164 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file server-to-client (malware-other.rules)
 * 1:7169 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange (malware-other.rules)
 * 1:7176 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules)
 * 1:7177 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - info send through email (malware-other.rules)
 * 1:7180 <-> DISABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules)
 * 1:7183 <-> DISABLED <-> MALWARE-CNC Snoopware barok variant outbound connection (malware-cnc.rules)
 * 1:7184 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - smtp (malware-other.rules)
 * 1:7185 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - ftp (malware-other.rules)
 * 1:7186 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb Keylogger runtime detection (malware-other.rules)
 * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules)
 * 1:7504 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - ftp-data (malware-other.rules)
 * 1:7505 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - smtp (malware-other.rules)
 * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules)
 * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules)
 * 1:7539 <-> DISABLED <-> MALWARE-OTHER Keylogger eye spy pro 1.0 runtime detection (malware-other.rules)
 * 1:7541 <-> DISABLED <-> MALWARE-OTHER Keylogger starlogger runtime detection (malware-other.rules)
 * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules)
 * 1:7546 <-> DISABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection (malware-other.rules)
 * 1:7547 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent status monitoring (malware-other.rules)
 * 1:7548 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent up notification (malware-other.rules)
 * 1:7549 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection (malware-other.rules)
 * 1:7551 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - smtp (malware-other.rules)
 * 1:7552 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp (malware-other.rules)
 * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules)
 * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules)
 * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules)
 * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules)
 * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules)
 * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules)
 * 1:7574 <-> DISABLED <-> MALWARE-OTHER Keylogger proagent 2.0 runtime detection (malware-other.rules)
 * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules)
 * 1:7592 <-> DISABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection (malware-other.rules)
 * 1:7597 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection (malware-other.rules)
 * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules)
 * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules)
 * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules)
 * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules)
 * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data connection (malware-backdoor.rules)
 * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules)
 * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules)
 * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules)
 * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules)
 * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules)
 * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules)
 * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules)
 * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules)
 * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules)
 * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules)
 * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules)
 * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules)
 * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules)
 * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules)
 * 1:6190 <-> DISABLED <-> MALWARE-OTHER Keylogger eblaster 5.0 runtime detection (malware-other.rules)
 * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules)
 * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules)
 * 1:6207 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - smtp (malware-other.rules)
 * 1:6208 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - ftp (malware-other.rules)
 * 1:6220 <-> DISABLED <-> MALWARE-OTHER Keylogger boss everyware runtime detection (malware-other.rules)
 * 1:6221 <-> DISABLED <-> MALWARE-OTHER Keylogger computerspy runtime detection (malware-other.rules)
 * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules)
 * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules)
 * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules)
 * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 variant outbound connection (malware-cnc.rules)
 * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules)
 * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules)
 * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules)
 * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules)
 * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules)
 * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules)
 * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules)
 * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules)
 * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules)
 * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules)
 * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules)
 * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules)
 * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules)
 * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules)
 * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules)
 * 1:6324 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection (malware-backdoor.rules)
 * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules)
 * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules)
 * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules)
 * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules)
 * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules)
 * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules)
 * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules)
 * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules)
 * 1:6340 <-> DISABLED <-> MALWARE-OTHER Keylogger handy keylogger runtime detection (malware-other.rules)
 * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules)
 * 1:6383 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (malware-other.rules)
 * 1:6384 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (malware-other.rules)
 * 1:6385 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (malware-other.rules)
 * 1:6386 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent up notification (malware-other.rules)
 * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules)
 * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules)
 * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules)
 * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules)
 * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules)
 * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules)
 * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules)
 * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules)
 * 1:6474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.loosky.gen variant outbound connection notification (malware-cnc.rules)
 * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules)
 * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules)
 * 1:6492 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (malware-backdoor.rules)
 * 1:6493 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (malware-backdoor.rules)
 * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules)
 * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules)
 * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules)
 * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules)
 * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules)
 * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules)
 * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules)
 * 1:7073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection notification (malware-cnc.rules)
 * 1:7074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection cmd (malware-cnc.rules)
 * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules)
 * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules)
 * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules)
 * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules)
 * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules)
 * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules)
 * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules)
 * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules)
 * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules)
 * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules)
 * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules)
 * 1:7154 <-> DISABLED <-> MALWARE-OTHER Keylogger active keylogger home runtime detection (malware-other.rules)
 * 1:7156 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - email delivery (malware-other.rules)
 * 1:7158 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn server-to-client (malware-other.rules)
 * 1:7160 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file server-to-client (malware-other.rules)
 * 1:7162 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file server-to-client (malware-other.rules)
 * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules)
 * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules)
 * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules)
 * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR Win.Exploit.Backdoor ncph runtime detection - initial connection (malware-backdoor.rules)
 * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules)
 * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules)
 * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules)
 * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules)
 * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules)
 * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules)
 * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules)
 * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules)
 * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules)
 * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules)
 * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules)
 * 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules)
 * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules)
 * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules)
 * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules)
 * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules)
 * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules)
 * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules)
 * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules)
 * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules)
 * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules)
 * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules)
 * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules)
 * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules)
 * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules)
 * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules)
 * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules)
 * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules)
 * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules)
 * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules)
 * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules)
 * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules)
 * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules)
 * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules)
 * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules)
 * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules)
 * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules)
 * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules)
 * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules)
 * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules)
 * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules)
 * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules)
 * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules)
 * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules)
 * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules)
 * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules)
 * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules)
 * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules)
 * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules)
 * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules)
 * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules)
 * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules)
 * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules)
 * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules)
 * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules)
 * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules)
 * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules)
 * 1:7814 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - stc (malware-backdoor.rules)
 * 1:7816 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - cts (malware-backdoor.rules)
 * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules)
 * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules)
 * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules)
 * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules)
 * 1:7837 <-> DISABLED <-> MALWARE-OTHER Keylogger spyoutside runtime detection - email delivery (malware-other.rules)
 * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules)
 * 1:7847 <-> DISABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection - send log through email (malware-other.rules)
 * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules)
 * 1:7857 <-> DISABLED <-> MALWARE-OTHER Keylogger EliteKeylogger runtime detection (malware-other.rules)
 * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules)
 * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules)
 * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules)
 * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules)
 * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules)
 * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules)
 * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules)
 * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules)
 * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules)
 * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules)
 * 1:8466 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules)
 * 1:8467 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - remote login response (malware-other.rules)
 * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules)
 * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules)
 * 1:8544 <-> DISABLED <-> MALWARE-OTHER Keylogger nicespy runtime detection - smtp (malware-other.rules)
 * 1:8548 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules)
 * 1:9326 <-> DISABLED <-> MALWARE-OTHER netsky.p smtp propagation detection (malware-other.rules)
 * 1:9327 <-> DISABLED <-> MALWARE-OTHER netsky.af smtp propagation detection (malware-other.rules)
 * 1:9328 <-> DISABLED <-> MALWARE-OTHER zhangpo smtp propagation detection (malware-other.rules)
 * 1:9330 <-> DISABLED <-> MALWARE-OTHER mydoom.e smtp propagation detection (malware-other.rules)
 * 1:9331 <-> DISABLED <-> MALWARE-OTHER mydoom.m smtp propagation detection (malware-other.rules)
 * 1:9332 <-> DISABLED <-> MALWARE-OTHER mimail.a smtp propagation detection (malware-other.rules)
 * 1:9333 <-> DISABLED <-> MALWARE-OTHER mimail.e smtp propagation detection (malware-other.rules)
 * 1:9334 <-> DISABLED <-> MALWARE-OTHER lovgate.c smtp propagation detection (malware-other.rules)
 * 1:9335 <-> DISABLED <-> MALWARE-OTHER netsky.b smtp propagation detection (malware-other.rules)
 * 1:9336 <-> DISABLED <-> MALWARE-OTHER netsky.t smtp propagation detection (malware-other.rules)
 * 1:9337 <-> DISABLED <-> MALWARE-OTHER netsky.x smtp propagation detection (malware-other.rules)
 * 1:9338 <-> DISABLED <-> MALWARE-OTHER mydoom.i smtp propagation detection (malware-other.rules)
 * 1:9339 <-> DISABLED <-> MALWARE-OTHER klez.g web propagation detection (malware-other.rules)
 * 1:9340 <-> DISABLED <-> MALWARE-OTHER klez.i web propagation detection (malware-other.rules)
 * 1:9341 <-> DISABLED <-> MALWARE-OTHER sasser open ftp command shell (malware-other.rules)
 * 1:9342 <-> DISABLED <-> MALWARE-OTHER paroc.a smtp propagation detection (malware-other.rules)
 * 1:9343 <-> DISABLED <-> MALWARE-OTHER kadra smtp propagation detection (malware-other.rules)
 * 1:9344 <-> DISABLED <-> MALWARE-OTHER kindal smtp propagation detection (malware-other.rules)
 * 1:9345 <-> DISABLED <-> MALWARE-OTHER kipis.a smtp propagation detection (malware-other.rules)
 * 1:9346 <-> DISABLED <-> MALWARE-OTHER klez.b web propagation detection (malware-other.rules)
 * 1:9347 <-> DISABLED <-> MALWARE-OTHER klez.b netshare propagation detection (malware-other.rules)
 * 1:9348 <-> DISABLED <-> MALWARE-OTHER morbex smtp propagation detection (malware-other.rules)
 * 1:9349 <-> DISABLED <-> MALWARE-OTHER plemood smtp propagation detection (malware-other.rules)
 * 1:9350 <-> DISABLED <-> MALWARE-OTHER mimail.k smtp propagation detection (malware-other.rules)
 * 1:9351 <-> DISABLED <-> MALWARE-OTHER lovgate.a netshare propagation detection (malware-other.rules)
 * 1:9352 <-> DISABLED <-> MALWARE-OTHER lovgate.a smtp propagation detection (malware-other.rules)
 * 1:9353 <-> DISABLED <-> MALWARE-OTHER deborm.x netshare propagation detection (malware-other.rules)
 * 1:9354 <-> DISABLED <-> MALWARE-OTHER deborm.y netshare propagation detection (malware-other.rules)
 * 1:9355 <-> DISABLED <-> MALWARE-OTHER deborm.u netshare propagation detection (malware-other.rules)
 * 1:9356 <-> DISABLED <-> MALWARE-OTHER deborm.q netshare propagation detection (malware-other.rules)
 * 1:9357 <-> DISABLED <-> MALWARE-OTHER deborm.r netshare propagation detection (malware-other.rules)
 * 1:9358 <-> DISABLED <-> MALWARE-OTHER fizzer smtp propagation detection (malware-other.rules)
 * 1:9359 <-> DISABLED <-> MALWARE-OTHER zafi.b smtp propagation detection (malware-other.rules)
 * 1:9360 <-> DISABLED <-> MALWARE-OTHER cult.b smtp propagation detection (malware-other.rules)
 * 1:9361 <-> DISABLED <-> MALWARE-OTHER mimail.l smtp propagation detection (malware-other.rules)
 * 1:9362 <-> DISABLED <-> MALWARE-OTHER mimail.m smtp propagation detection (malware-other.rules)
 * 1:9363 <-> DISABLED <-> MALWARE-OTHER klez.d web propagation detection (malware-other.rules)
 * 1:9364 <-> DISABLED <-> MALWARE-OTHER klez.e web propagation detection (malware-other.rules)
 * 1:9365 <-> DISABLED <-> MALWARE-OTHER cult.c smtp propagation detection (malware-other.rules)
 * 1:9366 <-> DISABLED <-> MALWARE-OTHER mimail.s smtp propagation detection (malware-other.rules)
 * 1:9367 <-> DISABLED <-> MALWARE-OTHER anset.b smtp propagation detection (malware-other.rules)
 * 1:9368 <-> DISABLED <-> MALWARE-OTHER agist.a smtp propagation detection (malware-other.rules)
 * 1:9369 <-> DISABLED <-> MALWARE-OTHER atak.a smtp propagation detection (malware-other.rules)
 * 1:9370 <-> DISABLED <-> MALWARE-OTHER bagle.b smtp propagation detection (malware-other.rules)
 * 1:9371 <-> DISABLED <-> MALWARE-OTHER bagle.e smtp propagation detection (malware-other.rules)
 * 1:9372 <-> DISABLED <-> MALWARE-OTHER blebla.a smtp propagation detection (malware-other.rules)
 * 1:9373 <-> DISABLED <-> MALWARE-OTHER clepa smtp propagation detection (malware-other.rules)
 * 1:9374 <-> DISABLED <-> MALWARE-OTHER creepy.b smtp propagation detection (malware-other.rules)
 * 1:9375 <-> DISABLED <-> MALWARE-OTHER duksten.c smtp propagation detection (malware-other.rules)
 * 1:9376 <-> DISABLED <-> MALWARE-OTHER fishlet.a smtp propagation detection (malware-other.rules)
 * 1:9377 <-> DISABLED <-> MALWARE-OTHER mydoom.g smtp propagation detection (malware-other.rules)
 * 1:9378 <-> DISABLED <-> MALWARE-OTHER netsky.q smtp propagation detection (malware-other.rules)
 * 1:9379 <-> DISABLED <-> MALWARE-OTHER netsky.s smtp propagation detection (malware-other.rules)
 * 1:9380 <-> DISABLED <-> MALWARE-OTHER jitux msn messenger propagation detection (malware-other.rules)
 * 1:9381 <-> DISABLED <-> MALWARE-OTHER lara smtp propagation detection (malware-other.rules)
 * 1:9382 <-> DISABLED <-> MALWARE-OTHER fearso.c smtp propagation detection (malware-other.rules)
 * 1:9383 <-> DISABLED <-> MALWARE-OTHER netsky.y smtp propagation detection (malware-other.rules)
 * 1:9384 <-> DISABLED <-> MALWARE-OTHER beglur.a smtp propagation detection (malware-other.rules)
 * 1:9385 <-> DISABLED <-> MALWARE-OTHER collo.a smtp propagation detection (malware-other.rules)
 * 1:9386 <-> DISABLED <-> MALWARE-OTHER bagle.f smtp propagation detection (malware-other.rules)
 * 1:9387 <-> DISABLED <-> MALWARE-OTHER klez.j web propagation detection (malware-other.rules)
 * 1:9388 <-> DISABLED <-> MALWARE-OTHER mimail.g smtp propagation detection (malware-other.rules)
 * 1:9389 <-> DISABLED <-> MALWARE-OTHER bagle.i smtp propagation detection (malware-other.rules)
 * 1:9390 <-> DISABLED <-> MALWARE-OTHER deborm.d netshare propagation detection (malware-other.rules)
 * 1:9391 <-> DISABLED <-> MALWARE-OTHER mimail.i smtp propagation detection (malware-other.rules)
 * 1:9392 <-> DISABLED <-> MALWARE-OTHER bagle.j smtp propagation detection (malware-other.rules)
 * 1:9393 <-> DISABLED <-> MALWARE-OTHER bagle.k smtp propagation detection (malware-other.rules)
 * 1:9394 <-> DISABLED <-> MALWARE-OTHER bagle.n smtp propagation detection (malware-other.rules)
 * 1:9395 <-> DISABLED <-> MALWARE-OTHER deborm.j netshare propagation detection (malware-other.rules)
 * 1:9396 <-> DISABLED <-> MALWARE-OTHER deborm.t netshare propagation detection (malware-other.rules)
 * 1:9397 <-> DISABLED <-> MALWARE-OTHER neysid smtp propagation detection (malware-other.rules)
 * 1:9398 <-> DISABLED <-> MALWARE-OTHER totilix.a smtp propagation detection (malware-other.rules)
 * 1:9399 <-> DISABLED <-> MALWARE-OTHER hanged smtp propagation detection (malware-other.rules)
 * 1:9400 <-> DISABLED <-> MALWARE-OTHER abotus smtp propagation detection (malware-other.rules)
 * 1:9401 <-> DISABLED <-> MALWARE-OTHER gokar http propagation detection (malware-other.rules)
 * 1:9402 <-> DISABLED <-> MALWARE-OTHER welchia tftp propagation detection (malware-other.rules)
 * 1:9403 <-> DISABLED <-> MALWARE-OTHER netsky.aa smtp propagation detection (malware-other.rules)
 * 1:9404 <-> DISABLED <-> MALWARE-OTHER netsky.ac smtp propagation detection (malware-other.rules)
 * 1:9406 <-> DISABLED <-> MALWARE-OTHER lovgate.e smtp propagation detection (malware-other.rules)
 * 1:9407 <-> DISABLED <-> MALWARE-OTHER lovgate.b netshare propagation detection (malware-other.rules)
 * 1:9408 <-> DISABLED <-> MALWARE-OTHER lacrow smtp propagation detection (malware-other.rules)
 * 1:9409 <-> DISABLED <-> MALWARE-OTHER atak.b smtp propagation detection (malware-other.rules)
 * 1:9410 <-> DISABLED <-> MALWARE-OTHER netsky.z smtp propagation detection (malware-other.rules)
 * 1:9411 <-> DISABLED <-> MALWARE-OTHER mimail.f smtp propagation detection (malware-other.rules)
 * 1:9412 <-> DISABLED <-> MALWARE-OTHER sinmsn.b msn propagation detection (malware-other.rules)
 * 1:9413 <-> DISABLED <-> MALWARE-OTHER ganda smtp propagation detection (malware-other.rules)
 * 1:9414 <-> DISABLED <-> MALWARE-OTHER lovelorn.a smtp propagation detection (malware-other.rules)
 * 1:9415 <-> DISABLED <-> MALWARE-OTHER plexus.a smtp propagation detection (malware-other.rules)
 * 1:9416 <-> DISABLED <-> MALWARE-OTHER bagle.at smtp propagation detection (malware-other.rules)
 * 1:9417 <-> DISABLED <-> MALWARE-OTHER bagle.a smtp propagation detection (malware-other.rules)
 * 1:9424 <-> DISABLED <-> MALWARE-OTHER /winnt/explorer.exe unicode klez infection (malware-other.rules)
 * 1:9425 <-> DISABLED <-> MALWARE-OTHER netsky attachment (malware-other.rules)
 * 1:9426 <-> DISABLED <-> MALWARE-OTHER mydoom.ap attachment (malware-other.rules)
 * 1:9647 <-> DISABLED <-> MALWARE-OTHER Keylogger system surveillance pro runtime detection (malware-other.rules)
 * 1:9648 <-> DISABLED <-> MALWARE-OTHER Keylogger emailspypro runtime detection (malware-other.rules)
 * 1:9650 <-> DISABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection (malware-other.rules)
 * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:9655 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules)
 * 1:9657 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:9659 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - file manage (malware-backdoor.rules)
 * 1:9661 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - show processes (malware-backdoor.rules)
 * 1:9663 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - start remote shell (malware-backdoor.rules)
 * 1:9665 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection - init connection (malware-backdoor.rules)
 * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules)
 * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules)
 * 1:9827 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - smtp (malware-other.rules)
 * 1:9828 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - ftp (malware-other.rules)
 * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules)
 * 1:9830 <-> DISABLED <-> MALWARE-OTHER Keylogger supreme spy runtime detection (malware-other.rules)
 * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules)
 * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules)
 * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules)
 * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules)
 * 1:9838 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules)
 * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules)

2017-09-14 16:11:47 UTC

Snort Subscriber Rules Update

Date: 2017-09-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44362 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Sality (blacklist.rules)
 * 1:44361 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44364 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:44359 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44360 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44363 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules)
 * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules)

Modified Rules:


 * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules)
 * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules)
 * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules)
 * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules)
 * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules)
 * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules)
 * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules)
 * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules)
 * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules)
 * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules)
 * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules)
 * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules)
 * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules)
 * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules)
 * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules)
 * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules)
 * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules)
 * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules)
 * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules)
 * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules)
 * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules)
 * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules)
 * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules)
 * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules)
 * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules)
 * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules)
 * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules)
 * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules)
 * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules)
 * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules)
 * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules)
 * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules)
 * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules)
 * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules)
 * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules)
 * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules)
 * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules)
 * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules)
 * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules)
 * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules)
 * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules)
 * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules)
 * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules)
 * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules)
 * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules)
 * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules)
 * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules)
 * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules)
 * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules)
 * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules)
 * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules)
 * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules)
 * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules)
 * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules)
 * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules)
 * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules)
 * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules)
 * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules)
 * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)
 * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules)
 * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules)
 * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules)
 * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules)
 * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules)
 * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules)
 * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules)
 * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules)
 * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules)
 * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules)
 * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules)
 * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules)
 * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules)
 * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules)
 * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules)
 * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules)
 * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules)
 * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules)
 * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules)
 * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules)
 * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules)
 * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules)
 * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules)
 * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules)
 * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules)
 * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules)
 * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules)
 * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules)
 * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules)
 * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules)
 * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules)
 * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules)
 * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules)
 * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules)
 * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules)
 * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules)
 * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules)
 * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules)
 * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules)
 * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules)
 * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules)
 * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules)
 * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules)
 * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules)
 * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules)
 * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules)
 * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules)
 * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules)
 * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules)
 * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules)
 * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules)
 * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules)
 * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules)
 * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules)
 * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules)
 * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules)
 * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules)
 * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules)
 * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules)
 * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules)
 * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules)
 * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules)
 * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules)
 * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules)
 * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules)
 * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules)
 * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules)
 * 1:21028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usinec connect to server (malware-cnc.rules)
 * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules)
 * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules)
 * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules)
 * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules)
 * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules)
 * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules)
 * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules)
 * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules)
 * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules)
 * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules)
 * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules)
 * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules)
 * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules)
 * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules)
 * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules)
 * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules)
 * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules)
 * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules)
 * 1:21359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.jju runtime traffic detected (malware-cnc.rules)
 * 1:21360 <-> DISABLED <-> MALWARE-CNC Win32 Agent.dbzx runtime traffic detected (malware-cnc.rules)
 * 1:21361 <-> DISABLED <-> MALWARE-CNC Worm.Win32.TDownland.ca runtime traffic detected (malware-cnc.rules)
 * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules)
 * 1:21364 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules)
 * 1:21365 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules)
 * 1:21366 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y INSTALL traffic detected (malware-cnc.rules)
 * 1:21367 <-> DISABLED <-> MALWARE-CNC Win32 VB.abcl runtime traffic detected (malware-cnc.rules)
 * 1:21368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules)
 * 1:21369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules)
 * 1:21372 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules)
 * 1:21373 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules)
 * 1:21374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose.EF runtime traffic detected (malware-cnc.rules)
 * 1:21376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Microjoin activity detected (malware-cnc.rules)
 * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules)
 * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules)
 * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules)
 * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules)
 * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules)
 * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules)
 * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules)
 * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules)
 * 1:21416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch authentication string detected (malware-cnc.rules)
 * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules)
 * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules)
 * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules)
 * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules)
 * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules)
 * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules)
 * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules)
 * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules)
 * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules)
 * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules)
 * 1:21769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogonInvader.a variant outbound connection (malware-cnc.rules)
 * 1:21846 <-> DISABLED <-> MALWARE-CNC TDS Sutra - request in.cgi (malware-cnc.rules)
 * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules)
 * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules)
 * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules)
 * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules)
 * 1:21978 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules)
 * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules)
 * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules)
 * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules)
 * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules)
 * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules)
 * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules)
 * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules)
 * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules)
 * 1:23252 <-> DISABLED <-> MALWARE-CNC MacOS.MacKontrol variant outbound connection (malware-cnc.rules)
 * 1:23255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules)
 * 1:23257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules)
 * 1:23306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealer connect to server (malware-cnc.rules)
 * 1:23308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bucriv variant outbound connection (malware-cnc.rules)
 * 1:23317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper initial variant outbound connection (malware-cnc.rules)
 * 1:23333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker initial C&C checkin (malware-cnc.rules)
 * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules)
 * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules)
 * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules)
 * 1:23343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Harvso.A variant outbound connection (malware-cnc.rules)
 * 1:23377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules)
 * 1:23378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules)
 * 1:23379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leepload variant outbound connection (malware-cnc.rules)
 * 1:23380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ventana initial variant outbound connection (malware-cnc.rules)
 * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules)
 * 1:23387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules)
 * 1:23390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules)
 * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules)
 * 1:23446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules)
 * 1:23447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules)
 * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules)
 * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules)
 * 1:23468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:23469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules)
 * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules)
 * 1:23495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kugdifod.A variant outbound connection (malware-cnc.rules)
 * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules)
 * 1:9838 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules)
 * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules)
 * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules)
 * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules)
 * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules)
 * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:9830 <-> DISABLED <-> MALWARE-OTHER Keylogger supreme spy runtime detection (malware-other.rules)
 * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules)
 * 1:9828 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - ftp (malware-other.rules)
 * 1:9827 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - smtp (malware-other.rules)
 * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules)
 * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules)
 * 1:9665 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection - init connection (malware-backdoor.rules)
 * 1:9663 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - start remote shell (malware-backdoor.rules)
 * 1:9661 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - show processes (malware-backdoor.rules)
 * 1:9659 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - file manage (malware-backdoor.rules)
 * 1:9657 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:9655 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules)
 * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:9650 <-> DISABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection (malware-other.rules)
 * 1:9648 <-> DISABLED <-> MALWARE-OTHER Keylogger emailspypro runtime detection (malware-other.rules)
 * 1:9647 <-> DISABLED <-> MALWARE-OTHER Keylogger system surveillance pro runtime detection (malware-other.rules)
 * 1:9426 <-> DISABLED <-> MALWARE-OTHER mydoom.ap attachment (malware-other.rules)
 * 1:9425 <-> DISABLED <-> MALWARE-OTHER netsky attachment (malware-other.rules)
 * 1:9424 <-> DISABLED <-> MALWARE-OTHER /winnt/explorer.exe unicode klez infection (malware-other.rules)
 * 1:9417 <-> DISABLED <-> MALWARE-OTHER bagle.a smtp propagation detection (malware-other.rules)
 * 1:9416 <-> DISABLED <-> MALWARE-OTHER bagle.at smtp propagation detection (malware-other.rules)
 * 1:9415 <-> DISABLED <-> MALWARE-OTHER plexus.a smtp propagation detection (malware-other.rules)
 * 1:9414 <-> DISABLED <-> MALWARE-OTHER lovelorn.a smtp propagation detection (malware-other.rules)
 * 1:9413 <-> DISABLED <-> MALWARE-OTHER ganda smtp propagation detection (malware-other.rules)
 * 1:9412 <-> DISABLED <-> MALWARE-OTHER sinmsn.b msn propagation detection (malware-other.rules)
 * 1:9411 <-> DISABLED <-> MALWARE-OTHER mimail.f smtp propagation detection (malware-other.rules)
 * 1:9410 <-> DISABLED <-> MALWARE-OTHER netsky.z smtp propagation detection (malware-other.rules)
 * 1:9409 <-> DISABLED <-> MALWARE-OTHER atak.b smtp propagation detection (malware-other.rules)
 * 1:9408 <-> DISABLED <-> MALWARE-OTHER lacrow smtp propagation detection (malware-other.rules)
 * 1:9407 <-> DISABLED <-> MALWARE-OTHER lovgate.b netshare propagation detection (malware-other.rules)
 * 1:9406 <-> DISABLED <-> MALWARE-OTHER lovgate.e smtp propagation detection (malware-other.rules)
 * 1:9404 <-> DISABLED <-> MALWARE-OTHER netsky.ac smtp propagation detection (malware-other.rules)
 * 1:9403 <-> DISABLED <-> MALWARE-OTHER netsky.aa smtp propagation detection (malware-other.rules)
 * 1:9402 <-> DISABLED <-> MALWARE-OTHER welchia tftp propagation detection (malware-other.rules)
 * 1:9401 <-> DISABLED <-> MALWARE-OTHER gokar http propagation detection (malware-other.rules)
 * 1:9400 <-> DISABLED <-> MALWARE-OTHER abotus smtp propagation detection (malware-other.rules)
 * 1:9399 <-> DISABLED <-> MALWARE-OTHER hanged smtp propagation detection (malware-other.rules)
 * 1:9398 <-> DISABLED <-> MALWARE-OTHER totilix.a smtp propagation detection (malware-other.rules)
 * 1:9397 <-> DISABLED <-> MALWARE-OTHER neysid smtp propagation detection (malware-other.rules)
 * 1:9396 <-> DISABLED <-> MALWARE-OTHER deborm.t netshare propagation detection (malware-other.rules)
 * 1:9395 <-> DISABLED <-> MALWARE-OTHER deborm.j netshare propagation detection (malware-other.rules)
 * 1:9394 <-> DISABLED <-> MALWARE-OTHER bagle.n smtp propagation detection (malware-other.rules)
 * 1:9393 <-> DISABLED <-> MALWARE-OTHER bagle.k smtp propagation detection (malware-other.rules)
 * 1:9392 <-> DISABLED <-> MALWARE-OTHER bagle.j smtp propagation detection (malware-other.rules)
 * 1:9391 <-> DISABLED <-> MALWARE-OTHER mimail.i smtp propagation detection (malware-other.rules)
 * 1:9390 <-> DISABLED <-> MALWARE-OTHER deborm.d netshare propagation detection (malware-other.rules)
 * 1:9389 <-> DISABLED <-> MALWARE-OTHER bagle.i smtp propagation detection (malware-other.rules)
 * 1:9388 <-> DISABLED <-> MALWARE-OTHER mimail.g smtp propagation detection (malware-other.rules)
 * 1:9387 <-> DISABLED <-> MALWARE-OTHER klez.j web propagation detection (malware-other.rules)
 * 1:9386 <-> DISABLED <-> MALWARE-OTHER bagle.f smtp propagation detection (malware-other.rules)
 * 1:9385 <-> DISABLED <-> MALWARE-OTHER collo.a smtp propagation detection (malware-other.rules)
 * 1:9384 <-> DISABLED <-> MALWARE-OTHER beglur.a smtp propagation detection (malware-other.rules)
 * 1:9383 <-> DISABLED <-> MALWARE-OTHER netsky.y smtp propagation detection (malware-other.rules)
 * 1:9382 <-> DISABLED <-> MALWARE-OTHER fearso.c smtp propagation detection (malware-other.rules)
 * 1:9381 <-> DISABLED <-> MALWARE-OTHER lara smtp propagation detection (malware-other.rules)
 * 1:9380 <-> DISABLED <-> MALWARE-OTHER jitux msn messenger propagation detection (malware-other.rules)
 * 1:9379 <-> DISABLED <-> MALWARE-OTHER netsky.s smtp propagation detection (malware-other.rules)
 * 1:9378 <-> DISABLED <-> MALWARE-OTHER netsky.q smtp propagation detection (malware-other.rules)
 * 1:9377 <-> DISABLED <-> MALWARE-OTHER mydoom.g smtp propagation detection (malware-other.rules)
 * 1:9376 <-> DISABLED <-> MALWARE-OTHER fishlet.a smtp propagation detection (malware-other.rules)
 * 1:9375 <-> DISABLED <-> MALWARE-OTHER duksten.c smtp propagation detection (malware-other.rules)
 * 1:9374 <-> DISABLED <-> MALWARE-OTHER creepy.b smtp propagation detection (malware-other.rules)
 * 1:9373 <-> DISABLED <-> MALWARE-OTHER clepa smtp propagation detection (malware-other.rules)
 * 1:9372 <-> DISABLED <-> MALWARE-OTHER blebla.a smtp propagation detection (malware-other.rules)
 * 1:9371 <-> DISABLED <-> MALWARE-OTHER bagle.e smtp propagation detection (malware-other.rules)
 * 1:9370 <-> DISABLED <-> MALWARE-OTHER bagle.b smtp propagation detection (malware-other.rules)
 * 1:9369 <-> DISABLED <-> MALWARE-OTHER atak.a smtp propagation detection (malware-other.rules)
 * 1:9368 <-> DISABLED <-> MALWARE-OTHER agist.a smtp propagation detection (malware-other.rules)
 * 1:9367 <-> DISABLED <-> MALWARE-OTHER anset.b smtp propagation detection (malware-other.rules)
 * 1:9366 <-> DISABLED <-> MALWARE-OTHER mimail.s smtp propagation detection (malware-other.rules)
 * 1:9365 <-> DISABLED <-> MALWARE-OTHER cult.c smtp propagation detection (malware-other.rules)
 * 1:9364 <-> DISABLED <-> MALWARE-OTHER klez.e web propagation detection (malware-other.rules)
 * 1:9363 <-> DISABLED <-> MALWARE-OTHER klez.d web propagation detection (malware-other.rules)
 * 1:9362 <-> DISABLED <-> MALWARE-OTHER mimail.m smtp propagation detection (malware-other.rules)
 * 1:9361 <-> DISABLED <-> MALWARE-OTHER mimail.l smtp propagation detection (malware-other.rules)
 * 1:9360 <-> DISABLED <-> MALWARE-OTHER cult.b smtp propagation detection (malware-other.rules)
 * 1:9359 <-> DISABLED <-> MALWARE-OTHER zafi.b smtp propagation detection (malware-other.rules)
 * 1:9358 <-> DISABLED <-> MALWARE-OTHER fizzer smtp propagation detection (malware-other.rules)
 * 1:9357 <-> DISABLED <-> MALWARE-OTHER deborm.r netshare propagation detection (malware-other.rules)
 * 1:9356 <-> DISABLED <-> MALWARE-OTHER deborm.q netshare propagation detection (malware-other.rules)
 * 1:9355 <-> DISABLED <-> MALWARE-OTHER deborm.u netshare propagation detection (malware-other.rules)
 * 1:9354 <-> DISABLED <-> MALWARE-OTHER deborm.y netshare propagation detection (malware-other.rules)
 * 1:9353 <-> DISABLED <-> MALWARE-OTHER deborm.x netshare propagation detection (malware-other.rules)
 * 1:9352 <-> DISABLED <-> MALWARE-OTHER lovgate.a smtp propagation detection (malware-other.rules)
 * 1:9351 <-> DISABLED <-> MALWARE-OTHER lovgate.a netshare propagation detection (malware-other.rules)
 * 1:9350 <-> DISABLED <-> MALWARE-OTHER mimail.k smtp propagation detection (malware-other.rules)
 * 1:9349 <-> DISABLED <-> MALWARE-OTHER plemood smtp propagation detection (malware-other.rules)
 * 1:9348 <-> DISABLED <-> MALWARE-OTHER morbex smtp propagation detection (malware-other.rules)
 * 1:9347 <-> DISABLED <-> MALWARE-OTHER klez.b netshare propagation detection (malware-other.rules)
 * 1:9346 <-> DISABLED <-> MALWARE-OTHER klez.b web propagation detection (malware-other.rules)
 * 1:9345 <-> DISABLED <-> MALWARE-OTHER kipis.a smtp propagation detection (malware-other.rules)
 * 1:9344 <-> DISABLED <-> MALWARE-OTHER kindal smtp propagation detection (malware-other.rules)
 * 1:9343 <-> DISABLED <-> MALWARE-OTHER kadra smtp propagation detection (malware-other.rules)
 * 1:9342 <-> DISABLED <-> MALWARE-OTHER paroc.a smtp propagation detection (malware-other.rules)
 * 1:9341 <-> DISABLED <-> MALWARE-OTHER sasser open ftp command shell (malware-other.rules)
 * 1:9340 <-> DISABLED <-> MALWARE-OTHER klez.i web propagation detection (malware-other.rules)
 * 1:9339 <-> DISABLED <-> MALWARE-OTHER klez.g web propagation detection (malware-other.rules)
 * 1:9338 <-> DISABLED <-> MALWARE-OTHER mydoom.i smtp propagation detection (malware-other.rules)
 * 1:9337 <-> DISABLED <-> MALWARE-OTHER netsky.x smtp propagation detection (malware-other.rules)
 * 1:9336 <-> DISABLED <-> MALWARE-OTHER netsky.t smtp propagation detection (malware-other.rules)
 * 1:9335 <-> DISABLED <-> MALWARE-OTHER netsky.b smtp propagation detection (malware-other.rules)
 * 1:9334 <-> DISABLED <-> MALWARE-OTHER lovgate.c smtp propagation detection (malware-other.rules)
 * 1:9333 <-> DISABLED <-> MALWARE-OTHER mimail.e smtp propagation detection (malware-other.rules)
 * 1:9332 <-> DISABLED <-> MALWARE-OTHER mimail.a smtp propagation detection (malware-other.rules)
 * 1:9331 <-> DISABLED <-> MALWARE-OTHER mydoom.m smtp propagation detection (malware-other.rules)
 * 1:9330 <-> DISABLED <-> MALWARE-OTHER mydoom.e smtp propagation detection (malware-other.rules)
 * 1:9328 <-> DISABLED <-> MALWARE-OTHER zhangpo smtp propagation detection (malware-other.rules)
 * 1:9327 <-> DISABLED <-> MALWARE-OTHER netsky.af smtp propagation detection (malware-other.rules)
 * 1:9326 <-> DISABLED <-> MALWARE-OTHER netsky.p smtp propagation detection (malware-other.rules)
 * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules)
 * 1:8548 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:8544 <-> DISABLED <-> MALWARE-OTHER Keylogger nicespy runtime detection - smtp (malware-other.rules)
 * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules)
 * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules)
 * 1:8467 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - remote login response (malware-other.rules)
 * 1:8466 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules)
 * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules)
 * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules)
 * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules)
 * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules)
 * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules)
 * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules)
 * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules)
 * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules)
 * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules)
 * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules)
 * 1:7857 <-> DISABLED <-> MALWARE-OTHER Keylogger EliteKeylogger runtime detection (malware-other.rules)
 * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules)
 * 1:7847 <-> DISABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection - send log through email (malware-other.rules)
 * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules)
 * 1:7837 <-> DISABLED <-> MALWARE-OTHER Keylogger spyoutside runtime detection - email delivery (malware-other.rules)
 * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules)
 * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules)
 * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules)
 * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules)
 * 1:7816 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - cts (malware-backdoor.rules)
 * 1:7814 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - stc (malware-backdoor.rules)
 * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules)
 * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules)
 * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules)
 * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules)
 * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules)
 * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules)
 * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules)
 * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules)
 * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules)
 * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules)
 * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules)
 * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules)
 * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules)
 * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules)
 * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules)
 * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules)
 * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules)
 * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules)
 * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules)
 * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules)
 * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules)
 * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules)
 * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules)
 * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules)
 * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules)
 * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules)
 * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules)
 * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules)
 * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules)
 * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules)
 * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules)
 * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules)
 * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules)
 * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules)
 * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules)
 * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules)
 * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules)
 * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules)
 * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules)
 * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules)
 * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules)
 * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules)
 * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules)
 * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules)
 * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules)
 * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules)
 * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules)
 * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules)
 * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules)
 * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules)
 * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules)
 * 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules)
 * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules)
 * 1:23593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:23594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:23595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:23597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.DHD variant outbound connection (malware-cnc.rules)
 * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules)
 * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules)
 * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23634 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant outbound connection (malware-cnc.rules)
 * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules)
 * 1:23787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules)
 * 1:23788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules)
 * 1:23794 <-> DISABLED <-> MALWARE-CNC known command and control traffic (malware-cnc.rules)
 * 1:23876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scirib variant outbound connection (malware-cnc.rules)
 * 1:23877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dtfanri variant outbound connection (malware-cnc.rules)
 * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23941 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Aharm variant outbound connection (malware-cnc.rules)
 * 1:23948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sicisono variant outbound connection (malware-cnc.rules)
 * 1:23949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TKcik variant outbound connection (malware-cnc.rules)
 * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules)
 * 1:23953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comfoo variant outbound connection (malware-cnc.rules)
 * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules)
 * 1:23963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Runagry variant outbound connection (malware-cnc.rules)
 * 1:23971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabwak variant outbound connection (malware-cnc.rules)
 * 1:23973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vampols variant inbound connection (malware-cnc.rules)
 * 1:23976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome initial variant outbound connection (malware-cnc.rules)
 * 1:23977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome runtime update to cnc-server (malware-cnc.rules)
 * 1:24011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransomer variant outbound connection (malware-cnc.rules)
 * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules)
 * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules)
 * 1:24082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clisbot variant outbound connection (malware-cnc.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules)
 * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules)
 * 1:24174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules)
 * 1:24175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules)
 * 1:24271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Bancos variant outbound connection (malware-cnc.rules)
 * 1:24288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flexty variant outbound connection (malware-cnc.rules)
 * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:24345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drexonin variant outbound connection (malware-cnc.rules)
 * 1:24346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bloropac variant outbound connection (malware-cnc.rules)
 * 1:24368 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules)
 * 1:24369 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign ur.php response detected (malware-cnc.rules)
 * 1:24373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules)
 * 1:24374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules)
 * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules)
 * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules)
 * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules)
 * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules)
 * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules)
 * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection (malware-cnc.rules)
 * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules)
 * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules)
 * 1:24437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules)
 * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules)
 * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules)
 * 1:24529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begman variant connection to cnc-server (malware-cnc.rules)
 * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules)
 * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot variant outbound connection (malware-cnc.rules)
 * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules)
 * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules)
 * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules)
 * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Barus variant outbound connection (malware-cnc.rules)
 * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork variant outbound connection (malware-cnc.rules)
 * 1:24623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Dycler variant outbound connection (malware-cnc.rules)
 * 1:24857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:24916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules)
 * 1:24918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules)
 * 1:24976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26852 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules)
 * 1:26853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules)
 * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules)
 * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules)
 * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules)
 * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection (malware-cnc.rules)
 * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection (malware-cnc.rules)
 * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection port 63536 (malware-cnc.rules)
 * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules)
 * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules)
 * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules)
 * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules)
 * 1:39528 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:39529 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:5742 <-> DISABLED <-> MALWARE-OTHER Keylogger activitylogger runtime detection (malware-other.rules)
 * 1:5759 <-> DISABLED <-> MALWARE-OTHER Keylogger fearlesskeyspy runtime detection (malware-other.rules)
 * 1:5777 <-> DISABLED <-> MALWARE-OTHER Keylogger gurl watcher runtime detection (malware-other.rules)
 * 1:5778 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe windows activity logs (malware-other.rules)
 * 1:5779 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe shell file logs (malware-other.rules)
 * 1:5780 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe word filtered echelon log (malware-other.rules)
 * 1:5781 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae windows activity logs (malware-other.rules)
 * 1:5782 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae word filtered echelon log (malware-other.rules)
 * 1:5783 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae keystrokes log (malware-other.rules)
 * 1:5784 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae urls browsed log (malware-other.rules)
 * 1:5790 <-> DISABLED <-> MALWARE-OTHER Keylogger pc actmon pro runtime detection - smtp (malware-other.rules)
 * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules)
 * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules)
 * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules)
 * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules)
 * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules)
 * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules)
 * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules)
 * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules)
 * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules)
 * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules)
 * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules)
 * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules)
 * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules)
 * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules)
 * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules)
 * 1:24191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raven variant outbound connection (malware-cnc.rules)
 * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules)
 * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules)
 * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules)
 * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules)
 * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules)
 * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules)
 * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules)
 * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules)
 * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules)
 * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules)
 * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules)
 * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules)
 * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules)
 * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules)
 * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules)
 * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules)
 * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules)
 * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules)
 * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules)
 * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules)
 * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules)
 * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules)
 * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules)
 * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules)
 * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules)
 * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules)
 * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules)
 * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules)
 * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules)
 * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules)
 * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules)
 * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules)
 * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules)
 * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules)
 * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules)
 * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules)
 * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules)
 * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules)
 * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules)
 * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules)
 * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules)
 * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules)
 * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules)
 * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules)
 * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules)
 * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules)
 * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules)
 * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules)
 * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules)
 * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules)
 * 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules)
 * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules)
 * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules)
 * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules)
 * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules)
 * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules)
 * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules)
 * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules)
 * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules)
 * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules)
 * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules)
 * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules)
 * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules)
 * 1:6190 <-> DISABLED <-> MALWARE-OTHER Keylogger eblaster 5.0 runtime detection (malware-other.rules)
 * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules)
 * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules)
 * 1:6207 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - smtp (malware-other.rules)
 * 1:6208 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - ftp (malware-other.rules)
 * 1:6220 <-> DISABLED <-> MALWARE-OTHER Keylogger boss everyware runtime detection (malware-other.rules)
 * 1:6221 <-> DISABLED <-> MALWARE-OTHER Keylogger computerspy runtime detection (malware-other.rules)
 * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules)
 * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules)
 * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules)
 * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 variant outbound connection (malware-cnc.rules)
 * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules)
 * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules)
 * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules)
 * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules)
 * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules)
 * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules)
 * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules)
 * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules)
 * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules)
 * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules)
 * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules)
 * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules)
 * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules)
 * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules)
 * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules)
 * 1:6324 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection (malware-backdoor.rules)
 * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules)
 * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules)
 * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules)
 * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules)
 * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules)
 * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules)
 * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules)
 * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules)
 * 1:6340 <-> DISABLED <-> MALWARE-OTHER Keylogger handy keylogger runtime detection (malware-other.rules)
 * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules)
 * 1:6383 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (malware-other.rules)
 * 1:6384 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (malware-other.rules)
 * 1:6385 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (malware-other.rules)
 * 1:6386 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent up notification (malware-other.rules)
 * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules)
 * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules)
 * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules)
 * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules)
 * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules)
 * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules)
 * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules)
 * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules)
 * 1:6474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.loosky.gen variant outbound connection notification (malware-cnc.rules)
 * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules)
 * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules)
 * 1:6492 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (malware-backdoor.rules)
 * 1:6493 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (malware-backdoor.rules)
 * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules)
 * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules)
 * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules)
 * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules)
 * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules)
 * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules)
 * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules)
 * 1:7073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection notification (malware-cnc.rules)
 * 1:7074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection cmd (malware-cnc.rules)
 * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules)
 * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules)
 * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules)
 * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules)
 * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules)
 * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules)
 * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules)
 * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules)
 * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules)
 * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules)
 * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules)
 * 1:7154 <-> DISABLED <-> MALWARE-OTHER Keylogger active keylogger home runtime detection (malware-other.rules)
 * 1:7156 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - email delivery (malware-other.rules)
 * 1:7158 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn server-to-client (malware-other.rules)
 * 1:7160 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file server-to-client (malware-other.rules)
 * 1:7162 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file server-to-client (malware-other.rules)
 * 1:7164 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file server-to-client (malware-other.rules)
 * 1:7169 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange (malware-other.rules)
 * 1:7176 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules)
 * 1:7177 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - info send through email (malware-other.rules)
 * 1:7180 <-> DISABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules)
 * 1:7183 <-> DISABLED <-> MALWARE-CNC Snoopware barok variant outbound connection (malware-cnc.rules)
 * 1:7184 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - smtp (malware-other.rules)
 * 1:7185 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - ftp (malware-other.rules)
 * 1:7186 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb Keylogger runtime detection (malware-other.rules)
 * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules)
 * 1:7504 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - ftp-data (malware-other.rules)
 * 1:7505 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - smtp (malware-other.rules)
 * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules)
 * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules)
 * 1:7539 <-> DISABLED <-> MALWARE-OTHER Keylogger eye spy pro 1.0 runtime detection (malware-other.rules)
 * 1:7541 <-> DISABLED <-> MALWARE-OTHER Keylogger starlogger runtime detection (malware-other.rules)
 * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules)
 * 1:7546 <-> DISABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection (malware-other.rules)
 * 1:7547 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent status monitoring (malware-other.rules)
 * 1:7548 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent up notification (malware-other.rules)
 * 1:7549 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection (malware-other.rules)
 * 1:7551 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - smtp (malware-other.rules)
 * 1:7552 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp (malware-other.rules)
 * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules)
 * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules)
 * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules)
 * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules)
 * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules)
 * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules)
 * 1:7574 <-> DISABLED <-> MALWARE-OTHER Keylogger proagent 2.0 runtime detection (malware-other.rules)
 * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules)
 * 1:7592 <-> DISABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection (malware-other.rules)
 * 1:7597 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection (malware-other.rules)
 * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules)
 * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules)
 * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules)
 * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules)
 * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data connection (malware-backdoor.rules)
 * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules)
 * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules)
 * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules)
 * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules)
 * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR Win.Exploit.Backdoor ncph runtime detection - initial connection (malware-backdoor.rules)
 * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules)
 * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules)
 * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules)
 * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules)
 * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules)

2017-09-14 16:11:47 UTC

Snort Subscriber Rules Update

Date: 2017-09-14

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:44359 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44362 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Sality (blacklist.rules)
 * 1:44361 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)
 * 1:44358 <-> DISABLED <-> PUA-ADWARE DealPly Adware variant outbound connection (pua-adware.rules)
 * 1:44363 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAsembly ASLR bypass download attempt (file-office.rules)
 * 1:44364 <-> DISABLED <-> FILE-OFFICE Microsoft Office RTF hex encoded WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:44360 <-> ENABLED <-> SERVER-WEBAPP Trend Micro OfficeScan proxy_controller.php command injection attempt (server-webapp.rules)

Modified Rules:


 * 1:7679 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - upload file (malware-backdoor.rules)
 * 1:9659 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - file manage (malware-backdoor.rules)
 * 1:9661 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - show processes (malware-backdoor.rules)
 * 1:9663 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - start remote shell (malware-backdoor.rules)
 * 1:9665 <-> DISABLED <-> MALWARE-BACKDOOR crossbow 1.12 runtime detection - init connection (malware-backdoor.rules)
 * 1:9666 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - success init connection (malware-backdoor.rules)
 * 1:9667 <-> DISABLED <-> MALWARE-BACKDOOR superra runtime detection - issue remote control command (malware-backdoor.rules)
 * 1:9827 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - smtp (malware-other.rules)
 * 1:9828 <-> DISABLED <-> MALWARE-OTHER Keylogger paq keylog runtime detection - ftp (malware-other.rules)
 * 1:9829 <-> DISABLED <-> MALWARE-OTHER Trackware relevantknowledge runtime detection (malware-other.rules)
 * 1:9830 <-> DISABLED <-> MALWARE-OTHER Keylogger supreme spy runtime detection (malware-other.rules)
 * 1:9832 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:9833 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (malware-backdoor.rules)
 * 1:9834 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - black screen (malware-backdoor.rules)
 * 1:9835 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - swap mouse (malware-backdoor.rules)
 * 1:9836 <-> DISABLED <-> MALWARE-BACKDOOR ieva 1.0 runtime detection - crazy mouse (malware-backdoor.rules)
 * 1:9838 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - init connection (malware-backdoor.rules)
 * 1:9839 <-> DISABLED <-> MALWARE-BACKDOOR sun shadow 1.70 runtime detection - keep alive (malware-backdoor.rules)
 * 1:10078 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10079 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10080 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10081 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10082 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10083 <-> DISABLED <-> MALWARE-OTHER W32.Nuwar.AY smtp propagation detection (malware-other.rules)
 * 1:10088 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by smtp (malware-other.rules)
 * 1:10089 <-> DISABLED <-> MALWARE-OTHER Keylogger beyond Keylogger runtime detection - log sent by ftp (malware-other.rules)
 * 1:10091 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool spylply.a runtime detection (malware-tools.rules)
 * 1:10092 <-> DISABLED <-> MALWARE-OTHER Trackware russian searchbar runtime detection (malware-other.rules)
 * 1:10095 <-> DISABLED <-> MALWARE-OTHER Trackware bydou runtime detection (malware-other.rules)
 * 1:10096 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - keylog (malware-other.rules)
 * 1:10098 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - get system info (malware-other.rules)
 * 1:10100 <-> DISABLED <-> MALWARE-OTHER Keylogger win32.remotekeylog.b runtime detection - open website (malware-other.rules)
 * 1:10101 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:10102 <-> DISABLED <-> MALWARE-BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:10105 <-> DISABLED <-> MALWARE-BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info (malware-backdoor.rules)
 * 1:10107 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pslist (malware-backdoor.rules)
 * 1:10108 <-> DISABLED <-> MALWARE-BACKDOOR icmp cmd 1.0 runtime detection - pskill (malware-backdoor.rules)
 * 1:10109 <-> DISABLED <-> MALWARE-BACKDOOR k-msnrat 1.0.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10112 <-> DISABLED <-> MALWARE-BACKDOOR rix3 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10165 <-> DISABLED <-> MALWARE-OTHER Keylogger mybr Keylogger runtime detection (malware-other.rules)
 * 1:10166 <-> DISABLED <-> MALWARE-OTHER Trackware baigoo runtime detection (malware-other.rules)
 * 1:10168 <-> DISABLED <-> MALWARE-BACKDOOR one runtime detection (malware-backdoor.rules)
 * 1:10169 <-> DISABLED <-> MALWARE-BACKDOOR matrix 1.03 by mtronic runtime detection - init connection (malware-backdoor.rules)
 * 1:10181 <-> DISABLED <-> MALWARE-OTHER Keylogger systemsleuth runtime detection (malware-other.rules)
 * 1:10183 <-> DISABLED <-> MALWARE-OTHER Keylogger activity Keylogger runtime detection (malware-other.rules)
 * 1:10184 <-> DISABLED <-> MALWARE-BACKDOOR wow 23 runtime detection (malware-backdoor.rules)
 * 1:10185 <-> DISABLED <-> MALWARE-BACKDOOR x-door runtime detection (malware-backdoor.rules)
 * 1:10196 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor feed.php code execution (malware-backdoor.rules)
 * 1:10197 <-> DISABLED <-> MALWARE-BACKDOOR Wordpress backdoor theme.php code execution (malware-backdoor.rules)
 * 1:10435 <-> DISABLED <-> MALWARE-OTHER Trackware admedia runtime detection (malware-other.rules)
 * 1:10436 <-> DISABLED <-> MALWARE-OTHER Keylogger keyspy runtime detection (malware-other.rules)
 * 1:10440 <-> DISABLED <-> MALWARE-OTHER Keylogger pc black box runtime detection (malware-other.rules)
 * 1:10441 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool statwin runtime detection (malware-tools.rules)
 * 1:10442 <-> DISABLED <-> MALWARE-BACKDOOR nirvana 2.0 runtime detection - explore c drive (malware-backdoor.rules)
 * 1:10443 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - sniff info (malware-backdoor.rules)
 * 1:10444 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - open ftp serice (malware-backdoor.rules)
 * 1:10445 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get password (malware-backdoor.rules)
 * 1:10446 <-> DISABLED <-> MALWARE-BACKDOOR acidbattery 1.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:10447 <-> DISABLED <-> MALWARE-CNC 51d 1b variant outbound connection icq notification (malware-cnc.rules)
 * 1:10448 <-> DISABLED <-> MALWARE-BACKDOOR acessor 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10454 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:10449 <-> DISABLED <-> MALWARE-BACKDOOR acid shivers runtime detection - init telnet connection (malware-backdoor.rules)
 * 1:10451 <-> DISABLED <-> MALWARE-BACKDOOR only 1 rat runtime detection - control command (malware-backdoor.rules)
 * 1:10456 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:10457 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger (malware-backdoor.rules)
 * 1:10458 <-> DISABLED <-> MALWARE-BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager (malware-backdoor.rules)
 * 1:10459 <-> DISABLED <-> MALWARE-BACKDOOR wineggdrop shell pro runtime detection - init connection (malware-backdoor.rules)
 * 1:10461 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - get system info (malware-backdoor.rules)
 * 1:10463 <-> DISABLED <-> MALWARE-BACKDOOR winicabras 1.1 runtime detection - explorer (malware-backdoor.rules)
 * 1:11307 <-> DISABLED <-> MALWARE-OTHER Keylogger computer monitor Keylogger runtime detection (malware-other.rules)
 * 1:11309 <-> DISABLED <-> MALWARE-OTHER Keylogger sskc v2.0 runtime detection (malware-other.rules)
 * 1:11311 <-> DISABLED <-> MALWARE-OTHER Keylogger pcsentinelsoftware Keylogger runtime detection - upload infor (malware-other.rules)
 * 1:11312 <-> DISABLED <-> MALWARE-OTHER Trackware uplink runtime detection (malware-other.rules)
 * 1:11314 <-> DISABLED <-> MALWARE-BACKDOOR shadownet remote spy 2.0 runtime detection (malware-backdoor.rules)
 * 1:11316 <-> DISABLED <-> MALWARE-BACKDOOR lurker 1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11317 <-> DISABLED <-> MALWARE-BACKDOOR abremote pro 3.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:11318 <-> DISABLED <-> MALWARE-BACKDOOR boer runtime detection - init connection (malware-backdoor.rules)
 * 1:11319 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - init connection request (malware-backdoor.rules)
 * 1:11320 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - reverse mode init connection request (malware-backdoor.rules)
 * 1:11321 <-> DISABLED <-> MALWARE-BACKDOOR netwindow runtime detection - udp broadcast (malware-backdoor.rules)
 * 1:11323 <-> DISABLED <-> MALWARE-BACKDOOR sohoanywhere runtime detection (malware-backdoor.rules)
 * 1:12166 <-> DISABLED <-> MALWARE-CNC lithium 1.02 variant outbound connection (malware-cnc.rules)
 * 1:13953 <-> DISABLED <-> MALWARE-CNC Asprox trojan initial query (malware-cnc.rules)
 * 1:15295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch configuration download (malware-cnc.rules)
 * 1:15296 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch malicious file download (malware-cnc.rules)
 * 1:15297 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch report home (malware-cnc.rules)
 * 1:16098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.cekar variant outbound connection (malware-cnc.rules)
 * 1:16140 <-> DISABLED <-> MALWARE-CNC torpig-mebroot command and control checkin (malware-cnc.rules)
 * 1:16439 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - _TEST_ (malware-cnc.rules)
 * 1:16440 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - ie (malware-cnc.rules)
 * 1:16441 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Download (malware-cnc.rules)
 * 1:16442 <-> DISABLED <-> MALWARE-CNC Possible Zeus User-Agent - Mozilla (malware-cnc.rules)
 * 1:16483 <-> DISABLED <-> MALWARE-CNC Koobface worm submission of collected data to C&C server (malware-cnc.rules)
 * 1:16558 <-> DISABLED <-> MALWARE-CNC SdBot IRC Win.Trojan.server to client communication (malware-cnc.rules)
 * 1:16804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot.E - initial load (malware-cnc.rules)
 * 1:17058 <-> DISABLED <-> MALWARE-CNC Trojan-Downloader.JS.Agent.ewh Javascript download (malware-cnc.rules)
 * 1:18562 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.LivePcCare variant outbound connection (malware-cnc.rules)
 * 1:18577 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.agum variant outbound connection (malware-cnc.rules)
 * 1:18707 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ControlCenter variant outbound connection (malware-cnc.rules)
 * 1:18708 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AntivirusSoft variant outbound connection (malware-cnc.rules)
 * 1:18709 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.aufm variant outbound connection (malware-cnc.rules)
 * 1:18711 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.SecurityCentral variant outbound connection (malware-cnc.rules)
 * 1:18712 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.XJRAntivirus variant outbound connection (malware-cnc.rules)
 * 1:18716 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.H variant outbound connection (malware-cnc.rules)
 * 1:18717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.QO variant outbound connection (malware-cnc.rules)
 * 1:18718 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.AdvancedDefender variant outbound connection (malware-cnc.rules)
 * 1:18724 <-> DISABLED <-> MALWARE-CNC RogueSoftware.Win32.ZeroClean variant outbound connection (malware-cnc.rules)
 * 1:18739 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Koobface.D variant outbound connection (malware-cnc.rules)
 * 1:18978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pasta.aoq variant outbound connection (malware-cnc.rules)
 * 1:18979 <-> DISABLED <-> MALWARE-CNC Worm.Win32.AutoRun.fmo variant outbound connection (malware-cnc.rules)
 * 1:19042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.ACQE variant outbound connection (malware-cnc.rules)
 * 1:19045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.XQ variant outbound connection (malware-cnc.rules)
 * 1:19048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkness variant outbound connection (malware-cnc.rules)
 * 1:19050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra.fxe variant outbound connection (malware-cnc.rules)
 * 1:19062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakePlus variant outbound connection (malware-cnc.rules)
 * 1:19135 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Buterat Checkin (malware-backdoor.rules)
 * 1:19340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav TREAntivirus variant outbound connection (malware-cnc.rules)
 * 1:19341 <-> DISABLED <-> MALWARE-CNC Worm MSIL.AiO.a variant outbound connection (malware-cnc.rules)
 * 1:19342 <-> DISABLED <-> MALWARE-CNC Adware Professional variant outbound connection (malware-cnc.rules)
 * 1:19343 <-> DISABLED <-> MALWARE-CNC Adware Pro variant outbound connection (malware-cnc.rules)
 * 1:19344 <-> DISABLED <-> MALWARE-CNC AntiMalware Pro variant outbound connection (malware-cnc.rules)
 * 1:19345 <-> DISABLED <-> MALWARE-CNC REAnti variant outbound connection (malware-cnc.rules)
 * 1:19346 <-> DISABLED <-> MALWARE-CNC Additional Guard variant outbound connection (malware-cnc.rules)
 * 1:19352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small.D variant outbound connection (malware-cnc.rules)
 * 1:19354 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Agent.bhxn variant outbound connection (malware-backdoor.rules)
 * 1:19362 <-> DISABLED <-> MALWARE-OTHER generic IRC botnet connection (malware-other.rules)
 * 1:19366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HXWAN.A variant outbound connection (malware-cnc.rules)
 * 1:19367 <-> DISABLED <-> MALWARE-CNC Win.Worm.Vaubeg.A variant outbound connection (malware-cnc.rules)
 * 1:19368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Carberp.D variant outbound connection (malware-cnc.rules)
 * 1:19551 <-> DISABLED <-> MALWARE-OTHER self-signed SSL certificate with default Internet Widgits Pty Ltd organization name (malware-other.rules)
 * 1:19554 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fakeav Antivirus Xp Pro variant outbound connection (malware-cnc.rules)
 * 1:19555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Small variant outbound connection (malware-cnc.rules)
 * 1:19556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Homa variant outbound connection (malware-cnc.rules)
 * 1:19557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shark.ag variant outbound connection (malware-cnc.rules)
 * 1:19724 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:19725 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules)
 * 1:19726 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison variant outbound connection (malware-cnc.rules)
 * 1:19727 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos.DI variant outbound connection (malware-cnc.rules)
 * 1:19957 <-> DISABLED <-> MALWARE-CNC Arabian-Attacker 1.1.0 variant outbound connection (malware-cnc.rules)
 * 1:19964 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19979 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules)
 * 1:19980 <-> DISABLED <-> MALWARE-CNC IRCBot runtime traffic detected (malware-cnc.rules)
 * 1:19981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micstus.A runtime traffic detected (malware-cnc.rules)
 * 1:20008 <-> DISABLED <-> MALWARE-CNC Malware PDFMarca.A runtime traffic detected (malware-cnc.rules)
 * 1:20010 <-> DISABLED <-> MALWARE-CNC Win32/Babmote.A runtime TCP traffic detected (malware-cnc.rules)
 * 1:20035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Coinbit.A runtime traffic detected (malware-cnc.rules)
 * 1:20036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Agent.ndau runtime traffic detected (malware-cnc.rules)
 * 1:20037 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules)
 * 1:20038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cve runtime traffic detected (malware-cnc.rules)
 * 1:20057 <-> DISABLED <-> MALWARE-CNC BitCoin Miner IP query (malware-cnc.rules)
 * 1:20064 <-> DISABLED <-> MALWARE-CNC Malware Win.Trojan.Clemag.A variant outbound connection (malware-cnc.rules)
 * 1:20066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 SensLiceld.A runtime traffic detected (malware-cnc.rules)
 * 1:20067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Win32 Zatvex.A runtime traffic detected (malware-cnc.rules)
 * 1:20068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jetilms.A runtime activity detected (malware-cnc.rules)
 * 1:20069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.alhq runtime traffic detected (malware-cnc.rules)
 * 1:20205 <-> DISABLED <-> MALWARE-CNC Win32/Poison beaconing request (malware-cnc.rules)
 * 1:20233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut variant outbound connection (malware-cnc.rules)
 * 1:20234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ceckno.cmz runtime traffic detected (malware-cnc.rules)
 * 1:20435 <-> DISABLED <-> MALWARE-CNC TrojanSpy Win.Trojan.Zbot.Svr runtime traffic detected (malware-cnc.rules)
 * 1:20447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.JAAK variant outbound connection (malware-cnc.rules)
 * 1:20606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Domsingx.A variant outbound connection (malware-cnc.rules)
 * 1:20626 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A variant outbound connection (malware-cnc.rules)
 * 1:20627 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shylock.A C&C server response (malware-cnc.rules)
 * 1:20836 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy.A runtime traffic detected (malware-cnc.rules)
 * 1:20838 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smokebot.A runtime traffic detected (malware-cnc.rules)
 * 1:20844 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.smxy runtime traffic detected (malware-cnc.rules)
 * 1:20877 <-> DISABLED <-> MALWARE-CNC RunTime Worm.Win32.Warezov.gs variant outbound connection (malware-cnc.rules)
 * 1:20890 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules)
 * 1:20891 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.adbp runtime traffic detected (malware-cnc.rules)
 * 1:20892 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Skopvel.A runtime traffic detected (malware-cnc.rules)
 * 1:21028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Usinec connect to server (malware-cnc.rules)
 * 1:21058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.AutoIt.pm runtime traffic detected (malware-cnc.rules)
 * 1:21087 <-> DISABLED <-> MALWARE-CNC Bindow.Worm runtime traffic detected (malware-cnc.rules)
 * 1:7763 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - services client-to-server (malware-backdoor.rules)
 * 1:9336 <-> DISABLED <-> MALWARE-OTHER netsky.t smtp propagation detection (malware-other.rules)
 * 1:9362 <-> DISABLED <-> MALWARE-OTHER mimail.m smtp propagation detection (malware-other.rules)
 * 1:8462 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace info downloaded (malware-other.rules)
 * 1:9384 <-> DISABLED <-> MALWARE-OTHER beglur.a smtp propagation detection (malware-other.rules)
 * 1:7692 <-> DISABLED <-> MALWARE-BACKDOOR exception 1.0 runtime detection - notification (malware-backdoor.rules)
 * 1:8544 <-> DISABLED <-> MALWARE-OTHER Keylogger nicespy runtime detection - smtp (malware-other.rules)
 * 1:7747 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7842 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool davps runtime detection (malware-tools.rules)
 * 1:9337 <-> DISABLED <-> MALWARE-OTHER netsky.x smtp propagation detection (malware-other.rules)
 * 1:7689 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - initial connection (malware-backdoor.rules)
 * 1:9394 <-> DISABLED <-> MALWARE-OTHER bagle.n smtp propagation detection (malware-other.rules)
 * 1:9330 <-> DISABLED <-> MALWARE-OTHER mydoom.e smtp propagation detection (malware-other.rules)
 * 1:7671 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - chat (malware-backdoor.rules)
 * 1:9358 <-> DISABLED <-> MALWARE-OTHER fizzer smtp propagation detection (malware-other.rules)
 * 1:9393 <-> DISABLED <-> MALWARE-OTHER bagle.k smtp propagation detection (malware-other.rules)
 * 1:7804 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del (malware-backdoor.rules)
 * 1:9386 <-> DISABLED <-> MALWARE-OTHER bagle.f smtp propagation detection (malware-other.rules)
 * 1:9371 <-> DISABLED <-> MALWARE-OTHER bagle.e smtp propagation detection (malware-other.rules)
 * 1:7814 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon initial connection detection - stc (malware-backdoor.rules)
 * 1:8461 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - send userinfo (malware-other.rules)
 * 1:7765 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - sysinfo server-to-client (malware-backdoor.rules)
 * 1:9359 <-> DISABLED <-> MALWARE-OTHER zafi.b smtp propagation detection (malware-other.rules)
 * 1:7727 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - execute command (malware-backdoor.rules)
 * 1:9390 <-> DISABLED <-> MALWARE-OTHER deborm.d netshare propagation detection (malware-other.rules)
 * 1:9332 <-> DISABLED <-> MALWARE-OTHER mimail.a smtp propagation detection (malware-other.rules)
 * 1:9348 <-> DISABLED <-> MALWARE-OTHER morbex smtp propagation detection (malware-other.rules)
 * 1:7719 <-> DISABLED <-> MALWARE-BACKDOOR dameware mini remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:7720 <-> DISABLED <-> MALWARE-BACKDOOR desktop scout runtime detection (malware-backdoor.rules)
 * 1:7732 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server (malware-backdoor.rules)
 * 1:9353 <-> DISABLED <-> MALWARE-OTHER deborm.x netshare propagation detection (malware-other.rules)
 * 1:9408 <-> DISABLED <-> MALWARE-OTHER lacrow smtp propagation detection (malware-other.rules)
 * 1:7775 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:9388 <-> DISABLED <-> MALWARE-OTHER mimail.g smtp propagation detection (malware-other.rules)
 * 1:9343 <-> DISABLED <-> MALWARE-OTHER kadra smtp propagation detection (malware-other.rules)
 * 1:9396 <-> DISABLED <-> MALWARE-OTHER deborm.t netshare propagation detection (malware-other.rules)
 * 1:9363 <-> DISABLED <-> MALWARE-OTHER klez.d web propagation detection (malware-other.rules)
 * 1:7683 <-> DISABLED <-> MALWARE-BACKDOOR acid head 1.00 runtime detection (malware-backdoor.rules)
 * 1:7792 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with victim (malware-backdoor.rules)
 * 1:9350 <-> DISABLED <-> MALWARE-OTHER mimail.k smtp propagation detection (malware-other.rules)
 * 1:9414 <-> DISABLED <-> MALWARE-OTHER lovelorn.a smtp propagation detection (malware-other.rules)
 * 1:7749 <-> DISABLED <-> MALWARE-BACKDOOR bobo 1.0 runtime detection - send message (malware-backdoor.rules)
 * 1:7796 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - init connection (malware-backdoor.rules)
 * 1:9412 <-> DISABLED <-> MALWARE-OTHER sinmsn.b msn propagation detection (malware-other.rules)
 * 1:9389 <-> DISABLED <-> MALWARE-OTHER bagle.i smtp propagation detection (malware-other.rules)
 * 1:7801 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp cts (malware-backdoor.rules)
 * 1:7688 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - file browser server-to-client (malware-backdoor.rules)
 * 1:8542 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - collect info (malware-other.rules)
 * 1:9377 <-> DISABLED <-> MALWARE-OTHER mydoom.g smtp propagation detection (malware-other.rules)
 * 1:7721 <-> DISABLED <-> MALWARE-BACKDOOR prorat 1.9 initial connection detection (malware-backdoor.rules)
 * 1:7762 <-> DISABLED <-> MALWARE-CNC analftp 0.1 variant outbound connection icq notification (malware-cnc.rules)
 * 1:8549 <-> DISABLED <-> MALWARE-BACKDOOR zxshell runtime detection - setting information retrieve (malware-backdoor.rules)
 * 1:7798 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 1 (malware-backdoor.rules)
 * 1:7818 <-> DISABLED <-> MALWARE-BACKDOOR infector v1.0 runtime detection - init conn (malware-backdoor.rules)
 * 1:7681 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control 1.12 runtime detection - download file (malware-backdoor.rules)
 * 1:7722 <-> DISABLED <-> MALWARE-CNC prorat 1.9 cgi notification detection (malware-cnc.rules)
 * 1:7670 <-> DISABLED <-> MALWARE-BACKDOOR digital upload runtime detection - initial connection (malware-backdoor.rules)
 * 1:7857 <-> DISABLED <-> MALWARE-OTHER Keylogger EliteKeylogger runtime detection (malware-other.rules)
 * 1:9411 <-> DISABLED <-> MALWARE-OTHER mimail.f smtp propagation detection (malware-other.rules)
 * 1:9351 <-> DISABLED <-> MALWARE-OTHER lovgate.a netshare propagation detection (malware-other.rules)
 * 1:9380 <-> DISABLED <-> MALWARE-OTHER jitux msn messenger propagation detection (malware-other.rules)
 * 1:7805 <-> DISABLED <-> MALWARE-CNC war trojan ver1.0 variant outbound connection ie hijacker (malware-cnc.rules)
 * 1:9367 <-> DISABLED <-> MALWARE-OTHER anset.b smtp propagation detection (malware-other.rules)
 * 1:9352 <-> DISABLED <-> MALWARE-OTHER lovgate.a smtp propagation detection (malware-other.rules)
 * 1:8074 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - init connection (malware-backdoor.rules)
 * 1:9378 <-> DISABLED <-> MALWARE-OTHER netsky.q smtp propagation detection (malware-other.rules)
 * 1:7778 <-> DISABLED <-> MALWARE-BACKDOOR elfrat runtime detection - initial connection (malware-backdoor.rules)
 * 1:9338 <-> DISABLED <-> MALWARE-OTHER mydoom.i smtp propagation detection (malware-other.rules)
 * 1:9391 <-> DISABLED <-> MALWARE-OTHER mimail.i smtp propagation detection (malware-other.rules)
 * 1:7755 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - spy function (malware-backdoor.rules)
 * 1:7856 <-> DISABLED <-> MALWARE-OTHER Trackware winsysba-a runtime detection - track surfing activity (malware-other.rules)
 * 1:7729 <-> DISABLED <-> MALWARE-BACKDOOR radmin runtime detection - server-to-client (malware-backdoor.rules)
 * 1:7791 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - victim response (malware-backdoor.rules)
 * 1:7806 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:9417 <-> DISABLED <-> MALWARE-OTHER bagle.a smtp propagation detection (malware-other.rules)
 * 1:9335 <-> DISABLED <-> MALWARE-OTHER netsky.b smtp propagation detection (malware-other.rules)
 * 1:7807 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - execute file (malware-backdoor.rules)
 * 1:7717 <-> DISABLED <-> MALWARE-BACKDOOR snake trojan runtime detection (malware-backdoor.rules)
 * 1:7759 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - screen capture (malware-backdoor.rules)
 * 1:9415 <-> DISABLED <-> MALWARE-OTHER plexus.a smtp propagation detection (malware-other.rules)
 * 1:7836 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report send through email (malware-tools.rules)
 * 1:9354 <-> DISABLED <-> MALWARE-OTHER deborm.y netshare propagation detection (malware-other.rules)
 * 1:7745 <-> DISABLED <-> MALWARE-BACKDOOR phoenix 2.1 runtime detection (malware-backdoor.rules)
 * 1:9357 <-> DISABLED <-> MALWARE-OTHER deborm.r netshare propagation detection (malware-other.rules)
 * 1:7730 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:9360 <-> DISABLED <-> MALWARE-OTHER cult.b smtp propagation detection (malware-other.rules)
 * 1:8080 <-> DISABLED <-> MALWARE-CNC x2a variant outbound connection client update (malware-cnc.rules)
 * 1:9387 <-> DISABLED <-> MALWARE-OTHER klez.j web propagation detection (malware-other.rules)
 * 1:7760 <-> DISABLED <-> MALWARE-BACKDOOR netthief runtime detection (malware-backdoor.rules)
 * 1:7743 <-> DISABLED <-> MALWARE-BACKDOOR nova 1.0 runtime detection - cgi notification server-to-client (malware-backdoor.rules)
 * 1:9368 <-> DISABLED <-> MALWARE-OTHER agist.a smtp propagation detection (malware-other.rules)
 * 1:8079 <-> DISABLED <-> MALWARE-BACKDOOR x2a runtime detection - init connection (malware-backdoor.rules)
 * 1:7777 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get drives (malware-backdoor.rules)
 * 1:8548 <-> DISABLED <-> MALWARE-BACKDOOR zzmm 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:9328 <-> DISABLED <-> MALWARE-OTHER zhangpo smtp propagation detection (malware-other.rules)
 * 1:9383 <-> DISABLED <-> MALWARE-OTHER netsky.y smtp propagation detection (malware-other.rules)
 * 1:9395 <-> DISABLED <-> MALWARE-OTHER deborm.j netshare propagation detection (malware-other.rules)
 * 1:9347 <-> DISABLED <-> MALWARE-OTHER klez.b netshare propagation detection (malware-other.rules)
 * 1:9369 <-> DISABLED <-> MALWARE-OTHER atak.a smtp propagation detection (malware-other.rules)
 * 1:9406 <-> DISABLED <-> MALWARE-OTHER lovgate.e smtp propagation detection (malware-other.rules)
 * 1:9373 <-> DISABLED <-> MALWARE-OTHER clepa smtp propagation detection (malware-other.rules)
 * 1:7704 <-> DISABLED <-> MALWARE-CNC roach 1.0 server installation notification - email (malware-cnc.rules)
 * 1:9379 <-> DISABLED <-> MALWARE-OTHER netsky.s smtp propagation detection (malware-other.rules)
 * 1:7783 <-> DISABLED <-> MALWARE-BACKDOOR netdevil runtime detection - file manager (malware-backdoor.rules)
 * 1:9356 <-> DISABLED <-> MALWARE-OTHER deborm.q netshare propagation detection (malware-other.rules)
 * 1:9326 <-> DISABLED <-> MALWARE-OTHER netsky.p smtp propagation detection (malware-other.rules)
 * 1:8362 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - normal init connection (malware-backdoor.rules)
 * 1:7739 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - grab (malware-backdoor.rules)
 * 1:9339 <-> DISABLED <-> MALWARE-OTHER klez.g web propagation detection (malware-other.rules)
 * 1:9327 <-> DISABLED <-> MALWARE-OTHER netsky.af smtp propagation detection (malware-other.rules)
 * 1:7803 <-> DISABLED <-> MALWARE-BACKDOOR war trojan ver1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:7800 <-> DISABLED <-> MALWARE-BACKDOOR incommand 1.7 runtime detection - file manage 2 (malware-backdoor.rules)
 * 1:8361 <-> DISABLED <-> MALWARE-BACKDOOR black curse 4.0 runtime detection - inverse init connection (malware-backdoor.rules)
 * 1:7752 <-> DISABLED <-> MALWARE-BACKDOOR buschtrommel 1.22 runtime detection - initial connection (malware-backdoor.rules)
 * 1:9409 <-> DISABLED <-> MALWARE-OTHER atak.b smtp propagation detection (malware-other.rules)
 * 1:7733 <-> DISABLED <-> MALWARE-BACKDOOR outbreak_0.2.7 runtime detection - initial connection (malware-backdoor.rules)
 * 1:9349 <-> DISABLED <-> MALWARE-OTHER plemood smtp propagation detection (malware-other.rules)
 * 1:9374 <-> DISABLED <-> MALWARE-OTHER creepy.b smtp propagation detection (malware-other.rules)
 * 1:9366 <-> DISABLED <-> MALWARE-OTHER mimail.s smtp propagation detection (malware-other.rules)
 * 1:9402 <-> DISABLED <-> MALWARE-OTHER welchia tftp propagation detection (malware-other.rules)
 * 1:8076 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get system information (malware-backdoor.rules)
 * 1:9398 <-> DISABLED <-> MALWARE-OTHER totilix.a smtp propagation detection (malware-other.rules)
 * 1:8543 <-> DISABLED <-> MALWARE-OTHER Trackware deluxecommunications runtime detection - display popup ads (malware-other.rules)
 * 1:7835 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool nettracker runtime detection - report browsing (malware-tools.rules)
 * 1:7672 <-> DISABLED <-> MALWARE-BACKDOOR remoter runtime detection - initial connection (malware-backdoor.rules)
 * 1:9392 <-> DISABLED <-> MALWARE-OTHER bagle.j smtp propagation detection (malware-other.rules)
 * 1:9341 <-> DISABLED <-> MALWARE-OTHER sasser open ftp command shell (malware-other.rules)
 * 1:7707 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - file transfer setup (malware-backdoor.rules)
 * 1:7738 <-> DISABLED <-> MALWARE-BACKDOOR alexmessomalex runtime detection - initial connection (malware-backdoor.rules)
 * 1:9413 <-> DISABLED <-> MALWARE-OTHER ganda smtp propagation detection (malware-other.rules)
 * 1:9333 <-> DISABLED <-> MALWARE-OTHER mimail.e smtp propagation detection (malware-other.rules)
 * 1:9399 <-> DISABLED <-> MALWARE-OTHER hanged smtp propagation detection (malware-other.rules)
 * 1:9364 <-> DISABLED <-> MALWARE-OTHER klez.e web propagation detection (malware-other.rules)
 * 1:7767 <-> DISABLED <-> MALWARE-BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client (malware-backdoor.rules)
 * 1:9345 <-> DISABLED <-> MALWARE-OTHER kipis.a smtp propagation detection (malware-other.rules)
 * 1:7691 <-> DISABLED <-> MALWARE-BACKDOOR evade runtime detection - file manager (malware-backdoor.rules)
 * 1:8466 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - email notification (malware-other.rules)
 * 1:7686 <-> DISABLED <-> MALWARE-BACKDOOR illusion runtime detection - get remote info server-to-client (malware-backdoor.rules)
 * 1:9401 <-> DISABLED <-> MALWARE-OTHER gokar http propagation detection (malware-other.rules)
 * 1:9403 <-> DISABLED <-> MALWARE-OTHER netsky.aa smtp propagation detection (malware-other.rules)
 * 1:9410 <-> DISABLED <-> MALWARE-OTHER netsky.z smtp propagation detection (malware-other.rules)
 * 1:7677 <-> DISABLED <-> MALWARE-BACKDOOR cool remote control or crackdown runtime detection - initial connection (malware-backdoor.rules)
 * 1:8463 <-> DISABLED <-> MALWARE-OTHER Trackware duduaccelerator runtime detection - trace login info (malware-other.rules)
 * 1:7809 <-> DISABLED <-> MALWARE-BACKDOOR fatal wound 1.0 runtime detection - upload (malware-backdoor.rules)
 * 1:9416 <-> DISABLED <-> MALWARE-OTHER bagle.at smtp propagation detection (malware-other.rules)
 * 1:7706 <-> DISABLED <-> MALWARE-BACKDOOR omniquad instant remote control runtime detection - initial connection (malware-backdoor.rules)
 * 1:9334 <-> DISABLED <-> MALWARE-OTHER lovgate.c smtp propagation detection (malware-other.rules)
 * 1:9375 <-> DISABLED <-> MALWARE-OTHER duksten.c smtp propagation detection (malware-other.rules)
 * 1:7703 <-> DISABLED <-> MALWARE-BACKDOOR roach 1.0 runtime detection - remote control actions (malware-backdoor.rules)
 * 1:7771 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - get server info (malware-backdoor.rules)
 * 1:9346 <-> DISABLED <-> MALWARE-OTHER klez.b web propagation detection (malware-other.rules)
 * 1:7710 <-> DISABLED <-> MALWARE-BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:9381 <-> DISABLED <-> MALWARE-OTHER lara smtp propagation detection (malware-other.rules)
 * 1:7667 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2208 (malware-backdoor.rules)
 * 1:7701 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - chat (malware-backdoor.rules)
 * 1:9397 <-> DISABLED <-> MALWARE-OTHER neysid smtp propagation detection (malware-other.rules)
 * 1:9400 <-> DISABLED <-> MALWARE-OTHER abotus smtp propagation detection (malware-other.rules)
 * 1:7684 <-> DISABLED <-> MALWARE-BACKDOOR hrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:9382 <-> DISABLED <-> MALWARE-OTHER fearso.c smtp propagation detection (malware-other.rules)
 * 1:7822 <-> DISABLED <-> MALWARE-BACKDOOR xbkdr runtime detection (malware-backdoor.rules)
 * 1:8467 <-> DISABLED <-> MALWARE-OTHER Keylogger netobserve runtime detection - remote login response (malware-other.rules)
 * 1:7773 <-> DISABLED <-> MALWARE-BACKDOOR messiah 4.0 runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:7724 <-> DISABLED <-> MALWARE-BACKDOOR reversable ver1.0 runtime detection - initial connection - flowbit set (malware-backdoor.rules)
 * 1:9331 <-> DISABLED <-> MALWARE-OTHER mydoom.m smtp propagation detection (malware-other.rules)
 * 1:9370 <-> DISABLED <-> MALWARE-OTHER bagle.b smtp propagation detection (malware-other.rules)
 * 1:7785 <-> DISABLED <-> MALWARE-BACKDOOR forced control uploader runtime detection - connection with password (malware-backdoor.rules)
 * 1:7675 <-> DISABLED <-> MALWARE-BACKDOOR remote havoc runtime detection (malware-backdoor.rules)
 * 1:9407 <-> DISABLED <-> MALWARE-OTHER lovgate.b netshare propagation detection (malware-other.rules)
 * 1:9365 <-> DISABLED <-> MALWARE-OTHER cult.c smtp propagation detection (malware-other.rules)
 * 1:9404 <-> DISABLED <-> MALWARE-OTHER netsky.ac smtp propagation detection (malware-other.rules)
 * 1:7812 <-> DISABLED <-> MALWARE-BACKDOOR abacab runtime detection - banner (malware-backdoor.rules)
 * 1:7847 <-> DISABLED <-> MALWARE-OTHER Keylogger clogger 1.0 runtime detection - send log through email (malware-other.rules)
 * 1:9376 <-> DISABLED <-> MALWARE-OTHER fishlet.a smtp propagation detection (malware-other.rules)
 * 1:9342 <-> DISABLED <-> MALWARE-OTHER paroc.a smtp propagation detection (malware-other.rules)
 * 1:9340 <-> DISABLED <-> MALWARE-OTHER klez.i web propagation detection (malware-other.rules)
 * 1:9344 <-> DISABLED <-> MALWARE-OTHER kindal smtp propagation detection (malware-other.rules)
 * 1:7837 <-> DISABLED <-> MALWARE-OTHER Keylogger spyoutside runtime detection - email delivery (malware-other.rules)
 * 1:7699 <-> DISABLED <-> MALWARE-BACKDOOR brain wiper runtime detection - launch application (malware-backdoor.rules)
 * 1:7816 <-> DISABLED <-> MALWARE-BACKDOOR darkmoon reverse connection detection - cts (malware-backdoor.rules)
 * 1:8078 <-> DISABLED <-> MALWARE-BACKDOOR mithril runtime detection - get process list (malware-backdoor.rules)
 * 1:9355 <-> DISABLED <-> MALWARE-OTHER deborm.u netshare propagation detection (malware-other.rules)
 * 1:7758 <-> DISABLED <-> MALWARE-BACKDOOR glacier runtime detection - initial connection and directory browse (malware-backdoor.rules)
 * 1:9372 <-> DISABLED <-> MALWARE-OTHER blebla.a smtp propagation detection (malware-other.rules)
 * 1:9385 <-> DISABLED <-> MALWARE-OTHER collo.a smtp propagation detection (malware-other.rules)
 * 1:7793 <-> DISABLED <-> MALWARE-BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker (malware-backdoor.rules)
 * 1:9361 <-> DISABLED <-> MALWARE-OTHER mimail.l smtp propagation detection (malware-other.rules)
 * 1:7802 <-> DISABLED <-> MALWARE-BACKDOOR portal of doom runtime detection - udp stc (malware-backdoor.rules)
 * 1:9426 <-> DISABLED <-> MALWARE-OTHER mydoom.ap attachment (malware-other.rules)
 * 1:9425 <-> DISABLED <-> MALWARE-OTHER netsky attachment (malware-other.rules)
 * 1:21122 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandok.zp runtime traffic detected (malware-cnc.rules)
 * 1:21123 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flymux.A runtime traffic detected (malware-cnc.rules)
 * 1:21124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki.A runtime traffic detected (malware-cnc.rules)
 * 1:21125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alureon.DG runtime traffic detected (malware-cnc.rules)
 * 1:21126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koutodoor.C runtime traffic detected (malware-cnc.rules)
 * 1:21127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Setfic.A runtime traffic detected (malware-cnc.rules)
 * 1:21128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dromedan.A runtime traffic detected (malware-cnc.rules)
 * 1:21142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21143 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21144 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot.PKJ runtime traffic detected (malware-cnc.rules)
 * 1:21145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neraweq.A runtime traffic detected (malware-cnc.rules)
 * 1:21218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sodager.C variant outbound connection (malware-cnc.rules)
 * 1:21249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules)
 * 1:21250 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VBasddsa.A runtime traffic detected (malware-cnc.rules)
 * 1:21273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules)
 * 1:21274 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tusha variant runtime traffic detected (malware-cnc.rules)
 * 1:21277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shexie.A runtime traffic detected (malware-cnc.rules)
 * 1:21294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancodor.be runtime traffic detected (malware-cnc.rules)
 * 1:21303 <-> DISABLED <-> MALWARE-CNC Win32 Initor.ag runtime traffic detected (malware-cnc.rules)
 * 1:21359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.jju runtime traffic detected (malware-cnc.rules)
 * 1:21360 <-> DISABLED <-> MALWARE-CNC Win32 Agent.dbzx runtime traffic detected (malware-cnc.rules)
 * 1:21361 <-> DISABLED <-> MALWARE-CNC Worm.Win32.TDownland.ca runtime traffic detected (malware-cnc.rules)
 * 1:21362 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS.aa runtime traffic detected (malware-cnc.rules)
 * 1:21364 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules)
 * 1:21365 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y RUNTIME traffic detected (malware-cnc.rules)
 * 1:21366 <-> DISABLED <-> MALWARE-CNC DOQ.gen.y INSTALL traffic detected (malware-cnc.rules)
 * 1:21367 <-> DISABLED <-> MALWARE-CNC Win32 VB.abcl runtime traffic detected (malware-cnc.rules)
 * 1:21368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules)
 * 1:21369 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wallop.de runtime traffic detected (malware-cnc.rules)
 * 1:21372 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules)
 * 1:21373 <-> DISABLED <-> MALWARE-CNC Malware Defense runtime traffic detected (malware-cnc.rules)
 * 1:21374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bifrose.EF runtime traffic detected (malware-cnc.rules)
 * 1:21376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Microjoin activity detected (malware-cnc.rules)
 * 1:21379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome.Amqj runtime traffic detected (malware-cnc.rules)
 * 1:21381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dialer.ngb runtime traffic detected (malware-cnc.rules)
 * 1:21382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host setting3.yeahost.com runtime traffic detected (malware-cnc.rules)
 * 1:21383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host 9999mb.com runtime traffic detected (malware-cnc.rules)
 * 1:21384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuqel.Q host freewebs.com runtime traffic detected (malware-cnc.rules)
 * 1:21386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wadolin.A runtime traffic detected (malware-cnc.rules)
 * 1:21390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agobot.dl runtime traffic detected (malware-cnc.rules)
 * 1:21391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.dcac runtime traffic detected (malware-cnc.rules)
 * 1:21416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankpatch authentication string detected (malware-cnc.rules)
 * 1:21444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:21464 <-> DISABLED <-> MALWARE-CNC Downloader-CEW.b runtime traffic detected (malware-cnc.rules)
 * 1:21466 <-> DISABLED <-> MALWARE-CNC Autorun.BDS runtime traffic detected (malware-cnc.rules)
 * 1:21473 <-> DISABLED <-> MALWARE-CNC Win.Trojan.GameThief variant outbound connection (malware-cnc.rules)
 * 1:21477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noobot variant outbound connection (malware-cnc.rules)
 * 1:21496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules)
 * 1:21497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Saeeka variant outbound connection (malware-cnc.rules)
 * 1:21511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vaxpy variant outbound connection (malware-cnc.rules)
 * 1:21520 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob variant outbound connection (malware-cnc.rules)
 * 1:21521 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bayrob update connection (malware-cnc.rules)
 * 1:21527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader registration connection detection (malware-cnc.rules)
 * 1:21528 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader keep-alive connection detection (malware-cnc.rules)
 * 1:21769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LogonInvader.a variant outbound connection (malware-cnc.rules)
 * 1:21846 <-> DISABLED <-> MALWARE-CNC TDS Sutra - request in.cgi (malware-cnc.rules)
 * 1:21848 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - page redirecting to a SutraTDS (malware-other.rules)
 * 1:21849 <-> DISABLED <-> MALWARE-OTHER TDS Sutra - HTTP header redirecting to a SutraTDS (malware-other.rules)
 * 1:21968 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type A (malware-backdoor.rules)
 * 1:21969 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Rebhip.A variant outbound connection type B (malware-backdoor.rules)
 * 1:21978 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant outbound connection (malware-backdoor.rules)
 * 1:21979 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Nervos variant inbound connection (malware-backdoor.rules)
 * 1:21997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:21998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:22000 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules)
 * 1:22001 <-> DISABLED <-> MALWARE-CNC Win.Worm.amna variant outbound connection (malware-cnc.rules)
 * 1:22953 <-> DISABLED <-> MALWARE-TOOLS Hulk denial of service attempt (malware-tools.rules)
 * 1:23051 <-> DISABLED <-> MALWARE-CNC Dybalom.A runtime traffic detected (malware-cnc.rules)
 * 1:23176 <-> DISABLED <-> MALWARE-CNC Donbot.A runtime traffic detected (malware-cnc.rules)
 * 1:23234 <-> DISABLED <-> MALWARE-CNC Frethog.MK runtime traffic detected (malware-cnc.rules)
 * 1:23235 <-> DISABLED <-> MALWARE-CNC PBin.A runtime traffic detected (malware-cnc.rules)
 * 1:23252 <-> DISABLED <-> MALWARE-CNC MacOS.MacKontrol variant outbound connection (malware-cnc.rules)
 * 1:23255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules)
 * 1:23257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duojeen variant outbound connection (malware-cnc.rules)
 * 1:23306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealer connect to server (malware-cnc.rules)
 * 1:23308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bucriv variant outbound connection (malware-cnc.rules)
 * 1:23317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper initial variant outbound connection (malware-cnc.rules)
 * 1:23333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker initial C&C checkin (malware-cnc.rules)
 * 1:23336 <-> DISABLED <-> MALWARE-CNC Linfo.A variant outbound connection (malware-cnc.rules)
 * 1:23339 <-> DISABLED <-> MALWARE-CNC Prier.A variant outbound connection (malware-cnc.rules)
 * 1:23343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Govdi.A variant outbound connection (malware-cnc.rules)
 * 1:23468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:23377 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules)
 * 1:23378 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sasfis variant outbound connection (malware-cnc.rules)
 * 1:23379 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Leepload variant outbound connection (malware-cnc.rules)
 * 1:23380 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ventana initial variant outbound connection (malware-cnc.rules)
 * 1:23381 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Thoper.C runtime detection (malware-backdoor.rules)
 * 1:23387 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules)
 * 1:23390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Java.Arratomref variant outbound connection (malware-cnc.rules)
 * 1:23446 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules)
 * 1:23447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sojax.A variant outbound connection (malware-cnc.rules)
 * 1:23449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Servstart.ax variant outbound connection (malware-cnc.rules)
 * 1:23448 <-> DISABLED <-> MALWARE-CNC Win.Worm.Psyokym variant outbound connection (malware-cnc.rules)
 * 1:23494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Onitab.A outbound connection (malware-cnc.rules)
 * 1:23495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kugdifod.A variant outbound connection (malware-cnc.rules)
 * 1:23593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Smoaler variant outbound connection (malware-cnc.rules)
 * 1:23344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Harvso.A variant outbound connection (malware-cnc.rules)
 * 1:23483 <-> DISABLED <-> MALWARE-BACKDOOR Win.Backdoor.Georbot file download (malware-backdoor.rules)
 * 1:23469 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:23594 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:23340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol.B variant outbound connection (malware-cnc.rules)
 * 1:9424 <-> DISABLED <-> MALWARE-OTHER /winnt/explorer.exe unicode klez infection (malware-other.rules)
 * 1:9648 <-> DISABLED <-> MALWARE-OTHER Keylogger emailspypro runtime detection (malware-other.rules)
 * 1:9647 <-> DISABLED <-> MALWARE-OTHER Keylogger system surveillance pro runtime detection (malware-other.rules)
 * 1:9655 <-> DISABLED <-> MALWARE-BACKDOOR apofis 1.0 runtime detection - remote controlling (malware-backdoor.rules)
 * 1:9657 <-> DISABLED <-> MALWARE-BACKDOOR bersek 1.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:7669 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - capture on port 2213 (malware-backdoor.rules)
 * 1:9650 <-> DISABLED <-> MALWARE-OTHER Keylogger ghost Keylogger runtime detection (malware-other.rules)
 * 1:9653 <-> DISABLED <-> MALWARE-CNC apofis 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:10453 <-> DISABLED <-> MALWARE-BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification (malware-backdoor.rules)
 * 1:23597 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB.DHD variant outbound connection (malware-cnc.rules)
 * 1:23598 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules)
 * 1:23599 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Slagent outgoing connection (malware-cnc.rules)
 * 1:23606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sofacy.A outbound connection (malware-cnc.rules)
 * 1:23634 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant outbound connection (malware-cnc.rules)
 * 1:23782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus.kych variant outbound connection (malware-cnc.rules)
 * 1:23787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules)
 * 1:23788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locotout variant outbound connection (malware-cnc.rules)
 * 1:23794 <-> DISABLED <-> MALWARE-CNC known command and control traffic (malware-cnc.rules)
 * 1:23876 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scirib variant outbound connection (malware-cnc.rules)
 * 1:23877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dtfanri variant outbound connection (malware-cnc.rules)
 * 1:23935 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23936 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zakahic variant outbound connection (malware-cnc.rules)
 * 1:23941 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.Aharm variant outbound connection (malware-cnc.rules)
 * 1:23948 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sicisono variant outbound connection (malware-cnc.rules)
 * 1:23949 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TKcik variant outbound connection (malware-cnc.rules)
 * 1:23952 <-> DISABLED <-> MALWARE-TOOLS Tors Hammer slow post flood attempt (malware-tools.rules)
 * 1:23953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comfoo variant outbound connection (malware-cnc.rules)
 * 1:23955 <-> DISABLED <-> MALWARE-CNC Xhuna.A variant outbound connection (malware-cnc.rules)
 * 1:23963 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Runagry variant outbound connection (malware-cnc.rules)
 * 1:23971 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabwak variant outbound connection (malware-cnc.rules)
 * 1:23973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vampols variant inbound connection (malware-cnc.rules)
 * 1:23976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome initial variant outbound connection (malware-cnc.rules)
 * 1:23977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Genome runtime update to cnc-server (malware-cnc.rules)
 * 1:24011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransomer variant outbound connection (malware-cnc.rules)
 * 1:24012 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24013 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cbot variant outbound connection - inital contact (malware-cnc.rules)
 * 1:24016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madon variant outbound connection - variant outbound connection (malware-cnc.rules)
 * 1:24035 <-> DISABLED <-> MALWARE-CNC Downloader.Inject variant outbound connection (malware-cnc.rules)
 * 1:24082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24092 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clisbot variant outbound connection (malware-cnc.rules)
 * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules)
 * 1:24123 <-> DISABLED <-> MALWARE-BACKDOOR Virus.Win32.Xpaj.A variant outbound connection (malware-backdoor.rules)
 * 1:24173 <-> DISABLED <-> MALWARE-BACKDOOR Trojan-Downloader.Win32.Doneltart.A runtime detection (malware-backdoor.rules)
 * 1:24174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules)
 * 1:24175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lataa variant outbound connection (malware-cnc.rules)
 * 1:24191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Raven variant outbound connection (malware-cnc.rules)
 * 1:24271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Bancos variant outbound connection (malware-cnc.rules)
 * 1:24288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Flexty variant outbound connection (malware-cnc.rules)
 * 1:6029 <-> DISABLED <-> MALWARE-CNC fkwp 2.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:24307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24308 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Workir variant outbound connection (malware-cnc.rules)
 * 1:24334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant connect to cnc-server (malware-cnc.rules)
 * 1:24345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drexonin variant outbound connection (malware-cnc.rules)
 * 1:24346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Bloropac variant outbound connection (malware-cnc.rules)
 * 1:24368 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign phone-home (malware-cnc.rules)
 * 1:24369 <-> DISABLED <-> MALWARE-CNC Lizamoon sql injection campaign ur.php response detected (malware-cnc.rules)
 * 1:24373 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules)
 * 1:24374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Agent variant outbound connection (malware-cnc.rules)
 * 1:24376 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.Delf.KDV runtime detection (malware-backdoor.rules)
 * 1:24377 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.FakeAV.FakeAlert runtime detection (malware-backdoor.rules)
 * 1:24383 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dipwit outbound connection (malware-cnc.rules)
 * 1:24384 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:24398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mooochq variant outbound connection (malware-cnc.rules)
 * 1:24400 <-> DISABLED <-> MALWARE-BACKDOOR Backdoor.Win32.Protos.A runtime detection (malware-backdoor.rules)
 * 1:24402 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO install time detection (malware-backdoor.rules)
 * 1:24403 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24404 <-> DISABLED <-> MALWARE-BACKDOOR Trojan.KDV.QLO runtime detection (malware-backdoor.rules)
 * 1:24405 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24419 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Misun variant outbound connection (malware-cnc.rules)
 * 1:24426 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot class download (malware-other.rules)
 * 1:24427 <-> DISABLED <-> MALWARE-OTHER Java.Trojan.Jacksbot jar download (malware-other.rules)
 * 1:24437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirage variant outbound connection (malware-cnc.rules)
 * 1:24443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24444 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24445 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Medfos variant outbound connection (malware-cnc.rules)
 * 1:24449 <-> DISABLED <-> MALWARE-CNC Java.Exploit.Agent variant outbound connection (malware-cnc.rules)
 * 1:24450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tibeli variant outbound connection (malware-cnc.rules)
 * 1:24451 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quervar variant outbound connection (malware-cnc.rules)
 * 1:24529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Begman variant connection to cnc-server (malware-cnc.rules)
 * 1:24540 <-> DISABLED <-> MALWARE-BACKDOOR Win.Trojan.Spy.Heur variant outbound connection attempt (malware-backdoor.rules)
 * 1:24541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Unebot variant outbound connection (malware-cnc.rules)
 * 1:24542 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Beystreet variant outbound connection (malware-cnc.rules)
 * 1:24545 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:24562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer variant outbound connection (malware-cnc.rules)
 * 1:24567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Olmarik variant outbound connection (malware-cnc.rules)
 * 1:24569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:24576 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Barus variant outbound connection (malware-cnc.rules)
 * 1:24586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Barkiofork variant outbound connection (malware-cnc.rules)
 * 1:24623 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Dycler variant outbound connection (malware-cnc.rules)
 * 1:24857 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Agent variant outbound connection (malware-cnc.rules)
 * 1:24916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24917 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules)
 * 1:24918 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Turspy variant outbound connection (malware-cnc.rules)
 * 1:24976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:26852 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules)
 * 1:26853 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer create-add range on DOM objects memory corruption attempt (browser-ie.rules)
 * 1:3010 <-> DISABLED <-> MALWARE-CNC RUX the Tick get windows directory (malware-cnc.rules)
 * 1:3011 <-> DISABLED <-> MALWARE-CNC RUX the Tick get system directory (malware-cnc.rules)
 * 1:3012 <-> DISABLED <-> MALWARE-CNC RUX the Tick upload/execute arbitrary file (malware-cnc.rules)
 * 1:3014 <-> DISABLED <-> MALWARE-CNC Asylum 0.1 connection (malware-cnc.rules)
 * 1:3015 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection (malware-cnc.rules)
 * 1:3016 <-> DISABLED <-> MALWARE-CNC Insane Network 4.0 connection port 63536 (malware-cnc.rules)
 * 1:3064 <-> DISABLED <-> MALWARE-BACKDOOR Vampire 1.2 connection confirmation (malware-backdoor.rules)
 * 1:3155 <-> DISABLED <-> MALWARE-BACKDOOR BackOrifice 2000 Inbound Traffic (malware-backdoor.rules)
 * 1:3635 <-> DISABLED <-> MALWARE-BACKDOOR Amanda 2.0 connection established (malware-backdoor.rules)
 * 1:3636 <-> DISABLED <-> MALWARE-BACKDOOR Crazzy Net 5.0 connection established (malware-backdoor.rules)
 * 1:39528 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:39529 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF WRAssembly ASLR bypass download attempt (file-office.rules)
 * 1:40606 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:5742 <-> DISABLED <-> MALWARE-OTHER Keylogger activitylogger runtime detection (malware-other.rules)
 * 1:5759 <-> DISABLED <-> MALWARE-OTHER Keylogger fearlesskeyspy runtime detection (malware-other.rules)
 * 1:5777 <-> DISABLED <-> MALWARE-OTHER Keylogger gurl watcher runtime detection (malware-other.rules)
 * 1:5778 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe windows activity logs (malware-other.rules)
 * 1:5779 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe shell file logs (malware-other.rules)
 * 1:5780 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwpe word filtered echelon log (malware-other.rules)
 * 1:5781 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae windows activity logs (malware-other.rules)
 * 1:5782 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae word filtered echelon log (malware-other.rules)
 * 1:5783 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae keystrokes log (malware-other.rules)
 * 1:5784 <-> DISABLED <-> MALWARE-OTHER Keylogger runtime detection - hwae urls browsed log (malware-other.rules)
 * 1:5790 <-> DISABLED <-> MALWARE-OTHER Keylogger pc actmon pro runtime detection - smtp (malware-other.rules)
 * 1:5812 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - email notification (malware-tools.rules)
 * 1:5814 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - create redirection (malware-tools.rules)
 * 1:5816 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory redirection (malware-tools.rules)
 * 1:5819 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - check status (malware-tools.rules)
 * 1:5821 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - destory log (malware-tools.rules)
 * 1:5823 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool stealthredirector runtime detection - view netstat (malware-tools.rules)
 * 1:5839 <-> DISABLED <-> MALWARE-OTHER Trackware ucmore runtime detection - click sponsor/ad link (malware-other.rules)
 * 1:5875 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - detonate (malware-tools.rules)
 * 1:5876 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool eraser runtime detection - disinfect (malware-tools.rules)
 * 1:5956 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 icq notification of server installation (malware-tools.rules)
 * 1:5958 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool ghostvoice 1.02 runtime detection - init connection with password requirement (malware-tools.rules)
 * 1:6016 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6017 <-> DISABLED <-> MALWARE-BACKDOOR dsk lite 1.0 runtime detection - disconnect (malware-backdoor.rules)
 * 1:6018 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6019 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6020 <-> DISABLED <-> MALWARE-CNC dsk lite 1.0 variant outbound connection php notification (malware-cnc.rules)
 * 1:6021 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4225 (malware-backdoor.rules)
 * 1:6022 <-> DISABLED <-> MALWARE-BACKDOOR silent spy 2.10 command response port 4226 (malware-backdoor.rules)
 * 1:6023 <-> DISABLED <-> MALWARE-CNC silent spy 2.10 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6024 <-> DISABLED <-> MALWARE-BACKDOOR nuclear rat v6_21 runtime detection (malware-backdoor.rules)
 * 1:6026 <-> DISABLED <-> MALWARE-BACKDOOR dimbus 1.0 runtime detection - get pc info (malware-backdoor.rules)
 * 1:6028 <-> DISABLED <-> MALWARE-BACKDOOR cyberpaky runtime detection (malware-backdoor.rules)
 * 1:23595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:6035 <-> DISABLED <-> MALWARE-BACKDOOR minicommand runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6037 <-> DISABLED <-> MALWARE-BACKDOOR netbus 1.7 runtime detection - email notification (malware-backdoor.rules)
 * 1:6039 <-> DISABLED <-> MALWARE-CNC fade 1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6042 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection php notification (malware-cnc.rules)
 * 1:6043 <-> DISABLED <-> MALWARE-CNC fear 0.2 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6046 <-> DISABLED <-> MALWARE-BACKDOOR fear 0.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6048 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - connect (malware-backdoor.rules)
 * 1:6050 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - upload (malware-backdoor.rules)
 * 1:6052 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - set volume (malware-backdoor.rules)
 * 1:6054 <-> DISABLED <-> MALWARE-BACKDOOR fun factory runtime detection - do script remotely (malware-backdoor.rules)
 * 1:6058 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6059 <-> DISABLED <-> MALWARE-CNC neurotickat1.3 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:6062 <-> DISABLED <-> MALWARE-BACKDOOR neurotickat1.3 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6064 <-> DISABLED <-> MALWARE-BACKDOOR schwindler 1.82 runtime detection (malware-backdoor.rules)
 * 1:6066 <-> DISABLED <-> MALWARE-BACKDOOR optixlite 1.0 runtime detection - connection success server-to-client (malware-backdoor.rules)
 * 1:6069 <-> DISABLED <-> MALWARE-CNC optixlite 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6070 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - irc notification (malware-backdoor.rules)
 * 1:6071 <-> DISABLED <-> MALWARE-CNC freak 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6073 <-> DISABLED <-> MALWARE-BACKDOOR freak 1.0 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6075 <-> DISABLED <-> MALWARE-BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6076 <-> DISABLED <-> MALWARE-BACKDOOR amiboide uploader runtime detection - init connection (malware-backdoor.rules)
 * 1:6078 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - get information (malware-backdoor.rules)
 * 1:6080 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show autospy (malware-backdoor.rules)
 * 1:6082 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - show nude pic (malware-backdoor.rules)
 * 1:6084 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - hide taskbar (malware-backdoor.rules)
 * 1:6086 <-> DISABLED <-> MALWARE-BACKDOOR autospy runtime detection - make directory (malware-backdoor.rules)
 * 1:6088 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - init connection (malware-backdoor.rules)
 * 1:6090 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get memory info (malware-backdoor.rules)
 * 1:6092 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get harddisk info (malware-backdoor.rules)
 * 1:6094 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get drive info (malware-backdoor.rules)
 * 1:6096 <-> DISABLED <-> MALWARE-BACKDOOR a trojan 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:6098 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - check server (malware-backdoor.rules)
 * 1:6100 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - view content of directory (malware-backdoor.rules)
 * 1:6102 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - execute command (malware-backdoor.rules)
 * 1:6104 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - upload file (malware-backdoor.rules)
 * 1:6106 <-> DISABLED <-> MALWARE-BACKDOOR alvgus 2000 runtime detection - download file (malware-backdoor.rules)
 * 1:6107 <-> DISABLED <-> MALWARE-BACKDOOR backage 3.1 runtime detection (malware-backdoor.rules)
 * 1:6109 <-> DISABLED <-> MALWARE-BACKDOOR dagger v1.1.40 runtime detection (malware-backdoor.rules)
 * 1:6110 <-> DISABLED <-> MALWARE-BACKDOOR forced entry v1.1 beta runtime detection (malware-backdoor.rules)
 * 1:6113 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - init conn (malware-backdoor.rules)
 * 1:6114 <-> DISABLED <-> MALWARE-BACKDOOR optix 1.32 runtime detection - email notification (malware-backdoor.rules)
 * 1:6115 <-> DISABLED <-> MALWARE-CNC optix 1.32 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6117 <-> DISABLED <-> MALWARE-BACKDOOR fore v1.0 beta runtime detection - init conn (malware-backdoor.rules)
 * 1:6119 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - initial connection server-to-client (malware-backdoor.rules)
 * 1:6121 <-> DISABLED <-> MALWARE-BACKDOOR net runner runtime detection - download file server-to-client (malware-backdoor.rules)
 * 1:6124 <-> DISABLED <-> MALWARE-BACKDOOR ambush 1.0 runtime detection - ping server-to-client (malware-backdoor.rules)
 * 1:6126 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - smtp (malware-backdoor.rules)
 * 1:6127 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - udp client-to-server (malware-backdoor.rules)
 * 1:6128 <-> DISABLED <-> MALWARE-BACKDOOR dkangel runtime detection - icmp echo reply client-to-server (malware-backdoor.rules)
 * 1:6130 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get computer name (malware-backdoor.rules)
 * 1:6132 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - get user name (malware-backdoor.rules)
 * 1:6133 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - send messages (malware-backdoor.rules)
 * 1:6134 <-> DISABLED <-> MALWARE-BACKDOOR chupacabra 1.0 runtime detection - delete file (malware-backdoor.rules)
 * 1:6136 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture big screen (malware-backdoor.rules)
 * 1:6137 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - capture small screen (malware-backdoor.rules)
 * 1:6138 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get computer info (malware-backdoor.rules)
 * 1:6139 <-> DISABLED <-> MALWARE-BACKDOOR clindestine 1.0 runtime detection - get system directory (malware-backdoor.rules)
 * 1:6142 <-> DISABLED <-> MALWARE-BACKDOOR hellzaddiction v1.0e runtime detection - ftp open (malware-backdoor.rules)
 * 1:6143 <-> DISABLED <-> MALWARE-BACKDOOR dark connection inside v1.2 runtime detection (malware-backdoor.rules)
 * 1:6146 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - sent notify option client-to-server 2 (malware-backdoor.rules)
 * 1:6148 <-> DISABLED <-> MALWARE-BACKDOOR mantis runtime detection - go to address server-to-client (malware-backdoor.rules)
 * 1:6150 <-> DISABLED <-> MALWARE-BACKDOOR netcontrol v1.0.8 runtime detection (malware-backdoor.rules)
 * 1:6151 <-> DISABLED <-> MALWARE-BACKDOOR back attack v1.4 runtime detection (malware-backdoor.rules)
 * 1:6153 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - chdir server-to-client (malware-backdoor.rules)
 * 1:6155 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - info server-to-client (malware-backdoor.rules)
 * 1:6157 <-> DISABLED <-> MALWARE-BACKDOOR dirtxt runtime detection - view server-to-client (malware-backdoor.rules)
 * 1:6159 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - enable keylogger (malware-backdoor.rules)
 * 1:6160 <-> DISABLED <-> MALWARE-BACKDOOR delirium of disorder runtime detection - stop keylogger (malware-backdoor.rules)
 * 1:6161 <-> DISABLED <-> MALWARE-BACKDOOR furax 1.0 b2 runtime detection (malware-backdoor.rules)
 * 1:6165 <-> DISABLED <-> MALWARE-BACKDOOR psyrat 1.0 runtime detection (malware-backdoor.rules)
 * 1:6166 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - initial connection (malware-backdoor.rules)
 * 1:6168 <-> DISABLED <-> MALWARE-BACKDOOR unicorn runtime detection - set wallpaper server-to-client (malware-backdoor.rules)
 * 1:6170 <-> DISABLED <-> MALWARE-BACKDOOR digital rootbeer runtime detection (malware-backdoor.rules)
 * 1:6172 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - get version info (malware-backdoor.rules)
 * 1:6174 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - file explorer (malware-backdoor.rules)
 * 1:6175 <-> DISABLED <-> MALWARE-BACKDOOR cookie monster 0.24 runtime detection - kill kernel (malware-backdoor.rules)
 * 1:6176 <-> DISABLED <-> MALWARE-BACKDOOR guptachar 2.0 runtime detection (malware-backdoor.rules)
 * 1:6177 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill process client-to-server (malware-backdoor.rules)
 * 1:6178 <-> DISABLED <-> MALWARE-BACKDOOR ultimate destruction runtime detection - kill windows client-to-server (malware-backdoor.rules)
 * 1:6179 <-> DISABLED <-> MALWARE-BACKDOOR bladerunner 0.80 runtime detection (malware-backdoor.rules)
 * 1:6181 <-> DISABLED <-> MALWARE-BACKDOOR netraider 0.0 runtime detection (malware-backdoor.rules)
 * 1:6190 <-> DISABLED <-> MALWARE-OTHER Keylogger eblaster 5.0 runtime detection (malware-other.rules)
 * 1:6205 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool freak 88 das runtime detection (malware-tools.rules)
 * 1:6206 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sin stealer 1.1 runtime detection (malware-tools.rules)
 * 1:6207 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - smtp (malware-other.rules)
 * 1:6208 <-> DISABLED <-> MALWARE-OTHER Keylogger winsession runtime detection - ftp (malware-other.rules)
 * 1:6220 <-> DISABLED <-> MALWARE-OTHER Keylogger boss everyware runtime detection (malware-other.rules)
 * 1:6221 <-> DISABLED <-> MALWARE-OTHER Keylogger computerspy runtime detection (malware-other.rules)
 * 1:6286 <-> DISABLED <-> MALWARE-BACKDOOR antilamer 1.1 runtime detection (malware-backdoor.rules)
 * 1:6287 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - telent (malware-backdoor.rules)
 * 1:6288 <-> DISABLED <-> MALWARE-BACKDOOR fictional daemon 4.4 runtime detection - ftp (malware-backdoor.rules)
 * 1:6291 <-> DISABLED <-> MALWARE-CNC justjoke v2.6 variant outbound connection (malware-cnc.rules)
 * 1:6292 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6295 <-> DISABLED <-> MALWARE-BACKDOOR joker ddos v1.0.1 runtime detection - bomb (malware-backdoor.rules)
 * 1:6296 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 1 (malware-cnc.rules)
 * 1:6297 <-> DISABLED <-> MALWARE-CNC insurrection 1.1.0 variant outbound connection icq notification 2 (malware-cnc.rules)
 * 1:6298 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - reverse connection (malware-backdoor.rules)
 * 1:6299 <-> DISABLED <-> MALWARE-BACKDOOR insurrection 1.1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6300 <-> DISABLED <-> MALWARE-CNC cia 1.3 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6301 <-> DISABLED <-> MALWARE-BACKDOOR cia 1.3 runtime detection - smtp notification (malware-backdoor.rules)
 * 1:6303 <-> DISABLED <-> MALWARE-BACKDOOR cia runtime detection - initial connection (malware-backdoor.rules)
 * 1:6305 <-> DISABLED <-> MALWARE-BACKDOOR softwar shadowthief runtime detection - initial connection (malware-backdoor.rules)
 * 1:6306 <-> DISABLED <-> MALWARE-BACKDOOR shit heep runtime detection (malware-backdoor.rules)
 * 1:6308 <-> DISABLED <-> MALWARE-BACKDOOR lamespy runtime detection - initial connection (malware-backdoor.rules)
 * 1:6311 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - initial connection - password accepted (malware-backdoor.rules)
 * 1:6313 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - message response (malware-backdoor.rules)
 * 1:6315 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - open browser response (malware-backdoor.rules)
 * 1:6317 <-> DISABLED <-> MALWARE-BACKDOOR net demon runtime detection - file manager response (malware-backdoor.rules)
 * 1:6318 <-> DISABLED <-> MALWARE-BACKDOOR rtb666 runtime detection (malware-backdoor.rules)
 * 1:6321 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement (malware-backdoor.rules)
 * 1:6322 <-> DISABLED <-> MALWARE-BACKDOOR ptakks2.1 runtime detection - command pattern (malware-backdoor.rules)
 * 1:6324 <-> DISABLED <-> MALWARE-BACKDOOR 3xBackdoor runtime detection (malware-backdoor.rules)
 * 1:6325 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6327 <-> DISABLED <-> MALWARE-BACKDOOR fucktrojan 1.2 runtime detection - flood (malware-backdoor.rules)
 * 1:6328 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - initial connection (malware-backdoor.rules)
 * 1:6330 <-> DISABLED <-> MALWARE-BACKDOOR commando runtime detection - chat server-to-client (malware-backdoor.rules)
 * 1:6331 <-> DISABLED <-> MALWARE-CNC globalkiller1.0 variant outbound connection notification (malware-cnc.rules)
 * 1:6332 <-> DISABLED <-> MALWARE-BACKDOOR globalkiller1.0 runtime detection - initial connection (malware-backdoor.rules)
 * 1:6333 <-> DISABLED <-> MALWARE-BACKDOOR wincrash 2.0 runtime detection (malware-backdoor.rules)
 * 1:6334 <-> DISABLED <-> MALWARE-BACKDOOR backlash runtime detection (malware-backdoor.rules)
 * 1:6336 <-> DISABLED <-> MALWARE-BACKDOOR buttman v0.9p runtime detection - remote control (malware-backdoor.rules)
 * 1:6338 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend file manage command (malware-backdoor.rules)
 * 1:6339 <-> DISABLED <-> MALWARE-BACKDOOR hatredfriend email notification detection (malware-backdoor.rules)
 * 1:6340 <-> DISABLED <-> MALWARE-OTHER Keylogger handy keylogger runtime detection (malware-other.rules)
 * 1:6365 <-> DISABLED <-> MALWARE-OTHER Sony rootkit runtime detection (malware-other.rules)
 * 1:6383 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - tcp connection setup (malware-other.rules)
 * 1:6384 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent discover broadcast (malware-other.rules)
 * 1:6385 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent status monitoring (malware-other.rules)
 * 1:6386 <-> DISABLED <-> MALWARE-OTHER Keylogger stealthwatcher 2000 runtime detection - agent up notification (malware-other.rules)
 * 1:6395 <-> DISABLED <-> MALWARE-CNC a-311 death variant outbound connection server-to-client (malware-cnc.rules)
 * 1:6396 <-> DISABLED <-> MALWARE-CNC a-311 death user-agent string detected (malware-cnc.rules)
 * 1:6397 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - smtp (malware-backdoor.rules)
 * 1:6398 <-> DISABLED <-> MALWARE-BACKDOOR http rat runtime detection - http (malware-backdoor.rules)
 * 1:6399 <-> DISABLED <-> MALWARE-BACKDOOR rad 1.2.3 runtime detection (malware-backdoor.rules)
 * 1:6401 <-> DISABLED <-> MALWARE-BACKDOOR snowdoor runtime detection server-to-client (malware-backdoor.rules)
 * 1:6402 <-> DISABLED <-> MALWARE-BACKDOOR netangel connection client-to-server (malware-backdoor.rules)
 * 1:6473 <-> DISABLED <-> MALWARE-BACKDOOR bugs runtime detection - file manager server-to-client (malware-backdoor.rules)
 * 1:6474 <-> DISABLED <-> MALWARE-CNC Win.Trojan.loosky.gen variant outbound connection notification (malware-cnc.rules)
 * 1:6476 <-> DISABLED <-> MALWARE-BACKDOOR badrat 1.1 runtime detection (malware-backdoor.rules)
 * 1:6477 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool beee runtime detection - smtp (malware-tools.rules)
 * 1:6492 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - notification (malware-backdoor.rules)
 * 1:6493 <-> DISABLED <-> MALWARE-BACKDOOR Trickler Backdoor-BAC.gen.e runtime detection - post data (malware-backdoor.rules)
 * 1:6498 <-> DISABLED <-> MALWARE-BACKDOOR exploiter 1.0 runtime detection (malware-backdoor.rules)
 * 1:7057 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - initial connection (malware-backdoor.rules)
 * 1:7060 <-> DISABLED <-> MALWARE-BACKDOOR charon runtime detection - download file/log (malware-backdoor.rules)
 * 1:7064 <-> DISABLED <-> MALWARE-BACKDOOR cybernetic 1.62 runtime detection - email notification (malware-backdoor.rules)
 * 1:7068 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - ping (malware-backdoor.rules)
 * 1:7069 <-> DISABLED <-> MALWARE-BACKDOOR delta source 0.5 beta runtime detection - pc info (malware-backdoor.rules)
 * 1:7072 <-> DISABLED <-> MALWARE-BACKDOOR fraggle rock 2.0 lite runtime detection - pc info (malware-backdoor.rules)
 * 1:7073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection notification (malware-cnc.rules)
 * 1:7074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.dumaru.gen variant outbound connection cmd (malware-cnc.rules)
 * 1:7075 <-> DISABLED <-> MALWARE-BACKDOOR bandook 1.0 runtime detection (malware-backdoor.rules)
 * 1:7076 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection cgi notification (malware-cnc.rules)
 * 1:7077 <-> DISABLED <-> MALWARE-CNC minimo v0.6 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7081 <-> DISABLED <-> MALWARE-BACKDOOR up and run v1.0 beta runtime detection (malware-backdoor.rules)
 * 1:7084 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7086 <-> DISABLED <-> MALWARE-BACKDOOR erazer v1.1 runtime detection - init connection (malware-backdoor.rules)
 * 1:7103 <-> DISABLED <-> MALWARE-CNC gwboy 0.92 variant outbound connection (malware-cnc.rules)
 * 1:7120 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 1 (malware-backdoor.rules)
 * 1:7122 <-> DISABLED <-> MALWARE-BACKDOOR y3k 1.2 runtime detection - init connection 2 (malware-backdoor.rules)
 * 1:7146 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - sin notification (malware-tools.rules)
 * 1:7147 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection icq notification (malware-cnc.rules)
 * 1:7148 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool sars notifier runtime detection - cgi notification (malware-tools.rules)
 * 1:7149 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection php notification (malware-cnc.rules)
 * 1:7150 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection irc notification (malware-cnc.rules)
 * 1:7151 <-> DISABLED <-> MALWARE-CNC Hacker-Tool sars notifier variant outbound connection net send notification (malware-cnc.rules)
 * 1:7154 <-> DISABLED <-> MALWARE-OTHER Keylogger active keylogger home runtime detection (malware-other.rules)
 * 1:7156 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - email delivery (malware-other.rules)
 * 1:7158 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - remote conn server-to-client (malware-other.rules)
 * 1:7160 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - upload file server-to-client (malware-other.rules)
 * 1:7162 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - download file server-to-client (malware-other.rules)
 * 1:7164 <-> DISABLED <-> MALWARE-OTHER Keylogger win-spy runtime detection - execute file server-to-client (malware-other.rules)
 * 1:7169 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - information exchange (malware-other.rules)
 * 1:7176 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - log retrieve (malware-other.rules)
 * 1:7177 <-> DISABLED <-> MALWARE-OTHER Keylogger ab system spy runtime detection - info send through email (malware-other.rules)
 * 1:7180 <-> DISABLED <-> MALWARE-OTHER Keylogger desktop detective 2000 runtime detection - init connection (malware-other.rules)
 * 1:7183 <-> DISABLED <-> MALWARE-CNC Snoopware barok variant outbound connection (malware-cnc.rules)
 * 1:7184 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - smtp (malware-other.rules)
 * 1:7185 <-> DISABLED <-> MALWARE-OTHER Keylogger 007 spy software runtime detection - ftp (malware-other.rules)
 * 1:7186 <-> DISABLED <-> MALWARE-OTHER Keylogger kgb Keylogger runtime detection (malware-other.rules)
 * 1:7189 <-> DISABLED <-> MALWARE-OTHER Trackware shopathome runtime detection - setcookie request (malware-other.rules)
 * 1:7504 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - ftp-data (malware-other.rules)
 * 1:7505 <-> DISABLED <-> MALWARE-OTHER Keylogger actualspy runtime detection - smtp (malware-other.rules)
 * 1:7507 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - init connection (malware-tools.rules)
 * 1:7509 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool coma runtime detection - ping (malware-tools.rules)
 * 1:7539 <-> DISABLED <-> MALWARE-OTHER Keylogger eye spy pro 1.0 runtime detection (malware-other.rules)
 * 1:7541 <-> DISABLED <-> MALWARE-OTHER Keylogger starlogger runtime detection (malware-other.rules)
 * 1:7542 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool mini oblivion runtime detection - successful init connection (malware-tools.rules)
 * 1:7546 <-> DISABLED <-> MALWARE-OTHER Keylogger PerfectKeylogger runtime detection (malware-other.rules)
 * 1:7547 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent status monitoring (malware-other.rules)
 * 1:7548 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection - agent up notification (malware-other.rules)
 * 1:7549 <-> DISABLED <-> MALWARE-OTHER Keylogger activity monitor 3.8 runtime detection (malware-other.rules)
 * 1:7551 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - smtp (malware-other.rules)
 * 1:7552 <-> DISABLED <-> MALWARE-OTHER Keylogger ardamax keylogger runtime detection - ftp (malware-other.rules)
 * 1:7557 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - start up (malware-other.rules)
 * 1:7558 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - installation notify (malware-other.rules)
 * 1:7559 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - track user activity and status (malware-other.rules)
 * 1:7560 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - self update (malware-other.rules)
 * 1:7561 <-> DISABLED <-> MALWARE-OTHER Trackware purityscan runtime detection - opt out of interstitial advertising (malware-other.rules)
 * 1:7568 <-> DISABLED <-> MALWARE-OTHER Trackware webhancer runtime detection (malware-other.rules)
 * 1:7574 <-> DISABLED <-> MALWARE-OTHER Keylogger proagent 2.0 runtime detection (malware-other.rules)
 * 1:7586 <-> DISABLED <-> MALWARE-TOOLS Hacker-Tool clandestine runtime detection - image transferred (malware-tools.rules)
 * 1:7592 <-> DISABLED <-> MALWARE-OTHER Keylogger keylogger pro runtime detection (malware-other.rules)
 * 1:7597 <-> DISABLED <-> MALWARE-OTHER Keylogger spy lantern keylogger runtime detection (malware-other.rules)
 * 1:7605 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - screen capture (malware-backdoor.rules)
 * 1:7607 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - get system info (malware-backdoor.rules)
 * 1:7609 <-> DISABLED <-> MALWARE-BACKDOOR katux 2.0 runtime detection - chat (malware-backdoor.rules)
 * 1:7616 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection without password (malware-backdoor.rules)
 * 1:7619 <-> DISABLED <-> MALWARE-BACKDOOR theef 2.0 runtime detection - connection request with password (malware-backdoor.rules)
 * 1:7623 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - connection request (malware-backdoor.rules)
 * 1:7624 <-> DISABLED <-> MALWARE-BACKDOOR remote control 1.7 runtime detection - data connection (malware-backdoor.rules)
 * 1:7629 <-> DISABLED <-> MALWARE-BACKDOOR skyrat show runtime detection - initial connection (malware-backdoor.rules)
 * 1:7630 <-> DISABLED <-> MALWARE-BACKDOOR helios 3.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7632 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch system info (malware-backdoor.rules)
 * 1:7634 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - irc connection (malware-backdoor.rules)
 * 1:7636 <-> DISABLED <-> MALWARE-BACKDOOR hornet 1.0 runtime detection - fetch processes list (malware-backdoor.rules)
 * 1:7637 <-> DISABLED <-> MALWARE-CNC hornet 1.0 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7638 <-> DISABLED <-> MALWARE-BACKDOOR Win.Exploit.Backdoor ncph runtime detection - initial connection (malware-backdoor.rules)
 * 1:7639 <-> DISABLED <-> MALWARE-CNC air variant outbound connection php notification (malware-cnc.rules)
 * 1:7640 <-> DISABLED <-> MALWARE-CNC air variant outbound connection webmail notification (malware-cnc.rules)
 * 1:7641 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7642 <-> DISABLED <-> MALWARE-BACKDOOR am remote client runtime detection - client response (malware-backdoor.rules)
 * 1:7644 <-> DISABLED <-> MALWARE-BACKDOOR ullysse runtime detection - client-to-server (malware-backdoor.rules)
 * 1:7646 <-> DISABLED <-> MALWARE-BACKDOOR snipernet 2.1 runtime detection (malware-backdoor.rules)
 * 1:7658 <-> DISABLED <-> MALWARE-BACKDOOR jodeitor 1.1 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7659 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - sin notification (malware-backdoor.rules)
 * 1:7661 <-> DISABLED <-> MALWARE-BACKDOOR lan filtrator 1.1 runtime detection - initial connection request (malware-backdoor.rules)
 * 1:7663 <-> DISABLED <-> MALWARE-BACKDOOR snid x2 v1.2 runtime detection - initial connection (malware-backdoor.rules)
 * 1:7665 <-> DISABLED <-> MALWARE-BACKDOOR screen control 1.0 runtime detection - initial connection (malware-backdoor.rules)