Talos Rules 2017-12-28
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the and malware-cnc rule sets to provide coverage for emerging threats from these technologies.

Change logs

2017-12-28 20:33:59 UTC

Snort Subscriber Rules Update

Date: 2017-12-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091100.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)

Modified Rules:


 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:12371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpamBlockerUtility (malware-cnc.rules)
 * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules)
 * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules)
 * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules)
 * 1:13638 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.VirusHeat (malware-cnc.rules)
 * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules)
 * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules)
 * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules)
 * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules)
 * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules)
 * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules)
 * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules)
 * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules)
 * 1:16497 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16551 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules)
 * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules)
 * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules)
 * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules)
 * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules)
 * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules)
 * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules)
 * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules)
 * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules)
 * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules)
 * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules)
 * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules)
 * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules)
 * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules)
 * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules)
 * 1:18353 <-> ENABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules)
 * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules)
 * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules)
 * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules)
 * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules)
 * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules)
 * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules)
 * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules)
 * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules)
 * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules)
 * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules)
 * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules)
 * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules)
 * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules)
 * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules)
 * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules)
 * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules)
 * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules)
 * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules)
 * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules)
 * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules)
 * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules)
 * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules)
 * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules)
 * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules)
 * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules)
 * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules)
 * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules)
 * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules)
 * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules)
 * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules)
 * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules)
 * 1:18388 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules)
 * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules)
 * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules)
 * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules)
 * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules)
 * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules)
 * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules)
 * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules)
 * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules)
 * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules)
 * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules)
 * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules)
 * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules)
 * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules)
 * 1:20021 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Brontok (malware-cnc.rules)
 * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules)
 * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ZmEu - vulnerability scanner (malware-cnc.rules)
 * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DataCha0s (malware-cnc.rules)
 * 1:21266 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Morfeus Scanner (malware-cnc.rules)
 * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21327 <-> ENABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21526 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21591 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21636 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21639 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21925 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:22939 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23627 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23903 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24631 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24792 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Google page (malware-cnc.rules)
 * 1:25009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25119 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozila (malware-cnc.rules)
 * 1:25261 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE (malware-cnc.rules)
 * 1:25262 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IEToolbar (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25659 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - spam_bot (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:26248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26558 <-> ENABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26577 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26685 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26702 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26751 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:27015 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexplorer (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27263 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27709 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27868 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:28362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28558 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28852 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28859 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:29139 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29150 <-> ENABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29174 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29180 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29341 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29358 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29371 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29431 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29760 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29824 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29887 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:30210 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30290 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30301 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30308 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30314 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30331 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30344 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30518 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30918 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:31090 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31122 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31150 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31417 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31557 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31990 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32030 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32052 <-> ENABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32060 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32125 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32294 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32333 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32383 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32402 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32978 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:33047 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33207 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - PPKHandler - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33519 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33649 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33884 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33907 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33914 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:34607 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34843 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:35316 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:36833 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:38234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38304 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38961 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38962 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:5992 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mirar_KeywordContentHijacker (malware-cnc.rules)
 * 1:5988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZC-Bridge (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:5900 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:5808 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:5789 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ActMon (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:45230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45229 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45051 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:44889 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WidgiToolbar (malware-cnc.rules)
 * 1:44886 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:44773 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44772 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44440 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44317 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44214 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44213 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:43220 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:42886 <-> ENABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:42838 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:42832 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42830 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42454 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42020 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:41656 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41539 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41457 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41456 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41403 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41318 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:40870 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40869 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40800 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40782 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40733 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40644 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40643 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40528 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40217 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40216 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40212 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40081 <-> DISABLED <-> MALWARE-CNC User-Agent known PUA user-agent string - TopTools100 (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Fareit (malware-cnc.rules)
 * 1:40012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DetoxCrypto2 (malware-cnc.rules)
 * 1:39886 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:39361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules)
 * 1:39710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:39362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules)

2017-12-28 20:33:59 UTC

Snort Subscriber Rules Update

Date: 2017-12-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)

Modified Rules:


 * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules)
 * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules)
 * 1:19175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules)
 * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules)
 * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules)
 * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules)
 * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules)
 * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules)
 * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules)
 * 1:18388 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules)
 * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules)
 * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules)
 * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules)
 * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules)
 * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules)
 * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules)
 * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules)
 * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules)
 * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules)
 * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules)
 * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules)
 * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules)
 * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules)
 * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules)
 * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules)
 * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules)
 * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules)
 * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules)
 * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules)
 * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules)
 * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules)
 * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules)
 * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules)
 * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules)
 * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules)
 * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules)
 * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules)
 * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules)
 * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules)
 * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules)
 * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules)
 * 1:18353 <-> ENABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules)
 * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules)
 * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules)
 * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules)
 * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules)
 * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules)
 * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules)
 * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules)
 * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules)
 * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules)
 * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules)
 * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules)
 * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules)
 * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules)
 * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules)
 * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:16551 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16497 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules)
 * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules)
 * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules)
 * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules)
 * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules)
 * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules)
 * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules)
 * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules)
 * 1:13638 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.VirusHeat (malware-cnc.rules)
 * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules)
 * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules)
 * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules)
 * 1:12371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpamBlockerUtility (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Fareit (malware-cnc.rules)
 * 1:40733 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:39710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:41539 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:5988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZC-Bridge (malware-cnc.rules)
 * 1:43220 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:45229 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:44440 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44772 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:5992 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mirar_KeywordContentHijacker (malware-cnc.rules)
 * 1:40216 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:5808 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:40644 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:42454 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:44889 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WidgiToolbar (malware-cnc.rules)
 * 1:39362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules)
 * 1:40012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DetoxCrypto2 (malware-cnc.rules)
 * 1:40870 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:44317 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:42838 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:44773 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44214 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:41403 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:40782 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40643 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:42832 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:41457 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:40869 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:5789 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ActMon (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:45051 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:44362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:42886 <-> ENABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:39886 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:41441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41456 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:5900 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:42020 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:40251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:40528 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:42019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:45230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:42831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:40800 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40217 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40212 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:42830 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:41318 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41656 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:44886 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:44213 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:40081 <-> DISABLED <-> MALWARE-CNC User-Agent known PUA user-agent string - TopTools100 (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:39361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules)
 * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules)
 * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules)
 * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules)
 * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules)
 * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules)
 * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules)
 * 1:20021 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Brontok (malware-cnc.rules)
 * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules)
 * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ZmEu - vulnerability scanner (malware-cnc.rules)
 * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DataCha0s (malware-cnc.rules)
 * 1:21266 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Morfeus Scanner (malware-cnc.rules)
 * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21327 <-> ENABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21526 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21591 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21636 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21639 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21925 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:22939 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23627 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23903 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24631 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24792 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Google page (malware-cnc.rules)
 * 1:25009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25119 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozila (malware-cnc.rules)
 * 1:25261 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE (malware-cnc.rules)
 * 1:25262 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IEToolbar (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25659 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - spam_bot (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:26248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:26558 <-> ENABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:26577 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26685 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26702 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26751 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:27015 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexplorer (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27263 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27709 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:27710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27868 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:28362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:28558 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28852 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:28859 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:29139 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29150 <-> ENABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29174 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29180 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29341 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29358 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29371 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29431 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29760 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29824 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29887 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:30210 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30290 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30301 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30308 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30314 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30331 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30344 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30518 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30918 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:31090 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31122 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31150 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31417 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31557 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31990 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31991 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32030 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32052 <-> ENABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:32060 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32125 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32294 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32296 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32333 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32383 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32402 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32978 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32979 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32980 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:33047 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33207 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - PPKHandler - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33258 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33259 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33519 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33649 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33884 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33907 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33914 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:34607 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:34843 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:35316 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:36833 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:38234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:38304 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38961 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38962 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)

2017-12-28 20:33:59 UTC

Snort Subscriber Rules Update

Date: 2017-12-28

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:45260 <-> ENABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)

Modified Rules:


 * 1:39361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules)
 * 1:38304 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - JexBoss (malware-cnc.rules)
 * 1:38961 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - fsrhrsrg - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38962 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - uguogo - Win.Trojan.Nemucod (malware-cnc.rules)
 * 1:38234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.FighterPOS (malware-cnc.rules)
 * 1:35316 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string EI Plugin updater (malware-cnc.rules)
 * 1:35710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:36833 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozila (malware-cnc.rules)
 * 1:34843 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - EMERY - Win.Trojan.W97M (malware-cnc.rules)
 * 1:33907 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - KAIIOOOO871 - Win.Trojan.Dridex (malware-cnc.rules)
 * 1:33914 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Barys (malware-cnc.rules)
 * 1:34607 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Punkey (malware-cnc.rules)
 * 1:33884 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dolit (malware-cnc.rules)
 * 1:33633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Downing - Win.Trojan.Otwycal (malware-cnc.rules)
 * 1:33649 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Google Omaha - Win.Trojan.ExtenBro (malware-cnc.rules)
 * 1:33831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent DownloadMR - Solimba (malware-cnc.rules)
 * 1:33522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - DNS Changer (malware-cnc.rules)
 * 1:33259 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - testupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33260 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlyupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33519 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - ALIZER (malware-cnc.rules)
 * 1:33258 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Updates downloader - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33255 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - iMacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33257 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - onlymacros - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33256 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - macrotest - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - USER_CHECK - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33253 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - bbbbbbbbbb - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33254 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - hi - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - PPKHandler - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33252 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WATClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33249 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SLSSoapClient - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Tintin - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Peers12 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera10 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33246 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - OperaMini - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33238 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Wurst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33244 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Opera - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33240 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - FixUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33242 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Explorer - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33234 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2508Inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33239 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Installer/1.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33236 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2808inst - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33237 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Player - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33235 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-2 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33232 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - AppUpdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33233 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - 2608cw-1 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32979 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:33231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Firefox/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33047 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - realupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:33207 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mazilla/5.0 - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32402 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent globalupdate - Osx.Trojan.Wirelurker (malware-cnc.rules)
 * 1:32980 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - multi-browser (malware-cnc.rules)
 * 1:32645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RUpdate (malware-cnc.rules)
 * 1:32978 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - extra IE version (malware-cnc.rules)
 * 1:32296 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string update - Win.Trojan.Waski (malware-cnc.rules)
 * 1:32455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent VUPHTTP - Win.Trojan.Puvespia (malware-cnc.rules)
 * 1:32383 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - connect - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32384 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - myupdate - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32060 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent string - httptestman - Win.Backdoor.Rabasheeta (malware-cnc.rules)
 * 1:32333 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fast uax (malware-cnc.rules)
 * 1:32294 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BloodguyBrowser-_- (malware-cnc.rules)
 * 1:32295 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string http - Win.Trojan.Waski (malware-cnc.rules)
 * 1:31990 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Install - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32125 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - update - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:32030 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Decibal - Win.Trojan.Decibal (malware-cnc.rules)
 * 1:32052 <-> ENABLED <-> MALWARE-CNC User-Agent Xsser mRAT user-agent (malware-cnc.rules)
 * 1:31150 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31991 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Treck - Win.Backdoor.Upatre (malware-cnc.rules)
 * 1:31417 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31557 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:30518 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:31225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31090 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31122 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:30314 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30918 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30331 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30344 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30290 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30315 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30308 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:29824 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:30301 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30210 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30250 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:29431 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29887 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29652 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29760 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29645 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29180 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29371 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29341 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29358 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29174 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29139 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29150 <-> ENABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:28558 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string getURLdown (malware-cnc.rules)
 * 1:28859 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent z00sAgent - Win.Trojan.Zbot (malware-cnc.rules)
 * 1:28860 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Nitedrem (malware-cnc.rules)
 * 1:27709 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string umbra (malware-cnc.rules)
 * 1:28852 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Linux.Trojan.Zollard (malware-cnc.rules)
 * 1:27868 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - dt12012 (malware-cnc.rules)
 * 1:28362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SUiCiDE/1.5 (malware-cnc.rules)
 * 1:26751 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - msctls_progress32 (malware-cnc.rules)
 * 1:27710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IExplore (malware-cnc.rules)
 * 1:27044 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string pb - Htbot (malware-cnc.rules)
 * 1:27263 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - yahoonews (malware-cnc.rules)
 * 1:27015 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexplorer (malware-cnc.rules)
 * 1:26702 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win (malware-cnc.rules)
 * 1:26577 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent Opera 10 (malware-cnc.rules)
 * 1:26685 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string J13A (malware-cnc.rules)
 * 1:26686 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alina (malware-cnc.rules)
 * 1:26558 <-> ENABLED <-> MALWARE-CNC User-Agent known Malicious user agent Brutus AET (malware-cnc.rules)
 * 1:25980 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pass (malware-cnc.rules)
 * 1:26248 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent cibabam (malware-cnc.rules)
 * 1:26522 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent NOKIAN95/WEB (malware-cnc.rules)
 * 1:25659 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - spam_bot (malware-cnc.rules)
 * 1:25476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25260 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozila (malware-cnc.rules)
 * 1:25262 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string IEToolbar (malware-cnc.rules)
 * 1:25261 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE (malware-cnc.rules)
 * 1:25245 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25119 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25243 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:24792 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Google page (malware-cnc.rules)
 * 1:24631 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24634 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24633 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:23019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:24442 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:23903 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:21639 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:23627 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:22939 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:21476 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21925 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21591 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21636 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21526 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21475 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21455 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21246 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DataCha0s (malware-cnc.rules)
 * 1:21278 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21327 <-> ENABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21266 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Morfeus Scanner (malware-cnc.rules)
 * 1:21206 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21225 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21188 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:20230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20293 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ZmEu - vulnerability scanner (malware-cnc.rules)
 * 1:20104 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20231 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20106 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20012 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20105 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20039 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Hardcore Software (malware-cnc.rules)
 * 1:20019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test (malware-cnc.rules)
 * 1:20021 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Brontok (malware-cnc.rules)
 * 1:20009 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:19756 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19786 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla (malware-cnc.rules)
 * 1:19934 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MYURL (malware-cnc.rules)
 * 1:19611 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string INet - Win32.Virus.Jusabli.A (malware-cnc.rules)
 * 1:19485 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RAV1 (malware-cnc.rules)
 * 1:19570 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ie 11.0 sp6 (malware-cnc.rules)
 * 1:19589 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string javasw - Trojan.Banload (malware-cnc.rules)
 * 1:19480 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:18395 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Duckling/1.0 (malware-cnc.rules)
 * 1:19434 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrCode (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:18391 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MyLove (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:18394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCRecover (malware-cnc.rules)
 * 1:18393 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string vyre32 (malware-cnc.rules)
 * 1:18387 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string dwplayer (malware-cnc.rules)
 * 1:18392 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string qixi (malware-cnc.rules)
 * 1:18389 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 3653Client (malware-cnc.rules)
 * 1:18390 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Delphi 5.x (malware-cnc.rules)
 * 1:18382 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WMUpdate (malware-cnc.rules)
 * 1:18388 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18385 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTPCSDCENTER (malware-cnc.rules)
 * 1:18386 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AHTTPConnection (malware-cnc.rules)
 * 1:18383 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPInstaller (malware-cnc.rules)
 * 1:18378 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoHotkey (malware-cnc.rules)
 * 1:18381 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Travel Update (malware-cnc.rules)
 * 1:18379 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AskInstallChecker (malware-cnc.rules)
 * 1:18380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPUpdater (malware-cnc.rules)
 * 1:18377 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string malware (malware-cnc.rules)
 * 1:18374 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string SurfBear (malware-cnc.rules)
 * 1:18375 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string HTTP Wininet (malware-cnc.rules)
 * 1:18376 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Trololo (malware-cnc.rules)
 * 1:18373 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Installer (malware-cnc.rules)
 * 1:18369 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iexp-get (malware-cnc.rules)
 * 1:18370 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla Windows MSIE (malware-cnc.rules)
 * 1:18371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string QvodDown (malware-cnc.rules)
 * 1:18368 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Our_Agent (malware-cnc.rules)
 * 1:18365 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Agentcc (malware-cnc.rules)
 * 1:18366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string OCInstaller (malware-cnc.rules)
 * 1:18367 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string FPRecover (malware-cnc.rules)
 * 1:18364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string msndown (malware-cnc.rules)
 * 1:18361 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Downloader1.1 (malware-cnc.rules)
 * 1:18363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules)
 * 1:18357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Setup Factory (malware-cnc.rules)
 * 1:18362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Search Toolbar 1.1 (malware-cnc.rules)
 * 1:18360 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Oncues (malware-cnc.rules)
 * 1:18358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_INETLOAD (malware-cnc.rules)
 * 1:18359 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Shareaza (malware-cnc.rules)
 * 1:18355 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Se2011 (malware-cnc.rules)
 * 1:18353 <-> ENABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18356 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string random (malware-cnc.rules)
 * 1:18349 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flipopia (malware-cnc.rules)
 * 1:18354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string opera/8.11 (malware-cnc.rules)
 * 1:18351 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPUpdater (malware-cnc.rules)
 * 1:18352 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (malware-cnc.rules)
 * 1:18345 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (malware-cnc.rules)
 * 1:18350 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GabPath (malware-cnc.rules)
 * 1:18348 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (malware-cnc.rules)
 * 1:18346 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string GPRecover (malware-cnc.rules)
 * 1:18347 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string AutoIt (malware-cnc.rules)
 * 1:18340 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (malware-cnc.rules)
 * 1:18342 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSIS_DOWNLOAD (malware-cnc.rules)
 * 1:18343 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string WSEnrichment (malware-cnc.rules)
 * 1:18247 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:18341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string UtilMind HTTPGet (malware-cnc.rules)
 * 1:18337 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string iamx/3.11 (malware-cnc.rules)
 * 1:18338 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string NSISDL/1.2 (malware-cnc.rules)
 * 1:14059 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_HOMEPAGE (malware-cnc.rules)
 * 1:18336 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string gbot/2.3 (malware-cnc.rules)
 * 1:16551 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:14060 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CPUSH_UPDATER (malware-cnc.rules)
 * 1:16497 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:13855 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpeedRunner (malware-cnc.rules)
 * 1:13932 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - opera (malware-cnc.rules)
 * 1:14057 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DMFR (malware-cnc.rules)
 * 1:12723 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - WakeSpace (malware-cnc.rules)
 * 1:13931 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PcPcUpdater (malware-cnc.rules)
 * 1:13782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EzReward (malware-cnc.rules)
 * 1:13638 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.VirusHeat (malware-cnc.rules)
 * 1:13777 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SysCleaner (malware-cnc.rules)
 * 1:12674 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iebar (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:12482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZOMBIES_HTTP_GET (malware-cnc.rules)
 * 1:12371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpamBlockerUtility (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:42020 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:5900 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:40251 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:42886 <-> ENABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:41441 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:40212 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:45051 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:44362 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:5988 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ZC-Bridge (malware-cnc.rules)
 * 1:41457 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:40869 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:42019 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:40081 <-> DISABLED <-> MALWARE-CNC User-Agent known PUA user-agent string - TopTools100 (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:41318 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:44213 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44886 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:41656 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:5808 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:40217 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40528 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40870 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:42831 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:40800 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:45230 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:40216 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:44889 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - WidgiToolbar (malware-cnc.rules)
 * 1:42454 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:40012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string DetoxCrypto2 (malware-cnc.rules)
 * 1:42830 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:40644 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:5789 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ActMon (malware-cnc.rules)
 * 1:44440 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:45229 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:43220 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:42832 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:40733 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:41539 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:39710 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string mozilla/2.0 (malware-cnc.rules)
 * 1:40643 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:44773 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:40782 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:39886 <-> ENABLED <-> MALWARE-CNC User-Agent known Adware user-agent string - Win.Adware.Prepscram (malware-cnc.rules)
 * 1:42838 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:44317 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:41403 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:44214 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:5992 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mirar_KeywordContentHijacker (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:44772 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:41456 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:39362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Batlopma (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:40066 <-> ENABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Fareit (malware-cnc.rules)