Talos Rules 2020-10-06
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the malware-cnc, malware-other, os-windows and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)

Modified Rules:


 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (snort3-malware-other.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (snort3-malware-cnc.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (snort3-malware-other.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (snort3-malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (snort3-os-windows.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (snort3-malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (snort3-malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (snort3-malware-other.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (snort3-malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (snort3-malware-cnc.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (snort3-malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (snort3-malware-other.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (snort3-malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (snort3-malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (snort3-malware-other.rules)
 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (snort3-malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (snort3-malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (snort3-malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (snort3-malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (snort3-malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (snort3-malware-other.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (snort3-malware-other.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (snort3-malware-cnc.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (snort3-malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (snort3-malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (snort3-malware-other.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (snort3-malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (snort3-malware-other.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (snort3-malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (snort3-malware-other.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (snort3-os-windows.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (snort3-malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (snort3-malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (snort3-malware-other.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (snort3-malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (snort3-malware-other.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (snort3-malware-other.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (snort3-malware-other.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (snort3-malware-other.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (snort3-malware-other.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (snort3-malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (snort3-malware-other.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (snort3-malware-other.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (snort3-malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (snort3-malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (snort3-malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (snort3-malware-other.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (snort3-malware-other.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (snort3-malware-other.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (snort3-malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (snort3-malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (snort3-malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (snort3-malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (snort3-server-webapp.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (snort3-malware-other.rules)
 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (snort3-malware-other.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (snort3-malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (snort3-malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (snort3-malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (snort3-malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (snort3-malware-other.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (snort3-malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (snort3-malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (snort3-malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (snort3-malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (snort3-malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (snort3-malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (snort3-malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (snort3-malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (snort3-malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (snort3-malware-cnc.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (snort3-malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (snort3-malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (snort3-malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (snort3-malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (snort3-malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (snort3-malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (snort3-malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (snort3-malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (snort3-malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (snort3-malware-cnc.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (snort3-malware-other.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (snort3-malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- snort3-malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (snort3-malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (snort3-malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (snort3-malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (snort3-malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (snort3-malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (snort3-malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (snort3-malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (snort3-malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (snort3-malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (snort3-malware-other.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (snort3-malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (snort3-malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (snort3-malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (snort3-malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (snort3-malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (snort3-malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (snort3-malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (snort3-malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (snort3-malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (snort3-malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (snort3-malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (snort3-malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (snort3-malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (snort3-malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (snort3-malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (snort3-malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (snort3-malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (snort3-malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (snort3-malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (snort3-malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (snort3-malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (snort3-malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (snort3-malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (snort3-malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (snort3-malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (snort3-malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (snort3-malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (snort3-malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (snort3-malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (snort3-malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (snort3-malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (snort3-malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (snort3-malware-cnc.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (snort3-malware-other.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (snort3-malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (snort3-malware-cnc.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (snort3-malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (snort3-malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (snort3-malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (snort3-malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (snort3-malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (snort3-malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (snort3-malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (snort3-malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (snort3-malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (snort3-malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (snort3-malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (snort3-malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (snort3-malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (snort3-malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (snort3-malware-other.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (snort3-malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (snort3-malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (snort3-malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (snort3-malware-cnc.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (snort3-malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (snort3-malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (snort3-malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (snort3-malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (snort3-malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (snort3-malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (snort3-malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (snort3-malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (snort3-malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (snort3-malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (snort3-malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (snort3-malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (snort3-malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (snort3-malware-cnc.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (snort3-malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (snort3-malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (snort3-malware-cnc.rules)
 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (snort3-malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (snort3-malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (snort3-malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (snort3-malware-other.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (snort3-malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (snort3-malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (snort3-malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (snort3-malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (snort3-malware-cnc.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (snort3-malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (snort3-malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (snort3-malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (snort3-malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (snort3-malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (snort3-malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (snort3-malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (snort3-malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (snort3-malware-other.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (snort3-malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (snort3-malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (snort3-malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (snort3-malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (snort3-malware-cnc.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (snort3-malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (snort3-malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (snort3-malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (snort3-malware-cnc.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (snort3-malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (snort3-malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (snort3-malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (snort3-malware-other.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (snort3-malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (snort3-malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (snort3-malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (snort3-malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (snort3-malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (snort3-malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (snort3-malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (snort3-malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (snort3-malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (snort3-malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (snort3-malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (snort3-malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (snort3-malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (snort3-malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (snort3-malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (snort3-malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (snort3-malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (snort3-malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (snort3-malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (snort3-malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (snort3-malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (snort3-malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (snort3-malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (snort3-malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (snort3-malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (snort3-malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (snort3-malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (snort3-malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (snort3-malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (snort3-malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (snort3-malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (snort3-malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (snort3-malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (snort3-malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (snort3-malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (snort3-malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (snort3-malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (snort3-malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (snort3-malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (snort3-malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (snort3-malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (snort3-malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (snort3-malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (snort3-malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (snort3-malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (snort3-malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (snort3-malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (snort3-malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (snort3-malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (snort3-malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (snort3-malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (snort3-malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (snort3-malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (snort3-malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (snort3-malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (snort3-malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (snort3-malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (snort3-malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (snort3-malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (snort3-malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (snort3-malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (snort3-malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (snort3-malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (snort3-malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (snort3-malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (snort3-malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (snort3-malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (snort3-malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (snort3-malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (snort3-malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (snort3-malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (snort3-malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (snort3-malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (snort3-malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (snort3-malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (snort3-malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (snort3-malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (snort3-malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (snort3-malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (snort3-malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (snort3-malware-cnc.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (snort3-malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (snort3-malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (snort3-malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (snort3-malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (snort3-malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (snort3-malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (snort3-malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (snort3-malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (snort3-malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (snort3-malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (snort3-malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (snort3-malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (snort3-malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (snort3-malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (snort3-malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (snort3-malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (snort3-malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (snort3-malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (snort3-malware-cnc.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (snort3-malware-other.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (snort3-malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (snort3-malware-cnc.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (snort3-malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (snort3-malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (snort3-malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (snort3-malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (snort3-malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (snort3-malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (snort3-malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (snort3-malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (snort3-malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (snort3-malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (snort3-malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (snort3-malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (snort3-malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (snort3-malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (snort3-malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (snort3-malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (snort3-malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (snort3-malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (snort3-malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (snort3-malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (snort3-malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (snort3-malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (snort3-malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (snort3-malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (snort3-malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (snort3-malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (snort3-malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (snort3-malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (snort3-malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (snort3-malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (snort3-malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (snort3-malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (snort3-malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (snort3-malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (snort3-malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (snort3-malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (snort3-malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (snort3-malware-other.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (snort3-malware-cnc.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (snort3-malware-other.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (snort3-malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (snort3-malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (snort3-malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (snort3-malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (snort3-malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (snort3-malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (snort3-malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (snort3-malware-cnc.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (snort3-malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (snort3-malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (snort3-malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (snort3-malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (snort3-malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (snort3-malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (snort3-malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (snort3-malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (snort3-malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (snort3-malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (snort3-malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (snort3-malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (snort3-malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (snort3-malware-cnc.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (snort3-malware-other.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (snort3-malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (snort3-malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (snort3-malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (snort3-malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (snort3-malware-cnc.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (snort3-malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (snort3-malware-cnc.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (snort3-malware-cnc.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (snort3-malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (snort3-malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (snort3-malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (snort3-malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (snort3-malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (snort3-malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (snort3-malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (snort3-malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (snort3-malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (snort3-malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (snort3-malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (snort3-malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (snort3-malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (snort3-malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (snort3-malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (snort3-malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (snort3-malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (snort3-malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (snort3-malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (snort3-malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (snort3-malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (snort3-malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (snort3-malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (snort3-malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (snort3-malware-cnc.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (snort3-malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (snort3-malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (snort3-malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (snort3-malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (snort3-malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (snort3-malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (snort3-malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (snort3-malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (snort3-malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (snort3-malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (snort3-malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (snort3-server-webapp.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (snort3-malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (snort3-malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (snort3-malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (snort3-malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (snort3-malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (snort3-malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (snort3-malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (snort3-malware-other.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (snort3-malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (snort3-malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (snort3-malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (snort3-malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (snort3-malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (snort3-malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (snort3-malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (snort3-malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (snort3-malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (snort3-malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (snort3-malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (snort3-malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (snort3-malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (snort3-malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (snort3-malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (snort3-malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (snort3-malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (snort3-malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (snort3-malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (snort3-malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (snort3-malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (snort3-malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (snort3-malware-cnc.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (snort3-malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (snort3-malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (snort3-malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (snort3-malware-cnc.rules)

2020-10-06 13:12:43 UTC

Snort Subscriber Rules Update

Date: 2020-10-06

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55886 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55900 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55912 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55883 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55882 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55899 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Razy-9772677-0 download attempt (malware-other.rules)
 * 1:55877 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55893 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55863 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55870 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55887 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55916 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55885 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9771263-0 download attempt (malware-other.rules)
 * 1:55872 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55873 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55876 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55910 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55920 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55871 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9770089-0 download attempt (malware-other.rules)
 * 1:55896 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55892 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55921 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55928 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55874 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9770097-0 download attempt (malware-other.rules)
 * 1:55918 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 1:55879 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55903 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55898 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55922 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55906 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55907 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55923 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Defender privilege escalation attempt (os-windows.rules)
 * 1:55869 <-> DISABLED <-> MALWARE-OTHER Win.Keylogger.Emotet-9769987-0 download attempt (malware-other.rules)
 * 1:55867 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55926 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant outbound connection (malware-cnc.rules)
 * 1:55895 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9772275-0 download attempt (malware-other.rules)
 * 1:55864 <-> DISABLED <-> MALWARE-OTHER Win.Virus.Ursnif-9769699-0 download attempt (malware-other.rules)
 * 1:55891 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Kovter-9771867-0 download attempt (malware-other.rules)
 * 1:55881 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Cerber-9770992-0 download attempt (malware-other.rules)
 * 1:55897 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Fakesysdef-9772554-0 download attempt (malware-other.rules)
 * 1:55901 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55894 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Vobfus-9771891-0 download attempt (malware-other.rules)
 * 1:55884 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Cutwail-9771166-0 download attempt (malware-other.rules)
 * 1:55865 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55905 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9773106-0 download attempt (malware-other.rules)
 * 1:55909 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773289-0 download attempt (malware-other.rules)
 * 1:55915 <-> DISABLED <-> MALWARE-OTHER PUA.Win.File.Neobar-9773833-0 download attempt (malware-other.rules)
 * 1:55904 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Sdyn-9772921-0 download attempt (malware-other.rules)
 * 1:55878 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Drolnux-9770173-0 download attempt (malware-other.rules)
 * 1:55902 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9772681-0 download attempt (malware-other.rules)
 * 1:55927 <-> ENABLED <-> MALWARE-CNC Win.Dropper.LemonDuck variant script download attempt (malware-cnc.rules)
 * 1:55868 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agzz8qk-9769774-0 download attempt (malware-other.rules)
 * 1:55890 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55914 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55913 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Ramnit-9773470-0 download attempt (malware-other.rules)
 * 1:55880 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9770611-0 download attempt (malware-other.rules)
 * 1:55911 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Battdil-9773282-0 download attempt (malware-other.rules)
 * 1:55889 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Browsefox-9771664-0 download attempt (malware-other.rules)
 * 1:55888 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Reveton-9771413-0 download attempt (malware-other.rules)
 * 1:55908 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Zbot-9773294-0 download attempt (malware-other.rules)
 * 1:55866 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Bulz-9769773-0 download attempt (malware-other.rules)
 * 1:55875 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Bdld-9770176-0 download attempt (malware-other.rules)
 * 1:55919 <-> DISABLED <-> SERVER-WEBAPP IBM Spectrum Protect Plus command injection attempt (server-webapp.rules)
 * 3:55924 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55925 <-> ENABLED <-> SERVER-OTHER Cisco Wireless LAN Controller CAPWAP denial of service attempt (server-other.rules)
 * 3:55917 <-> ENABLED <-> SERVER-WEBAPP TRUFFLEHUNTER TALOS-2020-1159 attack attempt (server-webapp.rules)

Modified Rules:


 * 1:6281 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - istsvc (malware-cnc.rules)
 * 1:25545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Printlove variant outbound connection (malware-cnc.rules)
 * 1:5970 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Feat2 Updater (malware-cnc.rules)
 * 1:25049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik.Kolilks variant outbound connection (malware-cnc.rules)
 * 1:10073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Macnsed variant outbound connection (malware-cnc.rules)
 * 1:10114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:6274 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Stubby (malware-cnc.rules)
 * 1:5978 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TM_SEARCH3 (malware-cnc.rules)
 * 1:7187 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:6197 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - smrtshpr-cs (malware-cnc.rules)
 * 1:22099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piroxcc variant outbound connection (malware-cnc.rules)
 * 1:6354 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ProxyDown (malware-cnc.rules)
 * 1:5954 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Browser Pal (malware-cnc.rules)
 * 1:16362 <-> DISABLED <-> MALWARE-CNC SpyForms malware call home (malware-cnc.rules)
 * 1:6341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spedia (malware-cnc.rules)
 * 1:7145 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - adfsgecoiwnf (malware-cnc.rules)
 * 1:7832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Navhelper (malware-cnc.rules)
 * 1:10066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:5913 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - My Agent (malware-cnc.rules)
 * 1:25098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:5909 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 2 (malware-other.rules)
 * 1:7511 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ed2k edonkey2000 runtime detection (malware-cnc.rules)
 * 1:5881 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - ftp delivery (malware-other.rules)
 * 1:5760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - OSSProxy (malware-cnc.rules)
 * 1:7540 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - http protocol (malware-cnc.rules)
 * 1:6394 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - CodeguruBrowser (malware-cnc.rules)
 * 1:25077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Halnine variant outbound connection (malware-cnc.rules)
 * 1:15165 <-> DISABLED <-> MALWARE-CNC Pushdo client communication (malware-cnc.rules)
 * 1:6198 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SQTR_VERIFY (malware-cnc.rules)
 * 1:9329 <-> DISABLED <-> MALWARE-CNC yarner.b smtp propagation detection (malware-cnc.rules)
 * 1:25093 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hacktool variant outbound connection (malware-cnc.rules)
 * 1:5774 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - FSW (malware-cnc.rules)
 * 1:25072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dulom variant outbound connection (malware-cnc.rules)
 * 1:5908 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - redirect affiliate site request 1 (malware-other.rules)
 * 1:23019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Flame malware (malware-cnc.rules)
 * 1:25011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:8357 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send alert out through email (malware-other.rules)
 * 1:24566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:22047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jokbot variant outbound connection (malware-cnc.rules)
 * 1:23244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:25021 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Azbreg variant outbound connection (malware-cnc.rules)
 * 1:23245 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf.CL variant outbound connection (malware-cnc.rules)
 * 1:25022 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dapato variant outbound connection (malware-cnc.rules)
 * 1:22059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:23262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:23307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper connect to server (malware-cnc.rules)
 * 1:9420 <-> DISABLED <-> MALWARE-OTHER korgo attempt (malware-other.rules)
 * 1:15730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:6364 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - iMeshBar (malware-cnc.rules)
 * 1:10113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm command and control propagation detected (malware-cnc.rules)
 * 1:6491 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - snprtzdialno (malware-cnc.rules)
 * 1:6270 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyBrowser (malware-cnc.rules)
 * 1:25030 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nevsyn variant outbound connection (malware-cnc.rules)
 * 1:10069 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:25054 <-> DISABLED <-> MALWARE-CNC ZeroAccess Clickserver callback (malware-cnc.rules)
 * 1:10068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:23332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dishigy variant outbound connection (malware-cnc.rules)
 * 1:22103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coswid.klk variant outbound connection (malware-cnc.rules)
 * 1:25023 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:23335 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:23342 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:15565 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:23382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:24631 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Lizard/1.0 (malware-cnc.rules)
 * 1:23057 <-> DISABLED <-> MALWARE-CNC Flame malware connection - /view.php (malware-cnc.rules)
 * 1:23394 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vbvoleur.a variant outbound connection (malware-cnc.rules)
 * 1:23467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mazben file download (malware-cnc.rules)
 * 1:23473 <-> DISABLED <-> MALWARE-CNC URI request for runforestrun - JS.Runfore (malware-cnc.rules)
 * 1:23242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.boxg connect to cnc server (malware-cnc.rules)
 * 1:25025 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Recslurp variant outbound connection (malware-cnc.rules)
 * 1:23493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23600 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamarue outbound connection (malware-cnc.rules)
 * 1:23615 <-> DISABLED <-> MALWARE-CNC ACAD.Medre.A variant outbound connection (malware-cnc.rules)
 * 1:23261 <-> DISABLED <-> MALWARE-CNC known command and control traffic - Pushbot (malware-cnc.rules)
 * 1:25026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Juasek variant outbound connection (malware-cnc.rules)
 * 1:23628 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pincav variant outbound connection (malware-cnc.rules)
 * 1:23633 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kegotip variant report to cnc-server (malware-cnc.rules)
 * 1:23635 <-> DISABLED <-> MALWARE-CNC Gozi trojan checkin (malware-cnc.rules)
 * 1:23334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader initial C&C checkin (malware-cnc.rules)
 * 1:25027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Opachki variant connect to cnc-server (malware-cnc.rules)
 * 1:23824 <-> DISABLED <-> MALWARE-CNC Gauss malware check-in (malware-cnc.rules)
 * 1:23893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DistTrack command and control traffic (malware-cnc.rules)
 * 1:5805 <-> DISABLED <-> MALWARE-OTHER Trackware myway speedbar runtime detection - switch engines (malware-other.rules)
 * 1:23903 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - you (malware-cnc.rules)
 * 1:24858 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quarian variant outbound connection - proxy connection (malware-cnc.rules)
 * 1:23391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hioles.C variant outbound connection (malware-cnc.rules)
 * 1:23942 <-> DISABLED <-> MALWARE-CNC Win.Trojan.C0D0SO0 variant outbound traffic (malware-cnc.rules)
 * 1:23945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor variant outbound connection (malware-cnc.rules)
 * 1:23946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor file download (malware-cnc.rules)
 * 1:25029 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:23492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess outbound connection (malware-cnc.rules)
 * 1:23972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:23978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hostposer variant outbound connection (malware-cnc.rules)
 * 1:23987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik.Kazy variant outbound connection (malware-cnc.rules)
 * 1:23627 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - PoisonIvy RAT (malware-cnc.rules)
 * 1:24111 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Post (malware-cnc.rules)
 * 1:24169 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:24185 <-> DISABLED <-> MALWARE-CNC Win.Work.Rokiwobi inbound command from C&C (malware-cnc.rules)
 * 1:23778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:24214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seveto variant outbound connection (malware-cnc.rules)
 * 1:24215 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:24216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Biloky variant outbound connection (malware-cnc.rules)
 * 1:25007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wealwedst variant outbound connection (malware-cnc.rules)
 * 1:23938 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ibabyfa.dldr variant outbound connection (malware-cnc.rules)
 * 1:24224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeroaccess variant outbound connection (malware-cnc.rules)
 * 1:24235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo initial infection variant outbound connection (malware-cnc.rules)
 * 1:24236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wuwo post infection variant outbound connection (malware-cnc.rules)
 * 1:23968 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crisis variant outbound connection (malware-cnc.rules)
 * 1:10071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:16269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - findzproportal1.com (malware-cnc.rules)
 * 1:25546 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:5986 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TeomaBar (malware-cnc.rules)
 * 1:7195 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - shprrprt-cs- (malware-cnc.rules)
 * 1:8355 <-> ENABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection (malware-other.rules)
 * 1:7572 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - DigExt (malware-cnc.rules)
 * 1:5880 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - smtp delivery (malware-other.rules)
 * 1:5824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Strip-Player (malware-cnc.rules)
 * 1:8356 <-> DISABLED <-> MALWARE-OTHER Keylogger spybuddy 3.72 runtime detection - send log out through email (malware-other.rules)
 * 1:7537 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Arrow Search (malware-cnc.rules)
 * 1:16459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.command and control communication (malware-cnc.rules)
 * 1:21983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant outbound connection (malware-cnc.rules)
 * 1:5800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWay (malware-cnc.rules)
 * 1:24534 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banbra variant outbound connection (malware-cnc.rules)
 * 1:15938 <-> DISABLED <-> MALWARE-CNC SubSeven client connection to server (malware-cnc.rules)
 * 1:21925 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent BOT/0.1 (malware-cnc.rules)
 * 1:24441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Testing (malware-cnc.rules)
 * 1:15563 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.server connection (malware-cnc.rules)
 * 1:24482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chif variant outbound connection (malware-cnc.rules)
 * 1:24563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Veli variant outbound connection (malware-cnc.rules)
 * 1:24568 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Mozilla/00 (malware-cnc.rules)
 * 1:24575 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Opera/9.61 (malware-cnc.rules)
 * 1:24630 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Klovbot variant outbound connection (malware-cnc.rules)
 * 1:24494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VaccinePC variant outbound connection (malware-cnc.rules)
 * 1:24633 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - test_hInternet (malware-cnc.rules)
 * 1:24634 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - vaccinepc (malware-cnc.rules)
 * 1:24504 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gnutler variant outbound connection (malware-cnc.rules)
 * 1:24885 <-> DISABLED <-> MALWARE-CNC Potential Banking Trojan Config File Download (malware-cnc.rules)
 * 1:24886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dorkbot variant outbound connection (malware-cnc.rules)
 * 1:24532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A inbound connection (malware-cnc.rules)
 * 1:25009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:24375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VB variant outbound connection (malware-cnc.rules)
 * 1:24381 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:25010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Perflog variant outbound connection (malware-cnc.rules)
 * 1:24382 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XBlocker outbound connection (malware-cnc.rules)
 * 1:24062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hufysk variant outbound connection (malware-cnc.rules)
 * 1:23103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik variant outbound connection (malware-cnc.rules)
 * 1:6363 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAcc (malware-cnc.rules)
 * 1:24442 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Alerter COM (malware-cnc.rules)
 * 1:7135 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - IEP (malware-cnc.rules)
 * 1:6366 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - eAnthMngr (malware-cnc.rules)
 * 1:7116 <-> DISABLED <-> MALWARE-CNC y3k 1.2 variant outbound connection icq notification (malware-cnc.rules)
 * 1:16489 <-> DISABLED <-> MALWARE-CNC Bobax botnet variant outbound connection (malware-cnc.rules)
 * 1:16493 <-> DISABLED <-> MALWARE-CNC TT-bot botnet variant outbound connection (malware-cnc.rules)
 * 1:16496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.hacktool variant outbound connection (malware-cnc.rules)
 * 1:16526 <-> DISABLED <-> MALWARE-CNC VanBot IRC communication (malware-cnc.rules)
 * 1:16527 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16528 <-> DISABLED <-> MALWARE-CNC Zbot malware config file download request (malware-cnc.rules)
 * 1:16669 <-> DISABLED <-> MALWARE-CNC Spyeye bot variant outbound connection (malware-cnc.rules)
 * 1:16670 <-> DISABLED <-> MALWARE-CNC Koobface worm executable download (malware-cnc.rules)
 * 1:16695 <-> DISABLED <-> MALWARE-CNC Rogue AV download/update (malware-cnc.rules)
 * 1:16485 <-> DISABLED <-> MALWARE-CNC Koobface request for captcha (malware-cnc.rules)
 * 1:10077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:16497 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Tear Application (malware-cnc.rules)
 * 1:16551 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - malware (malware-cnc.rules)
 * 1:16809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
 * 1:16810 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16811 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16812 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16817 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16820 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules)
 * 1:16822 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16824 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16826 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16827 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16832 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16833 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16924 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /inst.php?fff= (malware-cnc.rules)
 * 1:17235 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm download (malware-cnc.rules)
 * 1:17815 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - user display (malware-cnc.rules)
 * 1:17816 <-> DISABLED <-> MALWARE-CNC Thinkpoint fake antivirus - credit card submission (malware-cnc.rules)
 * 1:16816 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:18353 <-> DISABLED <-> MALWARE-CNC User-Agent request for known PUA user agent - SelectRebates (malware-cnc.rules)
 * 1:18388 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string RookIE/1.0 (malware-cnc.rules)
 * 1:18458 <-> DISABLED <-> MALWARE-CNC Night Dragon initial beacon (malware-cnc.rules)
 * 1:16823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules)
 * 1:18715 <-> DISABLED <-> MALWARE-CNC Ozdok botnet communication with C&C server (malware-cnc.rules)
 * 1:18934 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (Coreflood -- malware-cnc.rules)
 * 1:18939 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:16828 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules)
 * 1:19017 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19018 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19019 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:17234 <-> DISABLED <-> MALWARE-CNC VBMania mass mailing worm activity (malware-cnc.rules)
 * 1:19047 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - RCleanT (malware-cnc.rules)
 * 1:19052 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httpbot.qdc variant outbound connection (malware-cnc.rules)
 * 1:19053 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Nusump.A variant outbound connection (malware-cnc.rules)
 * 1:18247 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ErrCode - W32/Fujacks.htm (malware-cnc.rules)
 * 1:19056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19057 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQFish variant outbound connection (malware-cnc.rules)
 * 1:19058 <-> DISABLED <-> MALWARE-CNC Worm.Win32.Faketube update request (malware-cnc.rules)
 * 1:18459 <-> DISABLED <-> MALWARE-CNC Night Dragon keepalive message (malware-cnc.rules)
 * 1:19165 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Microsoft Internet Explorer (malware-cnc.rules)
 * 1:19175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent wget 3.0 (malware-cnc.rules)
 * 1:19328 <-> DISABLED <-> MALWARE-CNC PointGuide variant outbound connection (malware-cnc.rules)
 * 1:19016 <-> DISABLED <-> MALWARE-CNC MacBack Win.Trojan.variant outbound connection (malware-cnc.rules)
 * 1:19347 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poison.banr variant outbound connection (malware-cnc.rules)
 * 1:19348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader Win.Trojan.FraudLoad.emq variant outbound connection (malware-cnc.rules)
 * 1:19351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Clicker Win.Trojan.Hatigh.C variant outbound connection (malware-cnc.rules)
 * 1:25119 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - NewBrandTest (malware-cnc.rules)
 * 1:19038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jzzer.A variant outbound connection (malware-cnc.rules)
 * 1:25231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:19357 <-> DISABLED <-> MALWARE-CNC Win.Worm.Sohanad.ila variant outbound connection (malware-cnc.rules)
 * 1:19358 <-> DISABLED <-> MALWARE-CNC Win.Trojan.XYTvn.A variant outbound connection (malware-cnc.rules)
 * 1:25100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Njrat variant outbound connection (malware-cnc.rules)
 * 1:19429 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy Win.Trojan.Dosenjo.C variant outbound connection (malware-cnc.rules)
 * 1:25258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rombrast variant outbound connection (malware-cnc.rules)
 * 1:25271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buzus variant outbound connection (malware-cnc.rules)
 * 1:19055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gosik.A registration (malware-cnc.rules)
 * 1:19480 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string STORMDDOS - Backdoor.Win32.Inject.ctt (malware-cnc.rules)
 * 1:19482 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string ErrorFix (malware-cnc.rules)
 * 1:25245 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - me0hoi (malware-cnc.rules)
 * 1:25470 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LoDo variant outbound connection (malware-cnc.rules)
 * 1:19490 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koceg.B variant outbound connection (malware-cnc.rules)
 * 1:19164 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyEye variant outbound connection (malware-cnc.rules)
 * 1:25503 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit sba.cgi (malware-cnc.rules)
 * 1:19579 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Potao.A variant outbound connection (malware-cnc.rules)
 * 1:25399 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/wcx (malware-cnc.rules)
 * 1:19589 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string MacProtector (malware-cnc.rules)
 * 1:19590 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Savnut.B variant outbound connection (malware-cnc.rules)
 * 1:19339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper Win.Trojan.Agent.alda variant outbound connection (malware-cnc.rules)
 * 1:19623 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - vic.aspx?ver= (malware-cnc.rules)
 * 1:25241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetTrash variant outbound connection (malware-cnc.rules)
 * 1:25541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sigly variant outbound connection (malware-cnc.rules)
 * 1:19625 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - .sys.php?getexe= (malware-cnc.rules)
 * 1:19626 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /setup_b.asp?prj= (malware-cnc.rules)
 * 1:19353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.bkhu variant outbound connection (malware-cnc.rules)
 * 1:19628 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /1cup/script.php (malware-cnc.rules)
 * 1:25395 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/sk (malware-cnc.rules)
 * 1:19631 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - AnSSip= (malware-cnc.rules)
 * 1:19632 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/adduser.php?uid= (malware-cnc.rules)
 * 1:19435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmus.203 variant outbound connection (malware-cnc.rules)
 * 1:25530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:19635 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /app/?prj= (malware-cnc.rules)
 * 1:19636 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /blog/images/3521.jpg?v (malware-cnc.rules)
 * 1:19637 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /install.asp?mac= (malware-cnc.rules)
 * 1:19493 <-> DISABLED <-> MALWARE-CNC URI request for known malicious uri config.ini on 3322.org domain (malware-cnc.rules)
 * 1:19657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV variant traffic (malware-cnc.rules)
 * 1:19658 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MCnovogic.A variant outbound connection (malware-cnc.rules)
 * 1:19702 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zboter.E variant outbound connection (malware-cnc.rules)
 * 1:19622 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - pte.aspx?ver= (malware-cnc.rules)
 * 1:19704 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19705 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.grdm variant outbound connection (malware-cnc.rules)
 * 1:19706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.cer variant outbound connection (malware-cnc.rules)
 * 1:19627 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /r_autoidcnt.asp?mer_seq= (malware-cnc.rules)
 * 1:19712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:19722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poshtroper variant outbound connection (malware-cnc.rules)
 * 1:19723 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pherbot variant outbound connection (malware-cnc.rules)
 * 1:19633 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /VertexNet/tasks.php?uid= (malware-cnc.rules)
 * 1:19731 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkwebot variant outbound connection (malware-cnc.rules)
 * 1:19732 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Idicaf variant outbound connection (malware-cnc.rules)
 * 1:19756 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Opera/8.89 - P2P-Worm.Win32.Palevo.ddm (malware-cnc.rules)
 * 1:19638 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /kx4.txt (malware-cnc.rules)
 * 1:19765 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:19767 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Msposer.A variant outbound connection (malware-cnc.rules)
 * 1:19769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos outbound indicator (malware-cnc.rules)
 * 1:19703 <-> DISABLED <-> MALWARE-CNC Win.Worm.Dusta.br outbound connnection (malware-cnc.rules)
 * 1:19771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:19778 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /games/java_trust.php?f= (malware-cnc.rules)
 * 1:19801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tracur variant outbound connection (malware-cnc.rules)
 * 1:19711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:19882 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /160.rar - Win32/Morto.A (malware-cnc.rules)
 * 1:19912 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DelfInject.gen!X variant outbound connection (malware-cnc.rules)
 * 1:16391 <-> DISABLED <-> MALWARE-CNC Gozi Win.Trojan.connection to C&C (malware-cnc.rules)
 * 1:23104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:24491 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection (malware-cnc.rules)
 * 1:24211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xamtrav update protocol connection (malware-cnc.rules)
 * 1:24492 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24493 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:23109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lolbot variant outbound connection (malware-cnc.rules)
 * 1:24217 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:24495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vundo variant outbound connection (malware-cnc.rules)
 * 1:24361 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gozi.Prinimalka variant outbound connection (malware-cnc.rules)
 * 1:24514 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lucuis variant outbound connection (malware-cnc.rules)
 * 1:24523 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.MautoitRAT variant outbound connection (malware-cnc.rules)
 * 1:24531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scondatie.A variant outbound connection (malware-cnc.rules)
 * 1:10179 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - BysooTB (malware-cnc.rules)
 * 1:24439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Encriyoko variant outbound connection (malware-cnc.rules)
 * 1:24533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25024 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:10403 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duntek Checkin GET Request (malware-cnc.rules)
 * 1:15553 <-> DISABLED <-> MALWARE-CNC Sality virus HTTP GET request (malware-cnc.rules)
 * 1:25028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peed variant outbound connection (malware-cnc.rules)
 * 1:19913 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - optima/index.php (malware-cnc.rules)
 * 1:19730 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KukuBot variant outbound connection (malware-cnc.rules)
 * 1:19995 <-> DISABLED <-> MALWARE-CNC Waledac variant outbound connection (malware-cnc.rules)
 * 1:20009 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string Baby Remote - Win32/Babmote.A (malware-cnc.rules)
 * 1:20011 <-> DISABLED <-> MALWARE-CNC Briewots.A runtime traffic detected (malware-cnc.rules)
 * 1:19761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ftpharvxqq variant outbound connection (malware-cnc.rules)
 * 1:20080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Derusbi.A variant outbound connection (malware-cnc.rules)
 * 1:20081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Win32.Yakes.cbi variant outbound connection (malware-cnc.rules)
 * 1:20099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xtrat.A variant outbound connection (malware-cnc.rules)
 * 1:19770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yoddos variant outbound connection (malware-cnc.rules)
 * 1:20105 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - IPHONE (malware-cnc.rules)
 * 1:20106 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - darkness (malware-cnc.rules)
 * 1:20201 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - meterpreter (malware-cnc.rules)
 * 1:19864 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nvbpass variant outbound connection (malware-cnc.rules)
 * 1:20213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:20221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:20228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:19964 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:20230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 0pera 10 (malware-cnc.rules)
 * 1:20231 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Mozilla//4.0 (malware-cnc.rules)
 * 1:20232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:20012 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string feranet/0.4 - Win32/Ferabsa.A (malware-cnc.rules)
 * 1:20281 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20293 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MBVDFRESCT (malware-cnc.rules)
 * 1:20527 <-> DISABLED <-> MALWARE-CNC Sirefef initial C&C connection variant outbound connection (malware-cnc.rules)
 * 1:20104 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - InfoBot (malware-cnc.rules)
 * 1:20755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Krap variant outbound connection (malware-cnc.rules)
 * 1:20756 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jorik variant outbound connection (malware-cnc.rules)
 * 1:20759 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gbot.oce variant outbound connection (malware-cnc.rules)
 * 1:20202 <-> DISABLED <-> MALWARE-CNC Apple OSX.Revir-1 variant outbound connection (malware-cnc.rules)
 * 1:10074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:20763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-206 variant outbound connection (malware-cnc.rules)
 * 1:20837 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow.C runtime traffic detected (malware-cnc.rules)
 * 1:20927 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye-207 variant outbound connection (malware-cnc.rules)
 * 1:21175 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Win32 Amti (malware-cnc.rules)
 * 1:21188 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string API Guide test program (malware-cnc.rules)
 * 1:21206 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Aldi Bot (malware-cnc.rules)
 * 1:20280 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Flag (malware-cnc.rules)
 * 1:21230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Betad variant outbound connection (malware-cnc.rules)
 * 1:21239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:20754 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Virut-3 variant outbound connection (malware-cnc.rules)
 * 1:21241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater initial variant outbound connection (malware-cnc.rules)
 * 1:21242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21257 <-> DISABLED <-> MALWARE-CNC URI - known scanner tool muieblackcat (malware-cnc.rules)
 * 1:20762 <-> DISABLED <-> MALWARE-CNC MacOS.Flashback.A variant outbound connection (malware-cnc.rules)
 * 1:21278 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Google Bot (malware-cnc.rules)
 * 1:21306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyeye variant outbound connectivity check (malware-cnc.rules)
 * 1:21311 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:22937 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxyier variant outbound connection (malware-cnc.rules)
 * 1:16268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.tdss.1.gen install-time detection - yournewsblog.net (malware-cnc.rules)
 * 1:22939 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent RAbcLib (malware-cnc.rules)
 * 1:5808 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SAH Agent (malware-cnc.rules)
 * 1:24440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chiviper variant outbound connection (malware-cnc.rules)
 * 1:20229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jinchodz variant outbound connection (malware-cnc.rules)
 * 1:21047 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Sykipot C&C (malware-cnc.rules)
 * 1:21318 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FakeAV TDSS/PurpleHaze variant outbound connection - base64 encoded (malware-cnc.rules)
 * 1:21327 <-> DISABLED <-> MALWARE-CNC User-Agent ASafaWeb Scan (malware-cnc.rules)
 * 1:21380 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - QvodDown (malware-cnc.rules)
 * 1:21208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RShot.brw variant outbound connection (malware-cnc.rules)
 * 1:21426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scar variant outbound connection (malware-cnc.rules)
 * 1:21427 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Generic-24 variant outbound connection (malware-cnc.rules)
 * 1:21240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MsUpdater variant outbound connection (malware-cnc.rules)
 * 1:21434 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Mentor variant outbound connection (malware-cnc.rules)
 * 1:21435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mentor inbound connection - post infection (malware-cnc.rules)
 * 1:21436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Startpage variant outbound connection (malware-cnc.rules)
 * 1:21269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cycbot variant outbound connection (malware-cnc.rules)
 * 1:21441 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Delf variant outbound connection (malware-cnc.rules)
 * 1:21455 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string psi (malware-cnc.rules)
 * 1:21469 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string 1234567890 (malware-cnc.rules)
 * 1:21313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound connection (malware-cnc.rules)
 * 1:21476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent YZF (malware-cnc.rules)
 * 1:21525 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:21526 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent TCYWinHTTPDownload (malware-cnc.rules)
 * 1:21418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FareIt variant outbound connection (malware-cnc.rules)
 * 1:21547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kazy variant outbound connection (malware-cnc.rules)
 * 1:21548 <-> DISABLED <-> MALWARE-CNC Cutwail landing page connection (malware-cnc.rules)
 * 1:21551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BeeOne runtime traffic detected (malware-cnc.rules)
 * 1:21562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bredolab variant outbound connection (malware-cnc.rules)
 * 1:21563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Murofet variant outbound connection (malware-cnc.rules)
 * 1:21591 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent Gamevance tl_v (malware-cnc.rules)
 * 1:16484 <-> DISABLED <-> MALWARE-CNC Koobface variant outbound connection (malware-cnc.rules)
 * 1:21593 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:21622 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Georbot variant outbound connection (malware-cnc.rules)
 * 1:21475 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string core-project (malware-cnc.rules)
 * 1:21632 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:21636 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent gbot (malware-cnc.rules)
 * 1:21638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aluereon TDSS infection variant outbound connection (malware-cnc.rules)
 * 1:21538 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dofoil variant outbound payload request (malware-cnc.rules)
 * 1:21755 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21756 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21757 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:21552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kahn variant outbound connection (malware-cnc.rules)
 * 1:21760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Swisyn variant outbound connection (malware-cnc.rules)
 * 1:21852 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orsam variant outbound connection (malware-cnc.rules)
 * 1:21565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kelihos variant outbound connection (malware-cnc.rules)
 * 1:21910 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware user-agent (malware-cnc.rules)
 * 1:21911 <-> DISABLED <-> MALWARE-CNC Aldi variant outbound connection C&C checkin (malware-cnc.rules)
 * 1:21912 <-> DISABLED <-> MALWARE-CNC Aldi bot variant outbound connection user-agent (malware-cnc.rules)
 * 1:21631 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sinowal javascript delivery method (malware-cnc.rules)
 * 1:21945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Litmpuca.A variant outbound connection (malware-cnc.rules)
 * 1:21965 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent VB WININET (malware-cnc.rules)
 * 1:21639 <-> DISABLED <-> MALWARE-CNC User-Agent known Adware user agent mus - TDSS related (malware-cnc.rules)
 * 1:21984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BamCompiled variant inbound updates (malware-cnc.rules)
 * 1:22033 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:22034 <-> DISABLED <-> MALWARE-CNC Apple OSX Flashback malware variant outbound connection (malware-cnc.rules)
 * 1:21758 <-> DISABLED <-> MALWARE-CNC Apple OSX.Flashback variant outbound connection (malware-cnc.rules)
 * 1:22048 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus P2P outbound connection (malware-cnc.rules)
 * 1:22054 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Prorat variant outbound connection (malware-cnc.rules)
 * 1:22058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kbot variant outbound connection (malware-cnc.rules)
 * 1:21877 <-> DISABLED <-> MALWARE-CNC Apple OSX.Sabpub variant outbound connection (malware-cnc.rules)
 * 1:22060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fepgul variant outbound connection (malware-cnc.rules)
 * 1:9419 <-> DISABLED <-> MALWARE-OTHER sasser attempt (malware-other.rules)
 * 1:25050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:10075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:10076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:16368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hydraq variant outbound connection (malware-cnc.rules)
 * 1:16144 <-> DISABLED <-> MALWARE-CNC Bredolab bot variant outbound connection (malware-cnc.rules)
 * 1:11308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpyDawn (malware-cnc.rules)
 * 1:25108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxy.Agent variant outbound connection (malware-cnc.rules)
 * 1:25099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper.Daws variant outbound connection (malware-cnc.rules)
 * 1:25268 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IRCBot variant outbound connection (malware-cnc.rules)
 * 1:25074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:25448 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.Jinch variant outbound connection (malware-cnc.rules)
 * 1:25243 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - 04/XP (malware-cnc.rules)
 * 1:25544 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - ctwopop (malware-cnc.rules)
 * 1:25397 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/check (malware-cnc.rules)
 * 1:25372 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - wh (malware-cnc.rules)
 * 1:25229 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant inbound connection (malware-cnc.rules)
 * 1:25532 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25256 <-> DISABLED <-> MALWARE-CNC Win.Worm.Gamarue variant outbound connection (malware-cnc.rules)
 * 1:25511 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:25476 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent (malware-cnc.rules)
 * 1:25107 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess URI and Referer (malware-cnc.rules)
 * 1:25237 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firelog variant outbound connection (malware-cnc.rules)
 * 1:25242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Duapz variant outbound connection (malware-cnc.rules)
 * 1:25249 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Basutra variant outbound connection (malware-cnc.rules)
 * 1:25259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.BancosBanload variant outbound connection (malware-cnc.rules)
 * 1:25371 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ruskill variant outbound connection (malware-cnc.rules)
 * 1:25396 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/dllhost/ac (malware-cnc.rules)
 * 1:25400 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/win/cab (malware-cnc.rules)
 * 1:25471 <-> DISABLED <-> MALWARE-CNC Pushdo Spiral Traffic (malware-cnc.rules)
 * 1:25504 <-> DISABLED <-> MALWARE-CNC Necurs Rootkit op.cgi (malware-cnc.rules)
 * 1:25531 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25543 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader.VB variant outbound connection (malware-cnc.rules)
 * 1:10067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:5901 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - AdTools (malware-cnc.rules)
 * 1:55281 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Zegost-9753424-0 download attempt (malware-other.rules)
 * 1:6186 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SpywareStrike (malware-cnc.rules)
 * 1:55862 <-> ENABLED <-> SERVER-WEBAPP Microsoft SharePoint EntityInstanceIdEncoder remote code execution attempt (server-webapp.rules)
 * 1:5770 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Casino (malware-cnc.rules)
 * 1:25076 <-> DISABLED <-> MALWARE-CNC Win.Worm.Joanap variant variant outbound connection (malware-cnc.rules)
 * 1:25073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lowzone variant outbound connection (malware-cnc.rules)
 * 1:6362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MGS-Internal-Web-Manager (malware-cnc.rules)
 * 1:6357 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Need2Find (malware-cnc.rules)
 * 1:16289 <-> DISABLED <-> MALWARE-CNC Clob bot traffic (malware-cnc.rules)
 * 1:5857 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - MyWebSearchSearchAssistance (malware-cnc.rules)
 * 1:5838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - EI (malware-cnc.rules)
 * 1:5900 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Async HTTP Agent (malware-cnc.rules)
 * 1:25075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy variant outbound connection (malware-cnc.rules)
 * 1:5955 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Popup Stopper (malware-cnc.rules)
 * 1:25070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:15481 <-> DISABLED <-> MALWARE-CNC Zeus/Zbot malware config file download request (malware-cnc.rules)
 * 1:11313 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Spy-Locked (malware-cnc.rules)
 * 1:7582 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Pcast Live (malware-cnc.rules)
 * 1:7587 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - URLBlaze (malware-cnc.rules)
 * 1:25109 <-> DISABLED <-> MALWARE-CNC Autoit.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25269 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbound connection (malware-cnc.rules)
 * 1:25230 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Darkkomet variant outbound connection (malware-cnc.rules)
 * 1:25244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Menti variant inbound connection (malware-cnc.rules)
 * 1:25465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downloader variant outbound connection (malware-cnc.rules)
 * 1:25257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Skintrim variant outbound connection (malware-cnc.rules)
 * 1:25394 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/nt/th (malware-cnc.rules)
 * 1:25398 <-> DISABLED <-> MALWARE-CNC URI request for /cgi-bin/ms/flush (malware-cnc.rules)
 * 1:25477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:25529 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spy.Banker variant outbound connection (malware-cnc.rules)
 * 1:25533 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - al (malware-cnc.rules)
 * 1:9418 <-> DISABLED <-> MALWARE-CNC bagle.a http notification detection (malware-cnc.rules)
 * 1:15564 <-> DISABLED <-> MALWARE-CNC RSPlug Win.Trojan.file download (malware-cnc.rules)
 * 1:10070 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Peacomm smtp propagation detection (malware-cnc.rules)
 * 1:5907 <-> DISABLED <-> MALWARE-OTHER Trackware e2give runtime detection - check update (malware-other.rules)
 * 1:5882 <-> DISABLED <-> MALWARE-OTHER Keylogger spyagent runtime detect - alert notification (malware-other.rules)
 * 1:22100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Midhos variant outbound connection (malware-cnc.rules)