Talos Rules 2020-10-13
Talos is aware of vulnerabilities affecting products from Microsoft Corporation.

Microsoft Vulnerability CVE-2020-16896: A coding deficiency exists in Remote Desktop Protocol (RDP) that may lead to information disclosure.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 55994.

Microsoft Vulnerability CVE-2020-16898: A coding deficiency exists in Microsoft Windows TCP/IP that may lead to remote code execution.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 55984.

Microsoft Vulnerability CVE-2020-16899: A coding deficiency exists in Microsoft Windows TCP/IP that may lead to denial of service.

A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 55993.

Microsoft Vulnerability CVE-2020-16907: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55942 through 55943.

Microsoft Vulnerability CVE-2020-16913: A coding deficiency exists in Microsoft Win32k that may lead to an escalation of privilege.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55989 through 55990.

Microsoft Vulnerability CVE-2020-16915: A coding deficiency exists in Microsoft Media Foundation that may lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55979 through 55980.

Microsoft Vulnerability CVE-2020-16922: A coding deficiency exists in Microsoft Windows that may lead to spoofing.

Rules to detect attacks targeting these vulnerabilities are included in this release and are identified with GID 1, SIDs 55982 through 55983.

Talos also has added and modified multiple rules in the file-multimedia, file-other, malware-cnc, malware-other, os-windows, protocol-icmp and server-webapp rule sets to provide coverage for emerging threats from these technologies.

Change logs

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)

Modified Rules:


 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)

Modified Rules:


 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)

Modified Rules:


 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)

Modified Rules:


 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)

Modified Rules:


 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)

Modified Rules:


 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (protocol-icmp.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)

Modified Rules:


 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (snort3-os-windows.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (snort3-malware-other.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (snort3-malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (snort3-malware-other.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (snort3-malware-other.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (snort3-malware-other.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (snort3-malware-other.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (snort3-malware-other.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (snort3-malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (snort3-malware-other.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (snort3-malware-other.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (snort3-malware-other.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (snort3-os-windows.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (snort3-malware-other.rules)
 * 1:55984 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 stack remote execution attempt (snort3-protocol-icmp.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (snort3-os-windows.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (snort3-malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (snort3-malware-other.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (snort3-malware-other.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (snort3-malware-other.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (snort3-file-multimedia.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (snort3-malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (snort3-malware-other.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (snort3-malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (snort3-malware-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (snort3-malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (snort3-malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (snort3-malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (snort3-malware-other.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (snort3-malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (snort3-malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (snort3-malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (snort3-os-windows.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (snort3-malware-other.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (snort3-malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (snort3-malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (snort3-file-multimedia.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (snort3-os-windows.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (snort3-malware-other.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (snort3-protocol-icmp.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (snort3-malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (snort3-malware-other.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (snort3-malware-other.rules)
 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (snort3-os-windows.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (snort3-malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (snort3-malware-other.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (snort3-server-other.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (snort3-malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (snort3-malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (snort3-malware-other.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (snort3-malware-other.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (snort3-malware-other.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (snort3-malware-other.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (snort3-malware-other.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (snort3-server-webapp.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (snort3-malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (snort3-os-windows.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (snort3-malware-other.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (snort3-malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (snort3-malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (snort3-malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (snort3-malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (snort3-malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (snort3-malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (snort3-malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (snort3-malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (snort3-malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (snort3-malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (snort3-malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (snort3-malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (snort3-malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (snort3-malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (snort3-malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (snort3-malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (snort3-malware-cnc.rules)
 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (snort3-malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (snort3-malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (snort3-malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (snort3-malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (snort3-malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (snort3-malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (snort3-malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (snort3-malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (snort3-malware-cnc.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (snort3-malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (snort3-malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (snort3-malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (snort3-malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (snort3-malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (snort3-malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (snort3-malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (snort3-malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (snort3-malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (snort3-malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (snort3-malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (snort3-malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (snort3-malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (snort3-malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (snort3-malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (snort3-malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (snort3-malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (snort3-malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (snort3-malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (snort3-malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (snort3-malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (snort3-malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (snort3-malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (snort3-malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (snort3-malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (snort3-malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (snort3-malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (snort3-malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (snort3-malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (snort3-malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (snort3-malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (snort3-malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (snort3-malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (snort3-malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (snort3-malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (snort3-malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (snort3-malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (snort3-malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (snort3-malware-cnc.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (snort3-malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (snort3-malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (snort3-malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (snort3-malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (snort3-malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (snort3-malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (snort3-malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (snort3-malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (snort3-malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (snort3-malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (snort3-malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (snort3-malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (snort3-malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (snort3-malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (snort3-malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (snort3-malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (snort3-malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (snort3-malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (snort3-malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (snort3-malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (snort3-malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (snort3-malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (snort3-malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (snort3-malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (snort3-malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (snort3-malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (snort3-malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (snort3-malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (snort3-malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (snort3-malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (snort3-malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (snort3-malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (snort3-malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (snort3-malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (snort3-malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (snort3-malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (snort3-malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (snort3-malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (snort3-malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (snort3-malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (snort3-malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (snort3-malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (snort3-malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (snort3-malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (snort3-malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (snort3-malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (snort3-malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (snort3-malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (snort3-malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (snort3-malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (snort3-malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (snort3-malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (snort3-malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (snort3-malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (snort3-malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (snort3-malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (snort3-malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (snort3-malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (snort3-malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (snort3-malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (snort3-malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (snort3-malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (snort3-malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (snort3-malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (snort3-malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (snort3-malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (snort3-malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (snort3-malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (snort3-malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (snort3-malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (snort3-malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (snort3-malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (snort3-malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (snort3-malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (snort3-malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (snort3-malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (snort3-malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (snort3-malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (snort3-malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (snort3-malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (snort3-malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (snort3-malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (snort3-malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (snort3-malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (snort3-malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (snort3-malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (snort3-malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (snort3-malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (snort3-malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (snort3-malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (snort3-malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (snort3-malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (snort3-malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (snort3-malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (snort3-malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (snort3-malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (snort3-malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (snort3-malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (snort3-malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (snort3-malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (snort3-malware-other.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (snort3-malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (snort3-malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (snort3-malware-cnc.rules)
 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (snort3-malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (snort3-malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (snort3-malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (snort3-malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (snort3-malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (snort3-malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (snort3-malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (snort3-malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (snort3-malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (snort3-malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (snort3-malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (snort3-malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (snort3-malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (snort3-malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (snort3-malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (snort3-malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (snort3-malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (snort3-malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (snort3-malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (snort3-malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (snort3-malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (snort3-malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (snort3-malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (snort3-malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (snort3-malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (snort3-malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (snort3-malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (snort3-malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (snort3-malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (snort3-malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (snort3-malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (snort3-malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (snort3-malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (snort3-malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (snort3-malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (snort3-malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (snort3-malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (snort3-malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (snort3-malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (snort3-malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (snort3-malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (snort3-malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (snort3-malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (snort3-malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (snort3-malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (snort3-malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (snort3-malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (snort3-malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (snort3-malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (snort3-malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (snort3-malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (snort3-malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (snort3-malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (snort3-malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (snort3-malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (snort3-malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (snort3-malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (snort3-malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (snort3-malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (snort3-malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (snort3-malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (snort3-malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (snort3-malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (snort3-malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (snort3-malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (snort3-malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (snort3-malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (snort3-malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (snort3-malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (snort3-malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (snort3-malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (snort3-malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (snort3-malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (snort3-malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (snort3-malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (snort3-malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (snort3-malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (snort3-malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (snort3-malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (snort3-malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (snort3-malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (snort3-malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (snort3-malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (snort3-malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (snort3-malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (snort3-malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (snort3-malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (snort3-malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (snort3-malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (snort3-malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (snort3-malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (snort3-malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (snort3-malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (snort3-malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (snort3-malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (snort3-malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (snort3-malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (snort3-malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (snort3-malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (snort3-malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (snort3-malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (snort3-malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (snort3-malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (snort3-malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (snort3-malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (snort3-malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (snort3-malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (snort3-malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (snort3-malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (snort3-malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (snort3-malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (snort3-malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (snort3-malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (snort3-malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (snort3-malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (snort3-malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (snort3-malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (snort3-malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (snort3-malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (snort3-malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (snort3-malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (snort3-malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (snort3-malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (snort3-malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (snort3-malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (snort3-malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (snort3-malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (snort3-malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (snort3-malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (snort3-malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (snort3-malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (snort3-malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (snort3-malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (snort3-malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (snort3-malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (snort3-malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (snort3-malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (snort3-malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (snort3-malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (snort3-malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (snort3-malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (snort3-malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (snort3-malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (snort3-malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (snort3-malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (snort3-malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (snort3-malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (snort3-malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (snort3-malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (snort3-malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (snort3-malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (snort3-malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (snort3-malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (snort3-malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (snort3-malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (snort3-malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (snort3-malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (snort3-malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (snort3-malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (snort3-malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (snort3-malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (snort3-malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (snort3-malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (snort3-malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (snort3-malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (snort3-malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (snort3-malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (snort3-malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (snort3-malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (snort3-malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (snort3-malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (snort3-malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (snort3-malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (snort3-malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (snort3-malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (snort3-malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (snort3-malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (snort3-malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (snort3-malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (snort3-malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (snort3-malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (snort3-malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (snort3-malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (snort3-malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (snort3-malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (snort3-malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (snort3-malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (snort3-malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (snort3-malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (snort3-malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (snort3-malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (snort3-malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (snort3-malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (snort3-malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (snort3-malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (snort3-malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (snort3-malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (snort3-malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (snort3-malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (snort3-malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (snort3-malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (snort3-malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (snort3-malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (snort3-malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (snort3-malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (snort3-malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (snort3-malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (snort3-malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (snort3-malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (snort3-malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (snort3-malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (snort3-malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (snort3-malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (snort3-malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (snort3-malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (snort3-malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (snort3-malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (snort3-malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (snort3-malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (snort3-malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (snort3-malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (snort3-malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (snort3-malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (snort3-malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (snort3-malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (snort3-malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (snort3-malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (snort3-malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (snort3-malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (snort3-malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (snort3-malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (snort3-malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (snort3-malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (snort3-malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (snort3-malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (snort3-malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (snort3-malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (snort3-malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (snort3-malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (snort3-malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (snort3-malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (snort3-malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (snort3-malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (snort3-malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (snort3-malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (snort3-malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (snort3-malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (snort3-malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (snort3-malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (snort3-malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (snort3-malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (snort3-malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (snort3-malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (snort3-malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (snort3-malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (snort3-malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (snort3-malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (snort3-malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (snort3-malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (snort3-malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (snort3-malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (snort3-malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (snort3-malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (snort3-malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (snort3-malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (snort3-malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (snort3-malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (snort3-malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (snort3-malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (snort3-malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (snort3-malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (snort3-malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (snort3-malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (snort3-malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (snort3-malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (snort3-malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (snort3-malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (snort3-malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (snort3-malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (snort3-malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (snort3-malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (snort3-malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (snort3-malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (snort3-malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (snort3-malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (snort3-malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (snort3-malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (snort3-malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (snort3-malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (snort3-malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (snort3-malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (snort3-malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (snort3-malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (snort3-malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (snort3-malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (snort3-malware-cnc.rules)

2020-10-13 18:43:05 UTC

Snort Subscriber Rules Update

Date: 2020-10-13

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:55989 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55998 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55936 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55966 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55941 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55934 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55990 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k kernel driver privilege escalation attempt (os-windows.rules)
 * 1:55938 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55946 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55939 <-> DISABLED <-> MALWARE-OTHER Win.Tool.Shadowbrokers-9775051-0 download attempt (malware-other.rules)
 * 1:55955 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55976 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55996 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55945 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55951 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55959 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55971 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55958 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Scar-9776391-0 download attempt (malware-other.rules)
 * 1:55972 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55960 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55952 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55944 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Buzus-9775511-0 download attempt (malware-other.rules)
 * 1:55961 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Zbot-9776404-0 download attempt (malware-other.rules)
 * 1:55942 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55965 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55969 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55947 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775571-0 download attempt (malware-other.rules)
 * 1:55993 <-> ENABLED <-> PROTOCOL-ICMP Microsoft Windows IPv6 DNSSL option record denial of service attempt (protocol-icmp.rules)
 * 1:55978 <-> DISABLED <-> SERVER-OTHER Apache OFBiz XMLRPC deserialization attempt (server-other.rules)
 * 1:55995 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Dotdo-9777352-0 download attempt (malware-other.rules)
 * 1:55973 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Gamarue-9776559-0 download attempt (malware-other.rules)
 * 1:55974 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 1:55950 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Opencandy-9775689-0 download attempt (malware-other.rules)
 * 1:55968 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776422-0 download attempt (malware-other.rules)
 * 1:55981 <-> DISABLED <-> SERVER-WEBAPP D-Link Central WiFi Manager CWM 100 command injection attempt (server-webapp.rules)
 * 1:55948 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55943 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Win32k driver privilege escalation attempt (os-windows.rules)
 * 1:55982 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55954 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Zusy-9776100-0 download attempt (malware-other.rules)
 * 1:55997 <-> DISABLED <-> MALWARE-OTHER Win.Worm.Beebone-9777703-0 download attempt (malware-other.rules)
 * 1:55963 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55935 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Ulise-9774716-0 download attempt (malware-other.rules)
 * 1:55949 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Ramnit-9775593-0 download attempt (malware-other.rules)
 * 1:55956 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55994 <-> DISABLED <-> OS-WINDOWS Microsoft Windows Remote Desktop information disclosure attempt (os-windows.rules)
 * 1:55980 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55957 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776340-0 download attempt (malware-other.rules)
 * 1:55940 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9775385-0 download attempt (malware-other.rules)
 * 1:55964 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9776419-0 download attempt (malware-other.rules)
 * 1:55970 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776543-0 download attempt (malware-other.rules)
 * 1:55979 <-> ENABLED <-> FILE-MULTIMEDIA Microsoft Windows Media Foundation memory corruption attempt (file-multimedia.rules)
 * 1:55977 <-> DISABLED <-> MALWARE-OTHER Win.Downloader.Upatre-9776833-0 download attempt (malware-other.rules)
 * 1:55967 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Addlyrics-9776406-0 download attempt (malware-other.rules)
 * 1:55937 <-> DISABLED <-> MALWARE-OTHER PUA.Win.Adware.Perion-9775059-0 download attempt (malware-other.rules)
 * 1:55962 <-> DISABLED <-> MALWARE-OTHER Win.Ransomware.Upatre-9776436-0 download attempt (malware-other.rules)
 * 1:55953 <-> DISABLED <-> MALWARE-OTHER Win.Trojan.Generic-9775770-0 download attempt (malware-other.rules)
 * 1:55983 <-> DISABLED <-> OS-WINDOWS Microsoft Windows digital signature spoofing attempt (os-windows.rules)
 * 1:55975 <-> DISABLED <-> MALWARE-OTHER Win.Packed.Clipbanker-9776642-0 download attempt (malware-other.rules)
 * 3:55987 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55985 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55991 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)
 * 3:55986 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1161 attack attempt (file-other.rules)
 * 3:55988 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1162 attack attempt (file-other.rules)
 * 3:55992 <-> ENABLED <-> FILE-OTHER TRUFFLEHUNTER TALOS-2020-1163 attack attempt (file-other.rules)

Modified Rules:


 * 1:31452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:31458 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SDBot variant outbound connection (malware-cnc.rules)
 * 1:31768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ecsudown outbound connection (malware-cnc.rules)
 * 1:31641 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31772 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cridex variant outbound connection (malware-cnc.rules)
 * 1:31221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT variant outbound connection (malware-cnc.rules)
 * 1:31224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptor outbound connection (malware-cnc.rules)
 * 1:31605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READY command to client (malware-cnc.rules)
 * 1:31442 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Injector variant outbound connection (malware-cnc.rules)
 * 1:31680 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tirabot variant outbound connection (malware-cnc.rules)
 * 1:31359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Httneilc variant outbound connection (malware-cnc.rules)
 * 1:31533 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Xolominer malicious user detected (malware-cnc.rules)
 * 1:31168 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Guise outbound connection (malware-cnc.rules)
 * 1:31288 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Bladabindi variant outbound download request (malware-cnc.rules)
 * 1:31543 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 7.0 na - Win.Trojan.Koobface (malware-cnc.rules)
 * 1:31315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MSIL variant outbound connection (malware-cnc.rules)
 * 1:29044 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:31228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Soraya variant initial outbound connection (malware-cnc.rules)
 * 1:48791 <-> ENABLED <-> MALWARE-CNC Vbs.Trojan.Agent inbound payload download (malware-cnc.rules)
 * 1:31147 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zadnilay variant outbound connection (malware-cnc.rules)
 * 1:31808 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IptabLex outbound connection (malware-cnc.rules)
 * 1:51554 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:31150 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent DefaultBotPassword - Win.Trojan.Tirabot (malware-cnc.rules)
 * 1:31813 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expiro outbound connection (malware-cnc.rules)
 * 1:31254 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HAVEX-RAT inbound connection to infected host (malware-cnc.rules)
 * 1:31805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dizk variant outbound connection (malware-cnc.rules)
 * 1:31174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sapart variant outbound connection (malware-cnc.rules)
 * 1:31345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mcdravsm variant outbound connection (malware-cnc.rules)
 * 1:31183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bankeiya outbound connection (malware-cnc.rules)
 * 1:31135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deedevil variant outbound connection (malware-cnc.rules)
 * 1:31453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChoHeap variant outbound connection (malware-cnc.rules)
 * 1:47898 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:31755 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miras variant outbound connection (malware-cnc.rules)
 * 1:31344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Levyatan variant outbound connection (malware-cnc.rules)
 * 1:31314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Daikou variant outbound connection (malware-cnc.rules)
 * 1:31272 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin outbound command request attempt (malware-cnc.rules)
 * 1:31717 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SoftPulse variant outbound connection (malware-cnc.rules)
 * 1:31722 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Waski variant outbound connection (malware-cnc.rules)
 * 1:31418 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Subla variant outbound connection (malware-cnc.rules)
 * 1:31262 <-> DISABLED <-> MALWARE-CNC Win.Worm.VBNA variant outbound connection (malware-cnc.rules)
 * 1:31604 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server READD command to client (malware-cnc.rules)
 * 1:31316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound connection (malware-cnc.rules)
 * 1:31467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:31240 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Utishaf variant outbound connection (malware-cnc.rules)
 * 1:31328 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rofin variant outbound connection (malware-cnc.rules)
 * 1:29077 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Platidium variant outbound connection (malware-cnc.rules)
 * 1:31530 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:50520 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:31642 <-> DISABLED <-> MALWARE-CNC Win.Tinybanker variant outbound connection (malware-cnc.rules)
 * 1:31424 <-> DISABLED <-> MALWARE-CNC Kegis.A outbound connection (malware-cnc.rules)
 * 1:31712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31241 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dosoloid variant outbound connection (malware-cnc.rules)
 * 1:31547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:31295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:48871 <-> ENABLED <-> MALWARE-OTHER Win.Trojan.Mimikatz inbound payload download (malware-other.rules)
 * 1:50521 <-> ENABLED <-> MALWARE-CNC Doc.Malware.HWPRokrat variant outbound connection (malware-cnc.rules)
 * 1:28977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - User-Agent Missing Bracket (malware-cnc.rules)
 * 1:31607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba client response/authenticate to C&C server (malware-cnc.rules)
 * 1:31132 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall outbound connection (malware-cnc.rules)
 * 1:31236 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hidead outbound connection (malware-cnc.rules)
 * 1:31681 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur download attempt (malware-cnc.rules)
 * 1:31564 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke FTP data exfiltration (malware-cnc.rules)
 * 1:28982 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot requesting URL through IRC (malware-cnc.rules)
 * 1:28994 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:28983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:31136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeroAccess inbound connection (malware-cnc.rules)
 * 1:28987 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31507 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HW32 variant spam attempt (malware-cnc.rules)
 * 1:31222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:31307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:31271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin information disclosure attempt (malware-cnc.rules)
 * 1:31606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba payload download request (malware-cnc.rules)
 * 1:31586 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backoff initial outbound connection (malware-cnc.rules)
 * 1:31225 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent rome0321 - Win.Trojan.Soraya (malware-cnc.rules)
 * 1:31144 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant inbound backdoor keep-alive (malware-cnc.rules)
 * 1:28976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.DF - Data Exfiltration (malware-cnc.rules)
 * 1:31718 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Critroni outbound connection (malware-cnc.rules)
 * 1:31672 <-> DISABLED <-> MALWARE-CNC Inbound command to php based DoS bot (malware-cnc.rules)
 * 1:31465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadeki variant outbound connection (malware-cnc.rules)
 * 1:48148 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:31235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant outbound connection (malware-cnc.rules)
 * 1:50201 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Remexi variant outbound connection (malware-cnc.rules)
 * 1:31806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:31218 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dyre publickey outbound connection (malware-cnc.rules)
 * 1:31693 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection (malware-cnc.rules)
 * 1:31683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Badur variant outbound connection (malware-cnc.rules)
 * 1:31691 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kronos variant outbound connection (malware-cnc.rules)
 * 1:29076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Epixed variant outbound connection (malware-cnc.rules)
 * 1:31449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall downloader attempt (malware-cnc.rules)
 * 1:31417 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent blacksun - Win.Trojan.Blacksun (malware-cnc.rules)
 * 1:31273 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vectecoin coin mining program download attempt (malware-cnc.rules)
 * 1:31346 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ajtonj variant outbound connection (malware-cnc.rules)
 * 1:31713 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31714 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm Click Fraud Request (malware-cnc.rules)
 * 1:31142 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloft variant outbound connection (malware-cnc.rules)
 * 1:29071 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wcvalep variant outbound connection (malware-cnc.rules)
 * 1:47899 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:29074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant outbound connection (malware-cnc.rules)
 * 1:31234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nuckam variant inbound connection (malware-cnc.rules)
 * 1:31260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Andromeda HTTP proxy response attempt (malware-cnc.rules)
 * 1:47900 <-> ENABLED <-> MALWARE-CNC Win.Trojan.OilRig variant outbound connection (malware-cnc.rules)
 * 1:31669 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter variant outbound connection (malware-cnc.rules)
 * 1:31343 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mecklow variant outbound connection system information disclosure (malware-cnc.rules)
 * 1:51309 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Pistacchietto variant outbound connection (malware-cnc.rules)
 * 1:28984 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot executable download (malware-cnc.rules)
 * 1:51553 <-> ENABLED <-> MALWARE-CNC Win.Malware.Divergent variant outbound connection (malware-cnc.rules)
 * 1:29073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Maetdik variant initial outbound connection (malware-cnc.rules)
 * 1:31557 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Mozilla/5.0 - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:31124 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyrtomsop outbound connection (malware-cnc.rules)
 * 1:29058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29039 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant outbound connection (malware-cnc.rules)
 * 1:31593 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.SMSSend outbound connection (malware-cnc.rules)
 * 1:31131 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Petun variant outbound connection (malware-cnc.rules)
 * 1:31706 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korgapam outbound connection (malware-cnc.rules)
 * 1:31603 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba C&C server HELLO request to client (malware-cnc.rules)
 * 1:31545 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Elpapok outbound connection (malware-cnc.rules)
 * 1:31171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CosmicDuke HTTP data exfiltration attempt (malware-cnc.rules)
 * 1:31544 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Koobface variant outbound connection (malware-cnc.rules)
 * 1:31172 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:31355 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo outbound connection (malware-cnc.rules)
 * 1:31290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vextstl outbound connection (malware-cnc.rules)
 * 1:31748 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qulkonwi outbound connection (malware-cnc.rules)
 * 1:31306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Toumlec variant outbound connection (malware-cnc.rules)
 * 1:28988 <-> DISABLED <-> MALWARE-CNC Win.Worm.Steckt IRCbot variant outbound connection (malware-cnc.rules)
 * 1:31649 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Papras variant outbound connection (malware-cnc.rules)
 * 1:28996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bunitu variant outbound connection (malware-cnc.rules)
 * 1:31715 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ragua variant outbound connection (malware-cnc.rules)
 * 1:31688 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Downloader 1.8 - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:29075 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Firefly outbound communcation (malware-cnc.rules)
 * 1:31459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaktinier outbound connection (malware-cnc.rules)
 * 1:31173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scarpnex variant outbound connection (malware-cnc.rules)
 * 1:29081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Budir initial variant outbound connection (malware-cnc.rules)
 * 1:29082 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ldmon variant outbound connection (malware-cnc.rules)
 * 1:29087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kboy variant outbound connection (malware-cnc.rules)
 * 1:29091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Choxy variant outbound connection (malware-cnc.rules)
 * 1:29095 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fotip FTP file upload variant outbound connection (malware-cnc.rules)
 * 1:29103 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Korhigh variant outbound connection (malware-cnc.rules)
 * 1:29104 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iniptad variant outbound connection (malware-cnc.rules)
 * 1:48147 <-> ENABLED <-> MALWARE-CNC Win.Worm.Redhip variant outbound connection (malware-cnc.rules)
 * 1:29108 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SixMuch variant outbound connection (malware-cnc.rules)
 * 1:31548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yakes variant inbound connection (malware-cnc.rules)
 * 1:29038 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shiz variant initial outbound connection (malware-cnc.rules)
 * 1:29109 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drafukey variant outbound connection (malware-cnc.rules)
 * 1:29113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Conrec variant outbound connection (malware-cnc.rules)
 * 1:29114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sotark variant outbound connection (malware-cnc.rules)
 * 1:29115 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alset variant outbound connection (malware-cnc.rules)
 * 1:31244 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29045 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lorask variant outbound connection (malware-cnc.rules)
 * 1:31744 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eratoma outbound connection (malware-cnc.rules)
 * 1:29068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tapazom variant outbound connection (malware-cnc.rules)
 * 1:29117 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyaui variant outbound connection (malware-cnc.rules)
 * 1:29125 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Valden variant outbound connection (malware-cnc.rules)
 * 1:29127 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:31223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection (malware-cnc.rules)
 * 1:29133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Goobraz variant outbound connection (malware-cnc.rules)
 * 1:29135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bfddos variant outbound connection (malware-cnc.rules)
 * 1:29136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neos variant outbound connection (malware-cnc.rules)
 * 1:29056 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Descrantol variant outbound connection (malware-cnc.rules)
 * 1:29138 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mojap variant outbound connection (malware-cnc.rules)
 * 1:31319 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zediv outbound connection (malware-cnc.rules)
 * 1:31145 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyrat variant outbound backdoor response (malware-cnc.rules)
 * 1:29139 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string HTTP 1.1 - Win.Trojan.Tapslix (malware-cnc.rules)
 * 1:31644 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Scarelocker outbound connection (malware-cnc.rules)
 * 1:28990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qakbot connection to cnc server (malware-cnc.rules)
 * 1:31689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29057 <-> DISABLED <-> MALWARE-CNC Installation Win.Trojan.Umberial variant outbound connection (malware-cnc.rules)
 * 1:29140 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tearspear variant outbound connection (malware-cnc.rules)
 * 1:29011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dotconta variant outbound connection (malware-cnc.rules)
 * 1:29016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cordmix variant outbound connection (malware-cnc.rules)
 * 1:29026 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Limlspy variant outbound connection (malware-cnc.rules)
 * 1:29079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Inftob variant outbound connection (malware-cnc.rules)
 * 1:29031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant inbound connection (malware-cnc.rules)
 * 1:31258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Destoplug variant outbound connection (malware-cnc.rules)
 * 1:29143 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent - Win.Trojan.Secciv (malware-cnc.rules)
 * 1:29146 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RansomCrypt variant outbound connection (malware-cnc.rules)
 * 1:29148 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Huxerox variant outbound connection (malware-cnc.rules)
 * 1:31317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Orbot variant outbound connection (malware-cnc.rules)
 * 1:29149 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Janicab outbound connection (malware-cnc.rules)
 * 1:29150 <-> DISABLED <-> MALWARE-CNC User-Agent suspicious user-agent WarpHTTP - Win.Trojan.Yohakest (malware-cnc.rules)
 * 1:29152 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29153 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant file upload outbound connection (malware-cnc.rules)
 * 1:29154 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Yohakest variant followup outbound connection (malware-cnc.rules)
 * 1:29155 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vwealer outbound connection (malware-cnc.rules)
 * 1:29174 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string fortis (malware-cnc.rules)
 * 1:29175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sitrof variant outbound connection (malware-cnc.rules)
 * 1:29176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retsaw variant outbound connection (malware-cnc.rules)
 * 1:29179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenad variant outbound connection (malware-cnc.rules)
 * 1:28995 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Backdoor Remote Shell Server download (malware-cnc.rules)
 * 1:31807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nighthunter data exfiltration attempt (malware-cnc.rules)
 * 1:28986 <-> DISABLED <-> MALWARE-CNC Win.Worm.Neeris IRCbot variant outbound connection (malware-cnc.rules)
 * 1:29180 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Update1.0 - Win.Trojan.Downbini (malware-cnc.rules)
 * 1:29216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:29220 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:29259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29260 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29261 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dropper variant outbound connection (malware-cnc.rules)
 * 1:29289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kmnokay outbound connection (malware-cnc.rules)
 * 1:29291 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stitur variant outbound connection (malware-cnc.rules)
 * 1:29292 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant outbound connection (malware-cnc.rules)
 * 1:29293 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chulastran variant initial version check outbound connection (malware-cnc.rules)
 * 1:29294 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant outbound connection (malware-cnc.rules)
 * 1:29295 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boda variant initial outbound connection (malware-cnc.rules)
 * 1:29299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nineblog variant outbound connection (malware-cnc.rules)
 * 1:29300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant inbound connection (malware-cnc.rules)
 * 1:29301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mizzmo variant outbound connection (malware-cnc.rules)
 * 1:29302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diswenshow outbound connection (malware-cnc.rules)
 * 1:29304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verbscut variant outbound connection (malware-cnc.rules)
 * 1:29306 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popyerd variant outbound connection (malware-cnc.rules)
 * 1:29307 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fraxytime outbound connection (malware-cnc.rules)
 * 1:29313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proxydown variant connection (malware-cnc.rules)
 * 1:29324 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vivia variant outbound connection (malware-cnc.rules)
 * 1:29325 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsamaz outbound connection (malware-cnc.rules)
 * 1:29330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Piedacon variant outbound connection (malware-cnc.rules)
 * 1:29331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using modem (malware-cnc.rules)
 * 1:29332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using lan (malware-cnc.rules)
 * 1:29333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using proxy server (malware-cnc.rules)
 * 1:29334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Aokaspid outbound connection using other (malware-cnc.rules)
 * 1:29335 <-> DISABLED <-> MALWARE-CNC OSX.Trojan.CallMe variant outbound connection (malware-cnc.rules)
 * 1:29337 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:29339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kishop variant initial runtime outbound connection (malware-cnc.rules)
 * 1:29340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Plusau outbound connection (malware-cnc.rules)
 * 1:29341 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent string CustomSpy - Win.Trojan.Etek (malware-cnc.rules)
 * 1:29344 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29345 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dondat variant outbound connection (malware-cnc.rules)
 * 1:29348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chifan variant outbound connection (malware-cnc.rules)
 * 1:29349 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zusy variant outbound connection (malware-cnc.rules)
 * 1:29351 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulilit variant outbound connection (malware-cnc.rules)
 * 1:29352 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Typdec variant outbound connection (malware-cnc.rules)
 * 1:29353 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeagle outbound connection (malware-cnc.rules)
 * 1:29356 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cidox variant outbound connection (malware-cnc.rules)
 * 1:29358 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mowfote (malware-cnc.rules)
 * 1:29359 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mowfote variant initial outbound connection (malware-cnc.rules)
 * 1:29363 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pacbootini variant outbound connection (malware-cnc.rules)
 * 1:29367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant outbound connection (malware-cnc.rules)
 * 1:29368 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boato variant followup outbound connection (malware-cnc.rules)
 * 1:29370 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent.ADJI variant outbound connection (malware-cnc.rules)
 * 1:29371 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Dluca (malware-cnc.rules)
 * 1:29376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryptoLocker.B connection test (malware-cnc.rules)
 * 1:29389 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alusins variant outbound connection (malware-cnc.rules)
 * 1:29408 <-> DISABLED <-> MALWARE-CNC JAVAFOG Java malware backdoor connection to cnc server (malware-cnc.rules)
 * 1:29416 <-> DISABLED <-> MALWARE-CNC Win.Trojan.vSkimmer outbound connection (malware-cnc.rules)
 * 1:29417 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Solimba download attempt (malware-cnc.rules)
 * 1:29420 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reedum BlackPoS outbound FTP connection (malware-cnc.rules)
 * 1:29422 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rhubot variant outbound connection (malware-cnc.rules)
 * 1:29423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MaxerDDos variant connection (malware-cnc.rules)
 * 1:29424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dldr variant outbound connection (malware-cnc.rules)
 * 1:29426 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Etomertg variant outbound connection (malware-cnc.rules)
 * 1:29428 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zatincel variant outbound connection (malware-cnc.rules)
 * 1:29430 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Icefog variant outbound connection (malware-cnc.rules)
 * 1:29431 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Tirips (malware-cnc.rules)
 * 1:29440 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chewbacca outbound connection (malware-cnc.rules)
 * 1:29459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fexel variant outbound connection (malware-cnc.rules)
 * 1:29460 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pabueri variant outbound connection (malware-cnc.rules)
 * 1:29461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Norekab variant outbound connection (malware-cnc.rules)
 * 1:29464 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SniperSpy variant outbound connection (malware-cnc.rules)
 * 1:29483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Botime variant connection (malware-cnc.rules)
 * 1:29484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.POSCardStealer variant outbound connection (malware-cnc.rules)
 * 1:29489 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gaertob variant outbound connection (malware-cnc.rules)
 * 1:29493 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29494 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Tsunami outbound connection (malware-cnc.rules)
 * 1:29495 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kopdel variant outbound connection (malware-cnc.rules)
 * 1:29496 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicololo variant outbound connection (malware-cnc.rules)
 * 1:29497 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doneste variant outbound connection (malware-cnc.rules)
 * 1:29555 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spyex variant outbound connection (malware-cnc.rules)
 * 1:29556 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Loxes variant outbound connection (malware-cnc.rules)
 * 1:29557 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marten variant outbound connection (malware-cnc.rules)
 * 1:29559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sydigu variant outbound connection (malware-cnc.rules)
 * 1:29561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lechiket variant outbound connection (malware-cnc.rules)
 * 1:29562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29563 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blobrsa variant outbound connection (malware-cnc.rules)
 * 1:29565 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker.AALV variant outbound connection (malware-cnc.rules)
 * 1:29566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:29569 <-> DISABLED <-> MALWARE-CNC Linux.Backdoor.Shellbot outbound connection (malware-cnc.rules)
 * 1:29635 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nursteal variant outbound connection (malware-cnc.rules)
 * 1:29636 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Blocker.cbuf variant outbound connection (malware-cnc.rules)
 * 1:29637 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant outbound connection (malware-cnc.rules)
 * 1:29638 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Lumbko variant initial outbound connection (malware-cnc.rules)
 * 1:29644 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sdconsent outbound connection (malware-cnc.rules)
 * 1:29645 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Mimunita (malware-cnc.rules)
 * 1:29652 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Win.Trojan.Truado (malware-cnc.rules)
 * 1:29663 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dampt variant outbound connection (malware-cnc.rules)
 * 1:29664 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DomaIQ variant outbound connection (malware-cnc.rules)
 * 1:29665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:29666 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Linkup outbound connection (malware-cnc.rules)
 * 1:29670 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Caphaw outbound connection (malware-cnc.rules)
 * 1:29740 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sarvdap variant outbound connection (malware-cnc.rules)
 * 1:29760 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string MSIE 4.01 - Win.Trojan.Careto (malware-cnc.rules)
 * 1:29788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto outbound connection (malware-cnc.rules)
 * 1:29789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29790 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Careto plugin download (malware-cnc.rules)
 * 1:29816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29817 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jackpos outbound connection (malware-cnc.rules)
 * 1:29824 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - TixDll - Win.Trojan.Adload.dyhq (malware-cnc.rules)
 * 1:29828 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adload.dyhq variant outbound connection (malware-cnc.rules)
 * 1:29861 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Brabat variant outbound connection (malware-cnc.rules)
 * 1:29862 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pirminay variant outbout connection (malware-cnc.rules)
 * 1:29865 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz outbound connection (malware-cnc.rules)
 * 1:29869 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Napolar phishing attack (malware-cnc.rules)
 * 1:29870 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pony HTTP response connection (malware-cnc.rules)
 * 1:29873 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hanove variant outbound connection (malware-cnc.rules)
 * 1:29877 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chikdos.A outbound information disclosure (malware-cnc.rules)
 * 1:29878 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29879 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29880 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29881 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection (malware-cnc.rules)
 * 1:29882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WEC variant outbound connection (malware-cnc.rules)
 * 1:29883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tohwen variant outbound connection (malware-cnc.rules)
 * 1:29884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:29885 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound information disclosure (malware-cnc.rules)
 * 1:29886 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crypi.A outbound keylogger traffic (malware-cnc.rules)
 * 1:29887 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Updates downloader - Win.Trojan.Upatre (malware-cnc.rules)
 * 1:29893 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pyteconte variant outbound connection (malware-cnc.rules)
 * 1:29895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:29897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:29898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zygtab variant outbound connection (malware-cnc.rules)
 * 1:29899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Pmkype variant outbound connection (malware-cnc.rules)
 * 1:29901 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comowba variant outbound connection (malware-cnc.rules)
 * 1:29907 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madnedos outbound system information disclosure (malware-cnc.rules)
 * 1:29914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zmcwinsvc outbound system information disclosure (malware-cnc.rules)
 * 1:29916 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu system information disclosure (malware-cnc.rules)
 * 1:29920 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant outbound connection (malware-cnc.rules)
 * 1:29921 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZhiZhu variant inbound connection (malware-cnc.rules)
 * 1:29922 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc initial outbound connection (malware-cnc.rules)
 * 1:29923 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Bazuc jobs check outbound connection (malware-cnc.rules)
 * 1:29924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Farfli outbound connection (malware-cnc.rules)
 * 1:29925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Verxbot variant outbound connection (malware-cnc.rules)
 * 1:29973 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bublik.Zusy runtime detection (malware-cnc.rules)
 * 1:29975 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc system information disclosure (malware-cnc.rules)
 * 1:29976 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Svekifc outbound persistent connection (malware-cnc.rules)
 * 1:29978 <-> DISABLED <-> MALWARE-CNC ANDR.Trojan.FakeApp outbound connection (malware-cnc.rules)
 * 1:29980 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fucom outbound connection (malware-cnc.rules)
 * 1:29981 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tiny variant outbound connection (malware-cnc.rules)
 * 1:29982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oshidor variant outbound connection (malware-cnc.rules)
 * 1:29985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bicolo variant outbound connection (malware-cnc.rules)
 * 1:29987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Meac malware component download request (malware-cnc.rules)
 * 1:29990 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Seruda system information disclosure (malware-cnc.rules)
 * 1:29998 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Horsum outbound system information disclosure (malware-cnc.rules)
 * 1:29999 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - MSIE 9.0 in version 10 format (malware-cnc.rules)
 * 1:30034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donanbot outbound connection (malware-cnc.rules)
 * 1:30035 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sylonif variant outbound connection (malware-cnc.rules)
 * 1:30036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ovnavart variant outbound connection (malware-cnc.rules)
 * 1:30047 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Crowti variant outbound connection (malware-cnc.rules)
 * 1:30055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deventiz CWD system information disclosure via FTP (malware-cnc.rules)
 * 1:30058 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bogoclak outbound FTP connection information disclosure (malware-cnc.rules)
 * 1:30060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Coresh outbound identification request (malware-cnc.rules)
 * 1:30061 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tyleny variant outbound connection (malware-cnc.rules)
 * 1:30063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot outbound connection (malware-cnc.rules)
 * 1:30068 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30073 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant outbound connection (malware-cnc.rules)
 * 1:30074 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim variant outbound connection (malware-cnc.rules)
 * 1:30076 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stealzilla variant outbound connection (malware-cnc.rules)
 * 1:30078 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Momibot outbound system information disclosure (malware-cnc.rules)
 * 1:30087 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gamut configuration download (malware-cnc.rules)
 * 1:30088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon variant outbound connection (malware-cnc.rules)
 * 1:30090 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nitol variant outbound connection (malware-cnc.rules)
 * 1:30091 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30167 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware GET request to server (malware-cnc.rules)
 * 1:30168 <-> DISABLED <-> MALWARE-CNC Russian Bank scam malware POST to server (malware-cnc.rules)
 * 1:30191 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos usermode-centric client request (malware-cnc.rules)
 * 1:30192 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound command (malware-cnc.rules)
 * 1:30193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uroburos inbound encrypted data (malware-cnc.rules)
 * 1:30196 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Androm variant outbound connection (malware-cnc.rules)
 * 1:30198 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.TDSS variant outbound connection (malware-cnc.rules)
 * 1:30208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nakcos variant outbound connection (malware-cnc.rules)
 * 1:30210 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agnet string Win.Trojan.ZeusVM (malware-cnc.rules)
 * 1:30211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ZeusVM embedded image config file download (malware-cnc.rules)
 * 1:30214 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sharik variant outbound connection (malware-cnc.rules)
 * 1:30216 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ShadyRAT variant outbound connection (malware-cnc.rules)
 * 1:30231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eybog variant outbound connection (malware-cnc.rules)
 * 1:30234 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Graftor variant outbound connection (malware-cnc.rules)
 * 1:30235 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qadars variant outbound connection (malware-cnc.rules)
 * 1:30239 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Name variant outbound connection (malware-cnc.rules)
 * 1:30250 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - logogo.exe (malware-cnc.rules)
 * 1:30251 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mumawow outbound connection (malware-cnc.rules)
 * 1:30255 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30256 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor HTTP Response - Non-Brazil Geolocated Infected User (malware-cnc.rules)
 * 1:30257 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ExplorerHijack variant outbound connection (malware-cnc.rules)
 * 1:30258 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30259 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Strictor variant outbound connection (malware-cnc.rules)
 * 1:30262 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30270 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot configuration file download (malware-cnc.rules)
 * 1:30271 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot drop zone file upload (malware-cnc.rules)
 * 1:30276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30279 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sloth variant command and control traffic (malware-cnc.rules)
 * 1:30284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Recub variant outbound connection (malware-cnc.rules)
 * 1:30288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Glupteba.M initial outbound connection (malware-cnc.rules)
 * 1:30290 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Browser - Win.Trojan.Bruterdep (malware-cnc.rules)
 * 1:30298 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Cloudoten variant inbound connection (malware-cnc.rules)
 * 1:30299 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30300 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Projecthook variant outbound connection (malware-cnc.rules)
 * 1:30301 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent InetAll - Win.Trojan.Pennonec (malware-cnc.rules)
 * 1:30302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rajdze variant outbound connection (malware-cnc.rules)
 * 1:30304 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Noctabor variant outbound connection (malware-cnc.rules)
 * 1:30308 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30309 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - Win.Backdoor.Jolob (malware-cnc.rules)
 * 1:30310 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30311 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Comdinter variant outbound connection (malware-cnc.rules)
 * 1:30314 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmd - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30315 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent getcmdw23 - Win.Trojan.Burnwoo (malware-cnc.rules)
 * 1:30323 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drawnetz variant outbound connection (malware-cnc.rules)
 * 1:30331 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent ebot - Win.Trojan.Modulog (malware-cnc.rules)
 * 1:30332 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook configuration file download attempt (malware-cnc.rules)
 * 1:30333 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook information disclosure attempt (malware-cnc.rules)
 * 1:30334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ProjectHook initial outbound connection (malware-cnc.rules)
 * 1:30344 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent EyeS_Client_1.0 - Win.Trojan.Seey (malware-cnc.rules)
 * 1:30482 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik inbound connection (malware-cnc.rules)
 * 1:30483 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30484 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot/Bublik outbound connection (malware-cnc.rules)
 * 1:30494 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Boaxxe variant outbound connection (malware-cnc.rules)
 * 1:30518 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious User-Agent Neutrino/2.1 - Win.Trojan.Necurs (malware-cnc.rules)
 * 1:30519 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Necurs variant outbound connection (malware-cnc.rules)
 * 1:30547 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ramdo variant outbound connection (malware-cnc.rules)
 * 1:30548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant outbound connection (malware-cnc.rules)
 * 1:30551 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Minerd (malware-cnc.rules)
 * 1:30552 <-> DISABLED <-> MALWARE-CNC Malicious BitCoiner Miner download - Win.Trojan.Systema (malware-cnc.rules)
 * 1:30559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Uniemv variant outbound connection (malware-cnc.rules)
 * 1:30560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Megesat variant outbound connection (malware-cnc.rules)
 * 1:30566 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Elknot outbound connection (malware-cnc.rules)
 * 1:30743 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chabava outbound connection (malware-cnc.rules)
 * 1:30751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ransom variant outbound connection (malware-cnc.rules)
 * 1:30752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tesyong outbound connection (malware-cnc.rules)
 * 1:30753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rehacker outbound connection (malware-cnc.rules)
 * 1:30773 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuluoz variant download request (malware-cnc.rules)
 * 1:30776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Targnik variant outbound connection (malware-cnc.rules)
 * 1:30804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30808 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30809 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30810 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30811 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30812 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hulpob outbound connection (malware-cnc.rules)
 * 1:30815 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Oldboot variant outbound connection (malware-cnc.rules)
 * 1:30882 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30896 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30897 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.DarkKomet variant outbound connection (malware-cnc.rules)
 * 1:30900 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tuhao variant outbound connection (malware-cnc.rules)
 * 1:30914 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30915 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpySmall variant outbound connection (malware-cnc.rules)
 * 1:30917 <-> DISABLED <-> MALWARE-CNC Win.Worm.Phelshap variant outbound connection (malware-cnc.rules)
 * 1:30918 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent User-Agent Mozilla (malware-cnc.rules)
 * 1:30919 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:30923 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sefnit outbound connection (malware-cnc.rules)
 * 1:30924 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor inbound connection (malware-cnc.rules)
 * 1:30925 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound connection (malware-cnc.rules)
 * 1:30926 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hd backdoor outbound secure-connection (malware-cnc.rules)
 * 1:30938 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.Roopre outbound connection (malware-cnc.rules)
 * 1:30945 <-> DISABLED <-> MALWARE-CNC Win.Worm.Winiga FTP login attempt (malware-cnc.rules)
 * 1:30947 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Botintin outbound connection (malware-cnc.rules)
 * 1:30953 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30954 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30955 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Symmi variant outbound connection (malware-cnc.rules)
 * 1:30977 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jaik variant outbound connection (malware-cnc.rules)
 * 1:30978 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rbrute inbound connection (malware-cnc.rules)
 * 1:30979 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gisetik information disclosure attempt (malware-cnc.rules)
 * 1:30982 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30983 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Karnos variant outbound connection (malware-cnc.rules)
 * 1:30984 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vonriamt outbound connection (malware-cnc.rules)
 * 1:30985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed outbound connection (malware-cnc.rules)
 * 1:30986 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tenexmed inbound shell command attempt (malware-cnc.rules)
 * 1:30987 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola configuration file download attempt (malware-cnc.rules)
 * 1:30988 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vondola information disclosure attempt (malware-cnc.rules)
 * 1:31002 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kimsuky variant outbound connection (malware-cnc.rules)
 * 1:31004 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31005 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief information disclosure attempt (malware-cnc.rules)
 * 1:31006 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nethief initial outbound connection (malware-cnc.rules)
 * 1:31007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Iplorko.A runtime detection (malware-cnc.rules)
 * 1:31010 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sisbot variant outbound IRC connection (malware-cnc.rules)
 * 1:31014 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryptowall variant outbound connection (malware-cnc.rules)
 * 1:31020 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31036 <-> DISABLED <-> MALWARE-CNC Win.Trojan.SpyBanker variant outbound connection (malware-cnc.rules)
 * 1:31051 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hesperbot variant outbound connection (malware-cnc.rules)
 * 1:31053 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadnessPro outbound connection (malware-cnc.rules)
 * 1:31055 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banload variant outbound connection (malware-cnc.rules)
 * 1:31062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone variant outbound connection (malware-cnc.rules)
 * 1:31063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Expone FTP login attempt (malware-cnc.rules)
 * 1:31064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Diatraha variant outbound connection (malware-cnc.rules)
 * 1:31066 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tobinload variant outbound connection (malware-cnc.rules)
 * 1:31070 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Necurs outbound connection (malware-cnc.rules)
 * 1:31072 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cryfile variant outbound connection (malware-cnc.rules)
 * 1:31073 <-> DISABLED <-> MALWARE-CNC RemoteSpy connection to CNC server (malware-cnc.rules)
 * 1:31079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31080 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Alurewo outbound connection (malware-cnc.rules)
 * 1:31081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.WinSpy variant outbound connection (malware-cnc.rules)
 * 1:31083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bexelets variant outbound connection (malware-cnc.rules)
 * 1:31084 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zbot variant outbound connection (malware-cnc.rules)
 * 1:31090 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent hello crazyk (malware-cnc.rules)
 * 1:31112 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos password stealing attempt (malware-cnc.rules)
 * 1:31113 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bancos variant outbound connection (malware-cnc.rules)
 * 1:31114 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rfusclient outbound connection (malware-cnc.rules)
 * 1:31116 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Garsuni variant outbound connection (malware-cnc.rules)
 * 1:31119 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marmoolak variant outbound connection (malware-cnc.rules)
 * 1:31121 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cahecon outbound connection (malware-cnc.rules)
 * 1:31122 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - User-Agent svchost (malware-cnc.rules)