Talos Rules 2020-10-22
This release adds and modifies rules in several categories.

Talos has added and modified multiple rules in the malware-cnc, malware-other and server-webapp rule sets to provide coverage for emerging threats from these technologies.

For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.

Change logs

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091601.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)

Modified Rules:


 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091600.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)

Modified Rules:


 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091501.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091500.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091401.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)

Modified Rules:


 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091300.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2091101.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)

Modified Rules:


 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 3000.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (snort3-server-webapp.rules)
 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (snort3-server-webapp.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (snort3-malware-other.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (snort3-malware-other.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (snort3-malware-cnc.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (snort3-malware-cnc.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (snort3-malware-other.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (snort3-malware-other.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (snort3-malware-other.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (snort3-malware-other.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (snort3-malware-other.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (snort3-malware-other.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (snort3-malware-other.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (snort3-server-webapp.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (snort3-malware-other.rules)

Modified Rules:


 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (snort3-malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (snort3-malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (snort3-malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (snort3-malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (snort3-malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (snort3-malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (snort3-malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (snort3-malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (snort3-malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (snort3-malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (snort3-malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (snort3-malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (snort3-malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (snort3-malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (snort3-malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (snort3-malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (snort3-malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (snort3-malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (snort3-malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (snort3-malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (snort3-malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (snort3-malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (snort3-malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (snort3-malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (snort3-malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (snort3-malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (snort3-malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (snort3-malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (snort3-malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (snort3-malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (snort3-malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (snort3-malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (snort3-malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (snort3-malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (snort3-malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (snort3-malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (snort3-malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (snort3-malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (snort3-malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (snort3-malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (snort3-malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (snort3-malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (snort3-malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (snort3-malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (snort3-malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (snort3-malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (snort3-malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (snort3-malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (snort3-malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (snort3-malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (snort3-malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (snort3-malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (snort3-malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (snort3-malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (snort3-malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (snort3-malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (snort3-malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (snort3-malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (snort3-malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (snort3-malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (snort3-malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (snort3-malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (snort3-malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (snort3-malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (snort3-malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (snort3-malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (snort3-malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (snort3-malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (snort3-malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (snort3-malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (snort3-malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (snort3-malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (snort3-malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (snort3-malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (snort3-malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (snort3-malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (snort3-malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (snort3-malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (snort3-malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (snort3-malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (snort3-malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (snort3-malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (snort3-malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (snort3-malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (snort3-malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (snort3-malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (snort3-malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (snort3-malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (snort3-malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (snort3-malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (snort3-malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (snort3-malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (snort3-malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (snort3-malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (snort3-malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (snort3-malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (snort3-malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (snort3-malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (snort3-malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (snort3-malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (snort3-malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (snort3-malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (snort3-malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (snort3-malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (snort3-malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (snort3-malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (snort3-malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (snort3-malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (snort3-malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (snort3-malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (snort3-malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (snort3-malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (snort3-malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (snort3-malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (snort3-malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (snort3-malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (snort3-malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (snort3-malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (snort3-malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (snort3-malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (snort3-malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (snort3-malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (snort3-malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (snort3-malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (snort3-malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (snort3-malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (snort3-malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (snort3-malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (snort3-malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (snort3-malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (snort3-malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (snort3-malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (snort3-malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (snort3-malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (snort3-malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (snort3-malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (snort3-malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (snort3-malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (snort3-malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (snort3-malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (snort3-malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (snort3-malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (snort3-malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (snort3-malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (snort3-malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (snort3-malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (snort3-malware-cnc.rules)
 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (snort3-malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (snort3-malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (snort3-malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (snort3-malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (snort3-malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (snort3-malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (snort3-malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (snort3-malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (snort3-malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (snort3-malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (snort3-malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (snort3-malware-cnc.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (snort3-malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (snort3-malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (snort3-malware-cnc.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (snort3-malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (snort3-malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (snort3-malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (snort3-malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (snort3-server-webapp.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (snort3-malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (snort3-malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (snort3-malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (snort3-malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (snort3-malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (snort3-malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (snort3-malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (snort3-malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (snort3-malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (snort3-malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (snort3-malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (snort3-malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (snort3-malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (snort3-malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (snort3-malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (snort3-malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (snort3-malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (snort3-malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (snort3-malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (snort3-malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (snort3-malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (snort3-malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (snort3-malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (snort3-malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (snort3-malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (snort3-malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (snort3-malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (snort3-malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (snort3-malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (snort3-malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (snort3-malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (snort3-malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (snort3-malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (snort3-malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (snort3-malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (snort3-malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (snort3-malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (snort3-malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (snort3-malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (snort3-malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (snort3-malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (snort3-malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (snort3-malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (snort3-malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (snort3-malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (snort3-malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (snort3-malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (snort3-malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (snort3-malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (snort3-malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (snort3-malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (snort3-malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (snort3-malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (snort3-malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (snort3-malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (snort3-malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (snort3-malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (snort3-malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (snort3-malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (snort3-malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (snort3-malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (snort3-malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (snort3-malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (snort3-malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (snort3-malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (snort3-malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (snort3-malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (snort3-malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (snort3-malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (snort3-malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (snort3-malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (snort3-malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (snort3-malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (snort3-malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (snort3-malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (snort3-malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (snort3-malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (snort3-malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (snort3-malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (snort3-malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (snort3-malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (snort3-malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (snort3-malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (snort3-malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (snort3-malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (snort3-malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (snort3-malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (snort3-malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (snort3-malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (snort3-malware-cnc.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (snort3-malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (snort3-malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (snort3-malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (snort3-malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (snort3-malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (snort3-malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (snort3-malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (snort3-malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (snort3-malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (snort3-malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (snort3-malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (snort3-malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (snort3-malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (snort3-malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (snort3-malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (snort3-malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (snort3-malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (snort3-malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (snort3-malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (snort3-malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (snort3-malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (snort3-malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (snort3-malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (snort3-malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (snort3-malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (snort3-malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (snort3-malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (snort3-malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (snort3-malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (snort3-malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (snort3-malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (snort3-malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (snort3-malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (snort3-malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (snort3-malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (snort3-malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (snort3-malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (snort3-malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (snort3-malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (snort3-malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (snort3-malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (snort3-malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (snort3-malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (snort3-malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (snort3-malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (snort3-malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (snort3-malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (snort3-malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (snort3-malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (snort3-malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (snort3-malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (snort3-malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (snort3-malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (snort3-malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (snort3-malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (snort3-malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (snort3-malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (snort3-malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (snort3-malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (snort3-malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (snort3-malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (snort3-malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (snort3-malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (snort3-malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (snort3-malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (snort3-malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (snort3-malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (snort3-malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (snort3-malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (snort3-malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (snort3-malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (snort3-malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (snort3-malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (snort3-malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (snort3-malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (snort3-malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (snort3-malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (snort3-malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (snort3-malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (snort3-malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (snort3-malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (snort3-malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (snort3-malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (snort3-malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (snort3-malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (snort3-malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (snort3-malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (snort3-malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (snort3-malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (snort3-malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (snort3-malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (snort3-malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (snort3-malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (snort3-malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (snort3-malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (snort3-malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (snort3-malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (snort3-malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (snort3-malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (snort3-malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (snort3-malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (snort3-malware-cnc.rules)

2020-10-22 12:58:02 UTC

Snort Subscriber Rules Update

Date: 2020-10-22

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.

The format of the file is:

gid:sid <-> Default rule state <-> Message (rule group)

New Rules:


 * 1:56082 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56079 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56088 <-> ENABLED <-> MALWARE-CNC Unix.Spyware.WellMess variant outbound cnc attempt (malware-cnc.rules)
 * 1:56073 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56080 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780659-0 download attempt (malware-other.rules)
 * 1:56086 <-> DISABLED <-> SERVER-WEBAPP Apache Tomcat WebSocket length denial of service attempt (server-webapp.rules)
 * 1:56076 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 1:56072 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56077 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56078 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780656-0 download attempt (malware-other.rules)
 * 1:56081 <-> ENABLED <-> MALWARE-CNC Andr.Trojan.Donot variant outbound connection (malware-cnc.rules)
 * 1:56074 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Agentb-9780545-0 download attempt (malware-other.rules)
 * 1:56083 <-> DISABLED <-> SERVER-WEBAPP Wordpress WP Database Backup plug-in command injection attempt (server-webapp.rules)
 * 1:56071 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Estiwir-9780541-0 download attempt (malware-other.rules)
 * 1:56075 <-> DISABLED <-> MALWARE-OTHER Win.Malware.Upatre-9780601-0 download attempt (malware-other.rules)
 * 3:56089 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD denial of service attempt (server-webapp.rules)
 * 3:56087 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA and FTD web services large file upload denial of service attempt (server-webapp.rules)
 * 3:56090 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56084 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)
 * 3:56091 <-> ENABLED <-> SERVER-OTHER Cisco ASA/FTD OSPF LLS denial of service attempt (server-other.rules)
 * 3:56085 <-> ENABLED <-> SERVER-WEBAPP Cisco FXOS Software Firepower Chassis Manager cross site request forgery attempt (server-webapp.rules)

Modified Rules:


 * 1:45239 <-> DISABLED <-> MALWARE-CNC Win.Malware.Freenki variant outbound connection (malware-cnc.rules)
 * 1:44896 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:43575 <-> DISABLED <-> MALWARE-CNC Win32.Trojan.NeutrinoPOS connection attempt (malware-cnc.rules)
 * 1:43969 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kradod connection attempt (malware-cnc.rules)
 * 1:43467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:44773 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:43929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poogetad Variant connection attempt (malware-cnc.rules)
 * 1:44656 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:44212 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:44876 <-> DISABLED <-> MALWARE-CNC Malicious VBA Dropper outbound connection detected (malware-cnc.rules)
 * 1:44798 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:40205 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:44027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44214 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Graftor (malware-cnc.rules)
 * 1:44177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant outbound connection (malware-cnc.rules)
 * 1:43982 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:43222 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:44210 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bullrat variant outbound connection (malware-cnc.rules)
 * 1:43293 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious java file download attempt (malware-cnc.rules)
 * 1:44768 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence outbound request (malware-cnc.rules)
 * 1:45566 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:42129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:43890 <-> DISABLED <-> MALWARE-CNC Win.Malware.Emotet variant outbound connection (malware-cnc.rules)
 * 1:43477 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:44222 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:44171 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zurgop variant outbound beaconing connection (malware-cnc.rules)
 * 1:43985 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rortiem outbound connection (malware-cnc.rules)
 * 1:44769 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence inbound download (malware-cnc.rules)
 * 1:44897 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44028 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44998 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:44911 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Fruitfly variant outbound connection detected (malware-cnc.rules)
 * 1:44802 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45574 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm second stage configuration download attempt (malware-cnc.rules)
 * 1:45050 <-> DISABLED <-> MALWARE-CNC Win.Trojan.IcedId outbound connection (malware-cnc.rules)
 * 1:44782 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:45469 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:40209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bulta external connection attempt (malware-cnc.rules)
 * 1:40600 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:45194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FileCryptor variant outbound connection (malware-cnc.rules)
 * 1:45091 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill login outbound connection (malware-cnc.rules)
 * 1:42019 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:41316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:45209 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:43063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kabob outbound connection (malware-cnc.rules)
 * 1:45095 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant outbound connection (malware-cnc.rules)
 * 1:45260 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware upload attempt (malware-cnc.rules)
 * 1:44801 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Godzilla outbound connection (malware-cnc.rules)
 * 1:44011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hippo variant outbound connection (malware-cnc.rules)
 * 1:45100 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant outbound connection (malware-cnc.rules)
 * 1:44774 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44778 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:42026 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:45483 <-> DISABLED <-> MALWARE-CNC Pdf.Phishing.Agent variant outbound connection detected (malware-cnc.rules)
 * 1:46339 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Matrix outbound connection (malware-cnc.rules)
 * 1:43972 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43930 <-> DISABLED <-> MALWARE-CNC Win.Malware.GamKer variant outbound connection (malware-cnc.rules)
 * 1:45352 <-> DISABLED <-> MALWARE-CNC PowerShell Empire HTTP listener response (malware-cnc.rules)
 * 1:42302 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound connection (malware-cnc.rules)
 * 1:45252 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:44652 <-> DISABLED <-> MALWARE-CNC Win.Zusy variant outbound connection (malware-cnc.rules)
 * 1:44807 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45471 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44772 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Datper (malware-cnc.rules)
 * 1:45062 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:40611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Zeus variant download attempt (malware-cnc.rules)
 * 1:45567 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection attempt (malware-cnc.rules)
 * 1:44362 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:40242 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:44653 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet (malware-cnc.rules)
 * 1:46423 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kraens initial outbound request (malware-cnc.rules)
 * 1:44803 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45231 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DDEDownloader variant outbound connection detected (malware-cnc.rules)
 * 1:46433 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo initial connection (malware-cnc.rules)
 * 1:40762 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant inbound connection (malware-cnc.rules)
 * 1:40606 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:44681 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.IoTReaper_Botnet telnet connection attempt (malware-cnc.rules)
 * 1:45064 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:46434 <-> DISABLED <-> MALWARE-CNC Win.Adware.Doyo client outbound connection (malware-cnc.rules)
 * 1:40216 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.VBInject (malware-cnc.rules)
 * 1:45552 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:40816 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40797 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40045 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40796 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:40832 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant keylogger inbound init command attempt (malware-cnc.rules)
 * 1:46253 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rovnix file upload attempt (malware-cnc.rules)
 * 1:41460 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:45562 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:40834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound silence command attempt (malware-cnc.rules)
 * 1:40795 <-> DISABLED <-> MALWARE-CNC Nesxlh variant outbound connection (malware-cnc.rules)
 * 1:45944 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:40763 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getSMS command response (malware-cnc.rules)
 * 1:46284 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bandios user agent outbound communication attempt (malware-cnc.rules)
 * 1:44789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:40824 <-> DISABLED <-> MALWARE-CNC Logbro variant outbound connection (malware-cnc.rules)
 * 1:40771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Miuref variant outbound connection (malware-cnc.rules)
 * 1:40764 <-> DISABLED <-> MALWARE-CNC Android.Trojan.SpyNote RAT variant getContacts command response (malware-cnc.rules)
 * 1:40214 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:41179 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:42899 <-> DISABLED <-> MALWARE-CNC Jaff ransomware outbound connection (malware-cnc.rules)
 * 1:42128 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ismdoor variant outbound connection (malware-cnc.rules)
 * 1:41665 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mirai variant outbound connection (malware-cnc.rules)
 * 1:40206 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:43049 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gasonen variant outbound connection (malware-cnc.rules)
 * 1:43950 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Globeimposter outbound connection (malware-cnc.rules)
 * 1:41174 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41687 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:40207 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Comisproc outbound connection detected (malware-cnc.rules)
 * 1:43981 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Femas variant outbound connection (malware-cnc.rules)
 * 1:41675 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:44042 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hupigon Connection attempt (malware-cnc.rules)
 * 1:42023 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:43457 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Eorezo variant outbound connection (malware-cnc.rules)
 * 1:42395 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oddjob outbound connection (malware-cnc.rules)
 * 1:40835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screen_thumb inbound init command attempt (malware-cnc.rules)
 * 1:40612 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download attempt (malware-cnc.rules)
 * 1:43459 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:41444 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:43183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:42029 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:40204 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Qiwmonk outbound connection detected (malware-cnc.rules)
 * 1:40601 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise activity (malware-cnc.rules)
 * 1:42881 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:41135 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41318 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Visbot (malware-cnc.rules)
 * 1:41498 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.CryptoLocker binary download response attempt (malware-cnc.rules)
 * 1:43220 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Hotbar (malware-cnc.rules)
 * 1:42997 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:42171 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant outbound connection (malware-cnc.rules)
 * 1:43524 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:41656 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.MagicHound (malware-cnc.rules)
 * 1:40217 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - F.5.E.C (malware-cnc.rules)
 * 1:42421 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber variant inbound connection attempt (malware-cnc.rules)
 * 1:40605 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41434 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41337 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:44278 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CrystalAttack outbound file download attempt (malware-cnc.rules)
 * 1:41461 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:43224 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:42838 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Backdoor.Chopper (malware-cnc.rules)
 * 1:44316 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ellell variant outbound connection (malware-cnc.rules)
 * 1:40060 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:42885 <-> DISABLED <-> MALWARE-CNC WashingTon ssl certificate negotiation attempt (malware-cnc.rules)
 * 1:42114 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant new bot registered (malware-cnc.rules)
 * 1:41437 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:40644 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:42831 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - micro (malware-cnc.rules)
 * 1:40212 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Darkshell (malware-cnc.rules)
 * 1:41442 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas outbound connection (malware-cnc.rules)
 * 1:41676 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dridex self-signed certificate exchange (malware-cnc.rules)
 * 1:42386 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42243 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dimnie outbound connection (malware-cnc.rules)
 * 1:41684 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:44211 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Tarayt outbound connection (malware-cnc.rules)
 * 1:42925 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:43292 <-> DISABLED <-> MALWARE-CNC Andr.Adware.Judy malicious dex file download attempt (malware-cnc.rules)
 * 1:44806 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44276 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:45943 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:44659 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Wraut variant outbound connection (malware-cnc.rules)
 * 1:44689 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gen variant outbound connection (malware-cnc.rules)
 * 1:46356 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:40831 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:45560 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:45051 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Tool.SMSBomber (malware-cnc.rules)
 * 1:44753 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Stimilina variant outbound connection detected (malware-cnc.rules)
 * 1:41458 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:40643 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.TrickBot (malware-cnc.rules)
 * 1:44762 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:45229 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:41438 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:44277 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Chthonic outbound file download attempt (malware-cnc.rules)
 * 1:43468 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fireball variant outbound connection (malware-cnc.rules)
 * 1:44391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43475 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:40823 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Gendwndrop variant outbound connection (malware-cnc.rules)
 * 1:44791 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Retadup variant outbound connection (malware-cnc.rules)
 * 1:44213 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - ace4956e-736e-11e6-9584-d7165ca591df - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:45090 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill server selection outbound connection (malware-cnc.rules)
 * 1:44886 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Volgmer (malware-cnc.rules)
 * 1:45099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscon variant inbound connection (malware-cnc.rules)
 * 1:45400 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt (malware-cnc.rules)
 * 1:45065 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:45230 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - SocStealer (malware-cnc.rules)
 * 1:43351 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Erebus variant outbound connection (malware-cnc.rules)
 * 1:45104 <-> DISABLED <-> MALWARE-CNC Win.Malware.Recam variant outbound connection (malware-cnc.rules)
 * 1:45098 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant outbound connection (malware-cnc.rules)
 * 1:40709 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:44761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:45607 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat variant outbound connection detected (malware-cnc.rules)
 * 1:45097 <-> DISABLED <-> MALWARE-CNC Win.Downloader.SnatchLoader variant inbound connection (malware-cnc.rules)
 * 1:44763 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KopiLuwak variant outbound request detected (malware-cnc.rules)
 * 1:41178 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:40782 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Venik (malware-cnc.rules)
 * 1:41476 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - 987t67g (malware-cnc.rules)
 * 1:41403 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Simda (malware-cnc.rules)
 * 1:41336 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Sysch variant outbound connection (malware-cnc.rules)
 * 1:41439 <-> DISABLED <-> MALWARE-CNC Dos.Tool.LOIC variant IRC command detected (malware-cnc.rules)
 * 1:41435 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:45551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Velso ransomware download (malware-cnc.rules)
 * 1:41424 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cerber outbound connection (malware-cnc.rules)
 * 1:41334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:41374 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant registration message (malware-cnc.rules)
 * 1:41180 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant post compromise download attempt (malware-cnc.rules)
 * 1:45473 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:41376 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant keepalive (malware-cnc.rules)
 * 1:44944 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45472 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:41331 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Scudy outbound connection (malware-cnc.rules)
 * 1:44307 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Razy variant outbound connection (malware-cnc.rules)
 * 1:44779 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:42926 <-> DISABLED <-> MALWARE-CNC Js.Keylogger.Scanbox outbound connection (malware-cnc.rules)
 * 1:41780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ratankba variant outbound connection (malware-cnc.rules)
 * 1:44975 <-> DISABLED <-> MALWARE-CNC Php.Dropper.Mayhem variant outbound connection (malware-cnc.rules)
 * 1:46357 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46358 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46359 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46360 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46361 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46362 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46363 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:46364 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Wroba outbound connection (malware-cnc.rules)
 * 1:44393 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44401 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44314 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant inbound connection attempt (malware-cnc.rules)
 * 1:44399 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44365 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware outbound post (malware-cnc.rules)
 * 1:44440 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Poison (malware-cnc.rules)
 * 1:44317 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent - Version/100 - Win.Trojan.Tarayt (malware-cnc.rules)
 * 1:44438 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44392 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:44470 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44367 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:44450 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Buterat variant outbount connection detected (malware-cnc.rules)
 * 1:44400 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44563 <-> DISABLED <-> MALWARE-CNC PowerShell Empire variant outbound connection (malware-cnc.rules)
 * 1:44396 <-> DISABLED <-> MALWARE-CNC Win.Trojan.KediRAT outbound connection (malware-cnc.rules)
 * 1:44559 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:44439 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Poison variant outbound connection detected (malware-cnc.rules)
 * 1:44592 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus self-signed certificate exchange (malware-cnc.rules)
 * 1:44402 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Trickbot self-signed certificate exchange (malware-cnc.rules)
 * 1:44570 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44469 <-> DISABLED <-> MALWARE-CNC Potential hostile executable served from compromised or malicious WordPress site attempt (malware-cnc.rules)
 * 1:44616 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44443 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Popureb variant outbound connection detected (malware-cnc.rules)
 * 1:44610 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44560 <-> DISABLED <-> MALWARE-CNC Word.Trojan.Emotet obfuscated powershell (malware-cnc.rules)
 * 1:40710 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Komplex outbound connection (malware-cnc.rules)
 * 1:44554 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Congur variant outbound connection detected (malware-cnc.rules)
 * 1:44618 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:44591 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PandaZeus malicious certificate exchange (malware-cnc.rules)
 * 1:44569 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:44611 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky dropper variant outbound request detected (malware-cnc.rules)
 * 1:44595 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DNSMessenger outbound connection (malware-cnc.rules)
 * 1:44639 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Quimonk variant outbound connection detected (malware-cnc.rules)
 * 1:44617 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:40252 <-> DISABLED <-> MALWARE-CNC Win.Perseus variant outbound connection (malware-cnc.rules)
 * 1:40249 <-> DISABLED <-> MALWARE-CNC Win.Downloader.QuantLoader external connection attempt (malware-cnc.rules)
 * 1:40261 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40259 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40290 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant status update outbound connection (malware-cnc.rules)
 * 1:40288 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Poxters external connection (malware-cnc.rules)
 * 1:40251 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Trojan.Perseus (malware-cnc.rules)
 * 1:40311 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40309 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Randrew variant outbound connection (malware-cnc.rules)
 * 1:40260 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant initial backdoor download attempt (malware-cnc.rules)
 * 1:40340 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40258 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40338 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Bartallex outbound connection detected (malware-cnc.rules)
 * 1:40289 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Philadelphia variant initial outbound connection (malware-cnc.rules)
 * 1:40450 <-> DISABLED <-> MALWARE-CNC Doc.Downloader.Agent file download attempt (malware-cnc.rules)
 * 1:40262 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant backdoor detected (malware-cnc.rules)
 * 1:40433 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40310 <-> DISABLED <-> MALWARE-CNC Osx.Trojan.Keydnap variant dropper detected (malware-cnc.rules)
 * 1:40467 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hades outbound connection (malware-cnc.rules)
 * 1:40308 <-> DISABLED <-> MALWARE-CNC Backdoor.MSIL.Kazybot.A botnet server connection attempt (malware-cnc.rules)
 * 1:40465 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40339 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cry variant outbound connection (malware-cnc.rules)
 * 1:40523 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:40334 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:40501 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40449 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40548 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Redosdru variant outbound connection (malware-cnc.rules)
 * 1:40432 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Marsjoke variant post infection beacon (malware-cnc.rules)
 * 1:40528 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string Instally (malware-cnc.rules)
 * 1:40466 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kapahyku variant outbound connection (malware-cnc.rules)
 * 1:40559 <-> DISABLED <-> MALWARE-CNC Win.Trojan.iSpy variant outbound connection (malware-cnc.rules)
 * 1:40461 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Deshacop variant outbound connection (malware-cnc.rules)
 * 1:40550 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant second stage download attempt (malware-cnc.rules)
 * 1:40522 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise fingerprinting (malware-cnc.rules)
 * 1:40500 <-> DISABLED <-> MALWARE-CNC Andr.Tool.Snowfox Androidbauts/snowfox outbound connection (malware-cnc.rules)
 * 1:40596 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Berbew variant outbound connection (malware-cnc.rules)
 * 1:40541 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Satana ransomware outbound connection (malware-cnc.rules)
 * 1:40527 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40551 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Dexter Banker variant successful installation report attempt (malware-cnc.rules)
 * 1:40549 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CryPy ransomware variant outbound connection (malware-cnc.rules)
 * 1:40599 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise echo loader attempt (malware-cnc.rules)
 * 1:42884 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection (malware-cnc.rules)
 * 1:40833 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant screenshot inbound init command attempt (malware-cnc.rules)
 * 1:42886 <-> DISABLED <-> MALWARE-CNC User-Agent Win.Trojan.Agent malicious user agent (malware-cnc.rules)
 * 1:40027 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shakti variant outbound connection (malware-cnc.rules)
 * 1:40011 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:40059 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Hadsruda outbound connection detected (malware-cnc.rules)
 * 1:40044 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom post encryption outbound connection (malware-cnc.rules)
 * 1:40203 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Drolnux variant outbound connection (malware-cnc.rules)
 * 1:40067 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LokiBot outbound connection (malware-cnc.rules)
 * 1:40016 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Madeba outbound connection detected (malware-cnc.rules)
 * 1:40007 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemim outbound connection detected (malware-cnc.rules)
 * 1:40043 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Fantom outbound connection (malware-cnc.rules)
 * 1:16195 <-> DISABLED <-> SERVER-WEBAPP HTTP request with negative Content-Length attempt (server-webapp.rules)
 * 1:41034 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Sality variant outbound connection (malware-cnc.rules)
 * 1:41031 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Athena variant outbound connection (malware-cnc.rules)
 * 1:40906 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41134 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41089 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ostap out bound communication attempt (malware-cnc.rules)
 * 1:40911 <-> DISABLED <-> MALWARE-CNC Win.Rootkit.Sednit variant outbound connection (malware-cnc.rules)
 * 1:41173 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:40910 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky variant outbound connection (malware-cnc.rules)
 * 1:41136 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41033 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Proteus outbound connection (malware-cnc.rules)
 * 1:41177 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:40991 <-> DISABLED <-> MALWARE-CNC Linux.DDoS.D93 outbound connection (malware-cnc.rules)
 * 1:41175 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41133 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Agent variant compromise download attempt (malware-cnc.rules)
 * 1:41176 <-> DISABLED <-> MALWARE-CNC Win.Trojan.August variant outbound connection (malware-cnc.rules)
 * 1:41088 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MrWhite out bound communication attempt (malware-cnc.rules)
 * 1:41315 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41317 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DragonOK variant outbound connection (malware-cnc.rules)
 * 1:41456 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Elite Keylogger (malware-cnc.rules)
 * 1:41162 <-> DISABLED <-> MALWARE-CNC Js.Trojan.Nemucod variant  (malware-cnc.rules)
 * 1:41443 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.X-Mas variant keylogger outbound connection (malware-cnc.rules)
 * 1:41478 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky payload download - result (malware-cnc.rules)
 * 1:41663 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41441 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - X-Mas (malware-cnc.rules)
 * 1:41661 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41477 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Vibrio file download - 4g3vg334 (malware-cnc.rules)
 * 1:41662 <-> DISABLED <-> MALWARE-CNC Osx.Downloader.MacDownloader variant outbound connection (malware-cnc.rules)
 * 1:41459 <-> DISABLED <-> MALWARE-CNC Osx.Keylogger.Elite variant outbound connection (malware-cnc.rules)
 * 1:41682 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41657 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MagicHound variant outbound connection (malware-cnc.rules)
 * 1:41683 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41540 <-> DISABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules)
 * 1:41702 <-> DISABLED <-> MALWARE-CNC Win.Adware.Winwrapper outbound connection (malware-cnc.rules)
 * 1:41712 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini backdoor file download request (malware-cnc.rules)
 * 1:41711 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Houdini variant initial outbound connection (malware-cnc.rules)
 * 1:41686 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:41685 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malear variant outbound connection (malware-cnc.rules)
 * 1:42020 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Andr.Trojan.Agent (malware-cnc.rules)
 * 1:42028 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:44805 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44997 <-> DISABLED <-> MALWARE-CNC Legend irc bot cnc attempt (malware-cnc.rules)
 * 1:41787 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro TCP DNS query response (malware-cnc.rules)
 * 1:42024 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:41788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:42025 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42022 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42030 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant file download attempt (malware-cnc.rules)
 * 1:42059 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Sage variant outbound connection (malware-cnc.rules)
 * 1:42113 <-> DISABLED <-> MALWARE-CNC Unix.Trojan.Mirai variant post compromise download (malware-cnc.rules)
 * 1:42021 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42027 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42098 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42172 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Agent variant certificate negotiation (malware-cnc.rules)
 * 1:42081 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound POST request attempt (malware-cnc.rules)
 * 1:42079 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Jenxcus outbound connection with unique User-Agent (malware-cnc.rules)
 * 1:42083 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Downeks variant initial outbound connection (malware-cnc.rules)
 * 1:42303 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu outbound file download attempt (malware-cnc.rules)
 * 1:42031 <-> DISABLED <-> MALWARE-CNC Andr.Trojan.Agent variant outbound connection (malware-cnc.rules)
 * 1:42228 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DocumentCrypt variant outbound connection (malware-cnc.rules)
 * 1:42301 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Kuaibu inbound server configuration response (malware-cnc.rules)
 * 1:42385 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moonwind outbound connection (malware-cnc.rules)
 * 1:42099 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Winpud encoded payload download attempt (malware-cnc.rules)
 * 1:42330 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful injection response (malware-cnc.rules)
 * 1:42233 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Mikcer variant outbound connection (malware-cnc.rules)
 * 1:42439 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Axespec outbound request (malware-cnc.rules)
 * 1:42225 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42329 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Doublepulsar variant successful ping response (malware-cnc.rules)
 * 1:42348 <-> DISABLED <-> MALWARE-CNC Win.Trojan.QQPass variant outbound connection (malware-cnc.rules)
 * 1:42398 <-> DISABLED <-> MALWARE-CNC Win.Trojan.RedLeaves outbound connection (malware-cnc.rules)
 * 1:42390 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42391 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Moarider variant outbound connection (malware-cnc.rules)
 * 1:42454 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Frethog (malware-cnc.rules)
 * 1:42835 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42452 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant outbound connection (malware-cnc.rules)
 * 1:42833 <-> DISABLED <-> MALWARE-CNC Kasperagent outbound connection detected (malware-cnc.rules)
 * 1:42447 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Batlopma variant outbound connection (malware-cnc.rules)
 * 1:42882 <-> DISABLED <-> MALWARE-CNC ZoxPNG initial outbound connection (malware-cnc.rules)
 * 1:42425 <-> DISABLED <-> MALWARE-CNC Win.Trojan.ChChes set cookie tag inbound connection (malware-cnc.rules)
 * 1:42830 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sublink (malware-cnc.rules)
 * 1:42832 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user agent - SessionI (malware-cnc.rules)
 * 1:42895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Ursnif variant outbound connection (malware-cnc.rules)
 * 1:42453 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Frethog variant inbound connection attempt (malware-cnc.rules)
 * 1:40567 <-> DISABLED <-> MALWARE-CNC known malicious SSL certificate - Odinaff C&C (malware-cnc.rules)
 * 1:42892 <-> DISABLED <-> MALWARE-CNC Linux.Trojan.SpikeA outbound connection (malware-cnc.rules)
 * 1:42834 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42929 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Niramdat variant initial outbound connection (malware-cnc.rules)
 * 1:42996 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Spesseo variant outbound connection (malware-cnc.rules)
 * 1:43193 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:42883 <-> DISABLED <-> MALWARE-CNC Win.Trojan.MadMax implant outbound connection attempt (malware-cnc.rules)
 * 1:43184 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Matsnu variant outbound conection (malware-cnc.rules)
 * 1:42945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Adylkuzz variant initial outbound connection (malware-cnc.rules)
 * 1:43190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Konus variant outbound connection detected (malware-cnc.rules)
 * 1:43129 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Fareit variant outbound connection (malware-cnc.rules)
 * 1:43223 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Micropsia outbound connection (malware-cnc.rules)
 * 1:44190 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Cyfshent variant outbound connection (malware-cnc.rules)
 * 1:44654 <-> DISABLED <-> MALWARE-CNC IoT Reaper botnet CNC (malware-cnc.rules)
 * 1:46416 <-> DISABLED <-> MALWARE-CNC Win.Spyware.Autoit outbound connection (malware-cnc.rules)
 * 1:44946 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45470 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44799 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44770 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence cnc module download (malware-cnc.rules)
 * 1:45232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CactusTorch download attempt detected (malware-cnc.rules)
 * 1:45092 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.StoneDrill get commands outbound connection (malware-cnc.rules)
 * 1:44776 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44898 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner outbound connection (malware-cnc.rules)
 * 1:44797 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44804 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:45477 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45468 <-> DISABLED <-> MALWARE-CNC SambaCry ransomware download attempt (malware-cnc.rules)
 * 1:44895 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:44777 <-> DISABLED <-> MALWARE-CNC Win.Trojan.xxmm variant initial outbound connection detected (malware-cnc.rules)
 * 1:44760 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Reyptson ransomware download (malware-cnc.rules)
 * 1:44788 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nymaim variant outbound connection (malware-cnc.rules)
 * 1:44943 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 1:45510 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Rokrat file upload attempt (malware-cnc.rules)
 * 1:44800 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Shadowpad DNS TXT encrypted outbound connection (malware-cnc.rules)
 * 1:44780 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:44771 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Silence monitoring module download (malware-cnc.rules)
 * 1:45063 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Neuron variant inbound service request detected (malware-cnc.rules)
 * 1:44899 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CoinMiner inbound connection detected (malware-cnc.rules)
 * 1:45478 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Triton Triton ICS malware transfer attempt (malware-cnc.rules)
 * 1:45208 <-> DISABLED <-> MALWARE-CNC Win.Trojan.VEye2 remote access tool download (malware-cnc.rules)
 * 1:45221 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nautilus outbound call (malware-cnc.rules)
 * 1:44781 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Locky outbound callout (malware-cnc.rules)
 * 1:45114 <-> DISABLED <-> MALWARE-CNC Catch-All malicious Chrome extension dropper outbound connection (malware-cnc.rules)
 * 1:40751 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40761 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Syscan outbound connection (malware-cnc.rules)
 * 1:40733 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Sality (malware-cnc.rules)
 * 1:45561 <-> DISABLED <-> MALWARE-CNC Win.Trojan.LockPoS outbound connection attempt (malware-cnc.rules)
 * 1:40752 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Autoit-73 configuration file download attempt (malware-cnc.rules)
 * 1:40800 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Crypton (malware-cnc.rules)
 * 1:40812 <-> DISABLED <-> MALWARE-CNC Rtf.Trojan.Mauris outbound download attempt (malware-cnc.rules)
 * 1:44313 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Totbrick variant outbound connection (malware-cnc.rules)
 * 1:40775 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Banker variant outbound connection (malware-cnc.rules)
 * 1:44220 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:42126 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Acronym variant outbound connection (malware-cnc.rules)
 * 1:40215 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Ogimant outbound connection detected (malware-cnc.rules)
 * 1:41375 <-> DISABLED <-> MALWARE-CNC Win.Trojan.NetWiredRC variant check logs (malware-cnc.rules)
 * 1:44366 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Paradise ransomware inbound executable (malware-cnc.rules)
 * 1:40238 <-> DISABLED <-> MALWARE-CNC Win.Keylogger.AgentTesla variant outbound connection (malware-cnc.rules)
 * 1:40232 <-> DISABLED <-> MALWARE-CNC Win.Trojan.CeeInject external connection (malware-cnc.rules)
 * 1:42837 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:41436 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Oilrig variant outbound connection (malware-cnc.rules)
 * 1:41789 <-> DISABLED <-> MALWARE-CNC Win.Trojan.PowerMacro DNS query response (malware-cnc.rules)
 * 1:40213 <-> DISABLED <-> MALWARE-CNC Win.Trojan.DarkShell external connection attempt (malware-cnc.rules)
 * 1:42880 <-> DISABLED <-> MALWARE-CNC Deputy Dog implant outbound connection (malware-cnc.rules)
 * 1:44221 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.SyncCrypt variant initial outbound connection (malware-cnc.rules)
 * 1:42836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Chopper web shell connection (malware-cnc.rules)
 * 1:42242 <-> DISABLED <-> MALWARE-CNC Win.Downloader.Dimnie file download attempt (malware-cnc.rules)
 * 1:40836 <-> DISABLED <-> MALWARE-CNC Win.Backdoor.Houdini variant file enumeration inbound init/root/faf command attempt (malware-cnc.rules)
 * 1:41539 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Win.Malware.DistTrack (malware-cnc.rules)
 * 1:40183 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Malex variant outbound connection (malware-cnc.rules)
 * 1:40870 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:40869 <-> DISABLED <-> MALWARE-CNC User-Agent known malicious user-agent string - Virut (malware-cnc.rules)
 * 1:43523 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Donvibs variant outbound connection (malware-cnc.rules)
 * 1:43194 <-> DISABLED <-> MALWARE-CNC Win.Trojan.HiddenCobra variant outbound connection (malware-cnc.rules)
 * 1:44279 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.FlatChestWare varint outbound connection (malware-cnc.rules)
 * 1:44677 <-> DISABLED <-> MALWARE-CNC Win.Trojan.Nemucod outbound connection (malware-cnc.rules)
 * 1:45096 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Gibon variant inbound connection (malware-cnc.rules)
 * 1:43476 <-> DISABLED <-> MALWARE-CNC Win.Dropper.Agent ransomware downloader outbound connection detected (malware-cnc.rules)
 * 1:45251 <-> DISABLED <-> MALWARE-CNC Win.Ransomware.Spider variant download attempt detected (malware-cnc.rules)
 * 1:44945 <-> DISABLED <-> MALWARE-CNC Win.Trojan.FallChill variant outbound connection (malware-cnc.rules)
 * 3:52538 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52539 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)
 * 3:52540 <-> ENABLED <-> SERVER-WEBAPP Cisco Data Center Network Manager directory traversal attempt (server-webapp.rules)