Sourcefire VRT Update

Date: 2007-01-04

This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack.

The format of the file is:

sid - Message (rule group)

New rules:
9644 <-> SPYWARE-PUT Adware imnames runtime detection (spyware-put.rules)
9645 <-> SPYWARE-PUT Hijacker sogou runtime detection - keyword hijack (spyware-put.rules)
9646 <-> SPYWARE-PUT Hijacker sogou runtime detection - search through sogou toolbar (spyware-put.rules)
9647 <-> SPYWARE-PUT Keylogger system surveillance pro runtime detection (spyware-put.rules)
9648 <-> SPYWARE-PUT Keylogger emailspypro runtime detection (spyware-put.rules)
9649 <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection - flowbit set (spyware-put.rules)
9650 <-> SPYWARE-PUT Keylogger ghost Keylogger runtime detection (spyware-put.rules)
9651 <-> SPYWARE-PUT Hijacker ricercadoppia runtime detection (spyware-put.rules)
9652 <-> SPYWARE-PUT Hijacker oemji bar runtime detection (spyware-put.rules)
9653 <-> BACKDOOR apofis 1.0 runtime detection - php notification (backdoor.rules)
9654 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules)
9655 <-> BACKDOOR apofis 1.0 runtime detection - remote controlling (backdoor.rules)
9656 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9657 <-> BACKDOOR bersek 1.0 runtime detection - init connection (backdoor.rules)
9658 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9659 <-> BACKDOOR bersek 1.0 runtime detection - file manage (backdoor.rules)
9660 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9661 <-> BACKDOOR bersek 1.0 runtime detection - show processes (backdoor.rules)
9662 <-> BACKDOOR bersek 1.0 runtime detection (backdoor.rules)
9663 <-> BACKDOOR bersek 1.0 runtime detection - start remote shell (backdoor.rules)
9664 <-> BACKDOOR crossbow 1.12 runtime detection (backdoor.rules)
9665 <-> BACKDOOR crossbow 1.12 runtime detection - init connection (backdoor.rules)
9666 <-> BACKDOOR superra runtime detection - success init connection (backdoor.rules)
9667 <-> BACKDOOR superra runtime detection - issue remote control command (backdoor.rules)
9668 <-> WEB-CLIENT Outlook Recipient Control ActiveX clsid access (web-client.rules)
9669 <-> WEB-CLIENT Outlook Recipient Control ActiveX clsid unicode access (web-client.rules)
9670 <-> WEB-CLIENT Outlook Recipient Control ActiveX function call access (web-client.rules)
9671 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid access (web-client.rules)
9672 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX clsid unicode access (web-client.rules)
9673 <-> WEB-CLIENT RealPlayer AutoStream.AutoStream.1 ActiveX function call access (web-client.rules)
9674 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules)
9675 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules)
9676 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules)
9677 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9678 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules)
9679 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules)
9680 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9681 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules)
9682 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules)
9683 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules)
9684 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules)
9685 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules)
9686 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules)
9687 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode object call attempt (netbios.rules)
9688 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx object call attempt (netbios.rules)
9689 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX andx object call attempt (netbios.rules)
9690 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile andx object call attempt (netbios.rules)
9691 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian andx object call attempt (netbios.rules)
9692 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx object call attempt (netbios.rules)
9693 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian andx object call attempt (netbios.rules)
9694 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian andx object call attempt (netbios.rules)
9695 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx object call attempt (netbios.rules)
9696 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules)
9697 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules)
9698 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules)
9699 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules)
9700 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules)
9701 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx object call attempt (netbios.rules)
9702 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX andx object call attempt (netbios.rules)
9703 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode andx object call attempt (netbios.rules)
9704 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode andx object call attempt (netbios.rules)
9705 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile andx object call attempt (netbios.rules)
9706 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx object call attempt (netbios.rules)
9707 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules)
9708 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules)
9709 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules)
9710 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules)
9711 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules)
9712 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules)
9713 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules)
9714 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules)
9715 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules)
9716 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules)
9717 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules)
9718 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules)
9719 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile little endian andx attempt (netbios.rules)
9720 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules)
9721 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules)
9722 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx attempt (netbios.rules)
9723 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules)
9724 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode andx attempt (netbios.rules)
9725 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules)
9726 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX andx attempt (netbios.rules)
9727 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules)
9728 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile andx attempt (netbios.rules)
9729 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules)
9730 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian andx attempt (netbios.rules)
9731 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules)
9732 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian andx attempt (netbios.rules)
9733 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian andx attempt (netbios.rules)
9734 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian andx object call attempt (netbios.rules)
9735 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode andx object call attempt (netbios.rules)
9736 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9737 <-> NETBIOS DCERPC NCADG-IP-UDP v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9738 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9739 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9740 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9741 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9742 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9743 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9744 <-> NETBIOS DCERPC NCADG-IP-UDP v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9745 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9746 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9747 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9748 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9749 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9750 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
9751 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
9752 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules)
9753 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules)
9754 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules)
9755 <-> NETBIOS DCERPC NCACN-HTTP ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules)
9756 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules)
9757 <-> NETBIOS DCERPC NCACN-IP-TCP ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules)
9758 <-> NETBIOS DCERPC NCADG-IP-UDP ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules)
9759 <-> NETBIOS DCERPC DIRECT ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules)
9760 <-> NETBIOS DCERPC DIRECT-UDP msqueue little endian bind attempt (netbios.rules)
9761 <-> NETBIOS DCERPC DIRECT-UDP msqueue little endian alter context attempt (netbios.rules)
9762 <-> NETBIOS DCERPC DIRECT-UDP msqueue bind attempt (netbios.rules)
9763 <-> NETBIOS DCERPC DIRECT-UDP msqueue alter context attempt (netbios.rules)
9764 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 4 little endian overflow attempt (netbios.rules)
9765 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 little endian overflow attempt (netbios.rules)
9766 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 overflow attempt (netbios.rules)
9767 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 object call overflow attempt (netbios.rules)
9768 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 4 little endian overflow attempt (netbios.rules)
9769 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 4 overflow attempt (netbios.rules)
9770 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 object call overflow attempt (netbios.rules)
9771 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 4 little endian object call overflow attempt (netbios.rules)
9772 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 overflow attempt (netbios.rules)
9773 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 1 little endian overflow attempt (netbios.rules)
9774 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 little endian overflow attempt (netbios.rules)
9775 <-> NETBIOS DCERPC DIRECT msqueue function 1 little endian overflow attempt (netbios.rules)
9776 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 1 overflow attempt (netbios.rules)
9777 <-> NETBIOS DCERPC DIRECT v4 msqueue function 1 overflow attempt (netbios.rules)
9778 <-> NETBIOS DCERPC DIRECT msqueue function 1 overflow attempt (netbios.rules)
9779 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 overflow attempt (netbios.rules)
9780 <-> NETBIOS DCERPC DIRECT v4 msqueue function 1 little endian overflow attempt (netbios.rules)
9781 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 little endian overflow attempt (netbios.rules)
9782 <-> NETBIOS DCERPC DIRECT-UDP v4 msqueue function 1 little endian overflow attempt (netbios.rules)
9783 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 1 overflow attempt (netbios.rules)
9784 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 object call overflow attempt (netbios.rules)
9785 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 little endian object call overflow attempt (netbios.rules)
9786 <-> NETBIOS DCERPC DIRECT msqueue function 1 little endian object call overflow attempt (netbios.rules)
9787 <-> NETBIOS DCERPC DIRECT msqueue function 1 object call overflow attempt (netbios.rules)
9788 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 1 object call overflow attempt (netbios.rules)
9789 <-> NETBIOS DCERPC DIRECT-UDP msqueue function 1 little endian object call overflow attempt (netbios.rules)
9790 <-> EXPLOIT HP-UX lpd command execution attempt (exploit.rules)
9791 <-> WEB-MISC .cmd? access (web-misc.rules)
9792 <-> FTP PASV overflow attempt (ftp.rules)
9793 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid access (web-client.rules)
9794 <-> WEB-CLIENT YMMAPI.YMailAttach ActiveX clsid unicode access (web-client.rules)
9795 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX clsid access (web-client.rules)
9796 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX clsid unicode access (web-client.rules)
9797 <-> WEB-CLIENT Panda ActiveScan ActiveScan.1 ActiveX function call access (web-client.rules)
9798 <-> WEB-CLIENT Panda ActiveScan PAVPZ.SOS.1 ActiveX clsid access (web-client.rules)
9799 <-> WEB-CLIENT Panda ActiveScan PAVPZ.SOS.1 ActiveX clsid unicode access (web-client.rules)
9800 <-> WEB-CLIENT Panda ActiveScan PAVPZ.SOS.1 ActiveX function call access (web-client.rules)
9801 <-> WEB-CLIENT Windows Media Player Malformed MIDI File denial of service attempt (web-client.rules)
9802 <-> NETBIOS DCERPC DIRECT brightstor-arc alter context attempt (netbios.rules)
9803 <-> NETBIOS DCERPC DIRECT brightstor-arc little endian alter context attempt (netbios.rules)
9804 <-> NETBIOS DCERPC DIRECT brightstor-arc bind attempt (netbios.rules)
9805 <-> NETBIOS DCERPC DIRECT brightstor-arc little endian bind attempt (netbios.rules)
9806 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus little endian overflow attempt (netbios.rules)
9807 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
9808 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus overflow attempt (netbios.rules)
9809 <-> NETBIOS DCERPC DIRECT v4 brightstor-arc GetGroupStatus little endian overflow attempt (netbios.rules)
9810 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus little endian object call overflow attempt (netbios.rules)
9811 <-> NETBIOS DCERPC DIRECT brightstor-arc GetGroupStatus object call overflow attempt (netbios.rules)
9812 <-> WEB-CLIENT Yahoo Messenger YMailAttach ActiveX function call access (web-client.rules)
9813 <-> EXPLOIT Symantec NetBackup connect_options buffer overflow attempt (exploit.rules)
9814 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX clsid access (web-client.rules)
9815 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX clsid unicode access (web-client.rules)
9816 <-> WEB-CLIENT ICQPhone.SipxPhoneManager ActiveX function call access (web-client.rules)
9817 <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX clsid access (web-client.rules)
9818 <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX clsid unicode access (web-client.rules)
9819 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid unicode access (web-client.rules)
9820 <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX function call access (web-client.rules)
9821 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX clsid access (web-client.rules)
9822 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX clsid unicode access (web-client.rules)
9823 <-> WEB-CLIENT QuickTime RTSP URI overflow attempt (web-client.rules)
9824 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid access (web-client.rules)
9825 <-> WEB-CLIENT Rediff Bol Downloader ActiveX clsid unicode access (web-client.rules)
9826 <-> WEB-CLIENT Rediff Bol Downloader ActiveX function call access (web-client.rules)
9827 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - smtp (spyware-put.rules)
9828 <-> SPYWARE-PUT Keylogger paq keylog runtime detection - ftp (spyware-put.rules)
9829 <-> SPYWARE-PUT Trackware relevantknowledge runtime detection (spyware-put.rules)
9830 <-> SPYWARE-PUT Keylogger supreme spy runtime detection (spyware-put.rules)
9831 <-> SPYWARE-PUT Adware u88 runtime detection (spyware-put.rules)
9832 <-> BACKDOOR ieva 1.0 runtime detection - send message (backdoor.rules)
9833 <-> BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message (backdoor.rules)
9834 <-> BACKDOOR ieva 1.0 runtime detection - black screen (backdoor.rules)
9835 <-> BACKDOOR ieva 1.0 runtime detection - swap mouse (backdoor.rules)
9836 <-> BACKDOOR ieva 1.0 runtime detection - crazy mouse (backdoor.rules)
9837 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules)
9838 <-> BACKDOOR sun shadow 1.70 runtime detection - init connection (backdoor.rules)
9839 <-> BACKDOOR sun shadow 1.70 runtime detection - keep alive (backdoor.rules)
9840 <-> WEB-CLIENT QuickTime HREF Track Detected (web-client.rules)

Updated rules:
 681 <-> MS-SQL/SMB xp_cmdshell program execution (sql.rules)
 687 <-> MS-SQL xp_cmdshell - program execution (sql.rules)
 976 <-> WEB-MISC .bat? access (web-misc.rules)
1061 <-> WEB-MISC xp_cmdshell attempt (web-misc.rules)
1759 <-> MS-SQL xp_cmdshell program execution 445 (sql.rules)
2352 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode attempt (netbios.rules)
3156 <-> NETBIOS DCERPC DIRECT msqueue alter context attempt (netbios.rules)
3157 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue little endian bind attempt (netbios.rules)
3158 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX little endian object call attempt (netbios.rules)
3159 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX object call attempt (netbios.rules)
3160 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue alter context attempt (netbios.rules)
3161 <-> NETBIOS DCERPC DIRECT msqueue little endian alter context attempt (netbios.rules)
3162 <-> NETBIOS DCERPC DIRECT msqueue little endian bind attempt (netbios.rules)
3163 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue little endian alter context attempt (netbios.rules)
3164 <-> NETBIOS DCERPC DIRECT msqueue bind attempt (netbios.rules)
3165 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue bind attempt (netbios.rules)
3166 <-> NETBIOS DCERPC NCACN-IP-TCP v4 msqueue function 4 overflow attempt (netbios.rules)
3167 <-> NETBIOS DCERPC DIRECT msqueue function 4 object call overflow attempt (netbios.rules)
3168 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 little endian overflow attempt (netbios.rules)
3169 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 overflow attempt (netbios.rules)
3170 <-> NETBIOS DCERPC NCACN-IP-TCP msqueue function 4 little endian object call overflow attempt (netbios.rules)
3171 <-> NETBIOS DCERPC DIRECT v4 msqueue function 4 overflow attempt (netbios.rules)
3172 <-> NETBIOS DCERPC DIRECT msqueue function 4 little endian object call overflow attempt (netbios.rules)
3173 <-> NETBIOS DCERPC DIRECT v4 msqueue function 4 little endian overflow attempt (netbios.rules)
3174 <-> NETBIOS DCERPC DIRECT msqueue function 4 overflow attempt (netbios.rules)
3175 <-> NETBIOS DCERPC DIRECT msqueue function 4 little endian overflow attempt (netbios.rules)
3176 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules)
3177 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode little endian object call attempt (netbios.rules)
3178 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian object call attempt (netbios.rules)
3179 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode little endian object call attempt (netbios.rules)
3180 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian object call attempt (netbios.rules)
3181 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX little endian object call attempt (netbios.rules)
3182 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules)
3183 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules)
3184 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules)
3185 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
3186 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules)
3187 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode object call attempt (netbios.rules)
3188 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX object call attempt (netbios.rules)
3189 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile unicode object call attempt (netbios.rules)
3190 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile unicode object call attempt (netbios.rules)
3191 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile object call attempt (netbios.rules)
3425 <-> NETBIOS SMB-DS ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian object call attempt (netbios.rules)
3426 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules)
3427 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules)
3428 <-> NETBIOS SMB ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
3429 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
3430 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX attempt (netbios.rules)
3431 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode attempt (netbios.rules)
3432 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules)
3433 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX unicode little endian attempt (netbios.rules)
3434 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode attempt (netbios.rules)
3435 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules)
3436 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile attempt (netbios.rules)
3437 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
3438 <-> NETBIOS SMB v4 ISystemActivator CoGetInstanceFromFile little endian attempt (netbios.rules)
3439 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile unicode little endian attempt (netbios.rules)
3440 <-> NETBIOS SMB-DS v4 ISystemActivator CoGetInstanceFromFile WriteAndX little endian attempt (netbios.rules)
4150 <-> WEB-CLIENT Outlook View OVCtl ActiveX function call access (web-client.rules)
8403 <-> WEB-CLIENT XML Schema Cache 6.0 ActiveX CLSID access (web-client.rules)
8404 <-> WEB-CLIENT XML Schema Cache 6.0 ActiveX CLSID unicode access (web-client.rules)
8409 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX clsid access (web-client.rules)
8410 <-> WEB-CLIENT RealPlayer Stream Handler ActiveX clsid unicode access (web-client.rules)
8417 <-> WEB-CLIENT TriEditDocument.TriEditDocument ActiveX function call access (web-client.rules)
8422 <-> WEB-CLIENT Outlook View OVCtl ActiveX clsid access (web-client.rules)
8423 <-> WEB-CLIENT CEnroll.CEnroll.2 ActiveX function call access (web-client.rules)
8549 <-> BACKDOOR zxshell runtime detection - setting information retrieve (backdoor.rules)
8723 <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX clsid access (web-client.rules)
8724 <-> WEB-CLIENT OWC11.DataSourceControl.11 ActiveX clsid unicode access (web-client.rules)
9425 <-> SPECIFIC-THREATS netsky attachment (specific-threats.rules)
9515 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian attempt (netbios.rules)
9517 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX little endian attempt (netbios.rules)
9518 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode attempt (netbios.rules)
9519 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX attempt (netbios.rules)
9520 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian attempt (netbios.rules)
9521 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules)
9522 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode attempt (netbios.rules)
9523 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode attempt (netbios.rules)
9524 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode little endian attempt (netbios.rules)
9525 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX attempt (netbios.rules)
9526 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules)
9527 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules)
9529 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode little endian attempt (netbios.rules)
9530 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules)
9531 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX little endian attempt (netbios.rules)
9562 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode andx attempt (netbios.rules)
9563 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian andx attempt (netbios.rules)
9565 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX little endian andx attempt (netbios.rules)
9566 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode andx attempt (netbios.rules)
9567 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX andx attempt (netbios.rules)
9568 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX unicode little endian andx attempt (netbios.rules)
9569 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance andx attempt (netbios.rules)
9570 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode andx attempt (netbios.rules)
9571 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance WriteAndX unicode andx attempt (netbios.rules)
9572 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance unicode little endian andx attempt (netbios.rules)
9573 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX andx attempt (netbios.rules)
9574 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance little endian andx attempt (netbios.rules)
9575 <-> NETBIOS SMB-DS v4 ISystemActivator RemoteCreateInstance little endian andx attempt (netbios.rules)
9577 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance unicode little endian andx attempt (netbios.rules)
9578 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance andx attempt (netbios.rules)
9579 <-> NETBIOS SMB v4 ISystemActivator RemoteCreateInstance WriteAndX little endian andx attempt (netbios.rules)
9595 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules)
9596 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules)
9597 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules)
9598 <-> NETBIOS DCERPC DIRECT v4 ISystemActivator RemoteCreateInstance attempt (netbios.rules)
9604 <-> NETBIOS DCERPC NCACN-HTTP v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules)
9605 <-> NETBIOS DCERPC NCACN-IP-TCP v4 ISystemActivator RemoteCreateInstance little endian attempt (netbios.rules)