Talos has added and modified multiple rules in the blacklist, browser-ie, exploit-kit, file-office, file-pdf, indicator-compromise, indicator-obfuscation, malware-cnc, malware-other, policy-other, server-oracle and server-webapp rule sets to provide coverage for emerging threats from these technologies.
For information about Snort Subscriber Rulesets available for purchase, please visit the Snort product page.
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2976.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 1:41521 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41535 <-> DISABLED <-> SERVER-WEBAPP Broadwin WebAccess DOS attempt (server-webapp.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41542 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41541 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41539 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Malware.DistTrack (blacklist.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41540 <-> ENABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules) * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules) * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules) * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules) * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules) * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules) * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
* 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:17856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules) * 1:17854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules) * 1:17855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules) * 1:17851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules) * 1:17853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules) * 1:17850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules) * 1:17847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules) * 1:17849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules) * 1:17845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules) * 1:17846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules) * 1:17844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules) * 1:17843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules) * 1:17840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules) * 1:17842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules) * 1:17838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules) * 1:17839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules) * 1:17836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules) * 1:17837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules) * 1:17834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules) * 1:17835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules) * 1:17831 <-> DISABLED <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules) * 1:17828 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules) * 1:17830 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules) * 1:17826 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules) * 1:17827 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules) * 1:17821 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules) * 1:17824 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules) * 1:17819 <-> DISABLED <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules) * 1:16932 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules) * 1:16933 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules) * 1:16931 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules) * 1:16929 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules) * 1:16930 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules) * 1:16928 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules) * 1:16926 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (blacklist.rules) * 1:16927 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules) * 1:16924 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules) * 1:16925 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules) * 1:16922 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules) * 1:16923 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules) * 1:16920 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules) * 1:16921 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules) * 1:16918 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules) * 1:16919 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules) * 1:16916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules) * 1:16917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules) * 1:16915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules) * 1:16914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules) * 1:16912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules) * 1:16913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules) * 1:16910 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules) * 1:16911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules) * 1:16908 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules) * 1:16909 <-> DISABLED <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules) * 1:16907 <-> DISABLED <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules) * 1:16906 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules) * 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules) * 1:16901 <-> DISABLED <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules) * 1:16902 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules) * 1:16898 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules) * 1:16900 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules) * 1:16895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules) * 1:16896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules) * 1:16892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules) * 1:16893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules) * 1:16890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules) * 1:16891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules) * 1:16888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules) * 1:16884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules) * 1:16885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules) * 1:16883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules) * 1:16881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules) * 1:16878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules) * 1:16879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules) * 1:16876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules) * 1:16877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules) * 1:16874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules) * 1:16875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules) * 1:16873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules) * 1:16872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules) * 1:16870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules) * 1:16871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules) * 1:16869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules) * 1:16864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules) * 1:16865 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules) * 1:16862 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules) * 1:16863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules) * 1:16860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules) * 1:16859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules) * 1:16856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules) * 1:16858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules) * 1:16854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules) * 1:16855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules) * 1:16852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules) * 1:16853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules) * 1:16851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules) * 1:16847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules) * 1:16843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules) * 1:16844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules) * 1:16841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules) * 1:16840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules) * 1:16839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules) * 1:16837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules) * 1:16836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules) * 1:16834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules) * 1:16835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16833 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16822 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16810 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules) * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules) * 1:18353 <-> ENABLED <-> BLACKLIST User-Agent request for known PUA user agent - SelectRebates (blacklist.rules) * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules) * 1:39710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string mozilla/2.0 (blacklist.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:4142 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:17857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules) * 1:17858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules) * 1:17859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules) * 1:17860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules) * 1:17863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules) * 1:17864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules) * 1:17866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules) * 1:18255 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules) * 1:18252 <-> DISABLED <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules) * 1:18258 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules) * 1:17882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules) * 1:17883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules) * 1:17884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules) * 1:17885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules) * 1:17886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules) * 1:17887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules) * 1:17889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules) * 1:17891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules) * 1:17893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules) * 1:17894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules) * 1:17895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules) * 1:17897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules) * 1:17898 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (blacklist.rules) * 1:17899 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules) * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules) * 1:17901 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules) * 1:17902 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules) * 1:17903 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules) * 1:17904 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules) * 1:17905 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules) * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules) * 1:17907 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (blacklist.rules) * 1:17908 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules) * 1:17909 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules) * 1:17910 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules) * 1:17911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules) * 1:17912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules) * 1:17913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules) * 1:17914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules) * 1:17915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules) * 1:17916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules) * 1:17917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:18251 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules) * 1:18253 <-> DISABLED <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules) * 1:17881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules) * 1:18259 <-> DISABLED <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules) * 1:18254 <-> DISABLED <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules) * 1:18256 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules) * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules) * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules) * 1:17878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules) * 1:17879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules) * 1:17876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules) * 1:17874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules) * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules) * 1:17875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules) * 1:17872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules) * 1:17873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules) * 1:17871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules) * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules) * 1:17870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules) * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules) * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules) * 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules) * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules) * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules) * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules) * 1:35780 <-> ENABLED <-> FILE-PDF Adobe Reader out of bounds memory read attempt (file-pdf.rules) * 1:18260 <-> DISABLED <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules) * 1:18257 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules) * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules) * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules) * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules) * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules) * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string SurfBear (blacklist.rules) * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules) * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules) * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules) * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules) * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules) * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules) * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules) * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules) * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules) * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules) * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules) * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules) * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules) * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules) * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules) * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules) * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules) * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules) * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules) * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules) * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules) * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules) * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules) * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules) * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules) * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules) * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules) * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules) * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules) * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules) * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules) * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules) * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules) * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules) * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules) * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2983.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41521 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41542 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41541 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41535 <-> DISABLED <-> SERVER-WEBAPP Broadwin WebAccess DOS attempt (server-webapp.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41539 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Malware.DistTrack (blacklist.rules) * 1:41522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41540 <-> ENABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules) * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules) * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules) * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules) * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules) * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules) * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules)
* 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules) * 1:16809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules) * 1:16810 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16822 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16833 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules) * 1:16835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules) * 1:16837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules) * 1:16838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules) * 1:16839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules) * 1:16840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules) * 1:16843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules) * 1:16844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules) * 1:16845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules) * 1:16847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules) * 1:16851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules) * 1:16852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules) * 1:16853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules) * 1:16855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules) * 1:16856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules) * 1:16858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules) * 1:16859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules) * 1:16860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules) * 1:16861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules) * 1:16862 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules) * 1:16863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules) * 1:16865 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules) * 1:16868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules) * 1:16869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules) * 1:16870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules) * 1:16871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules) * 1:16873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules) * 1:16874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules) * 1:16875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules) * 1:16876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules) * 1:16877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules) * 1:16878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules) * 1:16879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules) * 1:16881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules) * 1:16883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules) * 1:16884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules) * 1:16885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules) * 1:16887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules) * 1:16888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules) * 1:16890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules) * 1:16891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules) * 1:16893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules) * 1:16895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules) * 1:16896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules) * 1:16898 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules) * 1:16900 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules) * 1:16901 <-> DISABLED <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules) * 1:16902 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules) * 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules) * 1:16906 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules) * 1:16907 <-> DISABLED <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules) * 1:16908 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules) * 1:16909 <-> DISABLED <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules) * 1:16910 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules) * 1:16911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules) * 1:16912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules) * 1:16913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules) * 1:16914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules) * 1:16915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules) * 1:16916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules) * 1:16917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules) * 1:16918 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules) * 1:16919 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules) * 1:16920 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules) * 1:16921 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules) * 1:16922 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules) * 1:16923 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules) * 1:16924 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules) * 1:16925 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules) * 1:16926 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (blacklist.rules) * 1:16927 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules) * 1:16928 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules) * 1:16929 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules) * 1:16930 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules) * 1:16931 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules) * 1:16932 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules) * 1:16933 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules) * 1:17819 <-> DISABLED <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules) * 1:17821 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules) * 1:17824 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules) * 1:17826 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules) * 1:17827 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules) * 1:17828 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules) * 1:17830 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules) * 1:17831 <-> DISABLED <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules) * 1:17834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules) * 1:17835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules) * 1:17836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules) * 1:17837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules) * 1:17838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules) * 1:17839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules) * 1:17840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules) * 1:17842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules) * 1:17843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules) * 1:17844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules) * 1:17845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules) * 1:17846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules) * 1:17847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules) * 1:17849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules) * 1:17850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules) * 1:17851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules) * 1:17853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules) * 1:17854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules) * 1:17855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules) * 1:17856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules) * 1:17857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules) * 1:17858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules) * 1:17859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules) * 1:17860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules) * 1:17863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules) * 1:17864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules) * 1:17866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules) * 1:17870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules) * 1:17871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules) * 1:17872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules) * 1:17873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules) * 1:17874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules) * 1:17875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules) * 1:17876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules) * 1:17878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules) * 1:17879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules) * 1:17881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules) * 1:17882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules) * 1:17883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules) * 1:17884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules) * 1:17885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules) * 1:17886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules) * 1:17887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules) * 1:17889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules) * 1:17891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules) * 1:17893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules) * 1:17894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules) * 1:17895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules) * 1:17897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules) * 1:17898 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (blacklist.rules) * 1:17899 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules) * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules) * 1:17901 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules) * 1:17902 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules) * 1:17903 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules) * 1:17904 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules) * 1:17905 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules) * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules) * 1:17907 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (blacklist.rules) * 1:17908 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules) * 1:17909 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules) * 1:17910 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules) * 1:17911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules) * 1:17912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules) * 1:17913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules) * 1:17914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules) * 1:17915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules) * 1:17916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules) * 1:17917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:18251 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules) * 1:18252 <-> DISABLED <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules) * 1:18253 <-> DISABLED <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules) * 1:18254 <-> DISABLED <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules) * 1:18255 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules) * 1:18256 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules) * 1:18257 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules) * 1:18258 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules) * 1:18259 <-> DISABLED <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules) * 1:18260 <-> DISABLED <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules) * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules) * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules) * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules) * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules) * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules) * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules) * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules) * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules) * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules) * 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:4142 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:39710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string mozilla/2.0 (blacklist.rules) * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules) * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules) * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules) * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules) * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules) * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules) * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules) * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules) * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules) * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules) * 1:35780 <-> ENABLED <-> FILE-PDF Adobe Reader out of bounds memory read attempt (file-pdf.rules) * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules) * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules) * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules) * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules) * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules) * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules) * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules) * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules) * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules) * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules) * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules) * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules) * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules) * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules) * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules) * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules) * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules) * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules) * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules) * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules) * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules) * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules) * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules) * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules) * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules) * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules) * 1:18353 <-> ENABLED <-> BLACKLIST User-Agent request for known PUA user agent - SelectRebates (blacklist.rules) * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules) * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules) * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules) * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules) * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules) * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules) * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string SurfBear (blacklist.rules) * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules) * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules) * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules) * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules) * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules)
This is the complete list of rules modified and added in the Sourcefire VRT Certified rule pack for Snort version 2990.
The format of the file is:
gid:sid <-> Default rule state <-> Message (rule group)
* 1:41542 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41541 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:41540 <-> ENABLED <-> MALWARE-CNC Win.Malware.Disttrack variant outbound connection (malware-cnc.rules) * 1:41539 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string - Win.Malware.DistTrack (blacklist.rules) * 1:41537 <-> DISABLED <-> SERVER-OTHER Siemens WinCC TIA Portal DOS attempt (server-other.rules) * 1:41536 <-> DISABLED <-> SERVER-WEBAPP ZoneMinder file.php directory traversal attempt (server-webapp.rules) * 1:41535 <-> DISABLED <-> SERVER-WEBAPP Broadwin WebAccess DOS attempt (server-webapp.rules) * 1:41534 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41533 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41532 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41531 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41530 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41529 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41528 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41527 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41526 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41525 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy inbound connection on non-standard port (indicator-compromise.rules) * 1:41524 <-> DISABLED <-> INDICATOR-COMPROMISE SOCKS5 proxy server method negotiation on non-standard port (indicator-compromise.rules) * 1:41523 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 1:41522 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer CGeneratedTreeNode object use after free attempt (browser-ie.rules) * 1:41521 <-> ENABLED <-> SERVER-WEBAPP McAfee Virus Scan Linux cross site scripting attempt (server-webapp.rules) * 1:41520 <-> DISABLED <-> SERVER-OTHER Ge Fanuc Proficy WebView DOS attempt (server-other.rules) * 3:41538 <-> ENABLED <-> SERVER-WEBAPP Cisco ASA WebVPN memory corruption attempt (server-webapp.rules) * 3:41543 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules) * 3:41544 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0285 attack attempt (file-office.rules) * 3:41545 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules) * 3:41546 <-> ENABLED <-> FILE-OFFICE TRUFFLEHUNTER TALOS-2017-0284 attack attempt (file-office.rules) * 3:41547 <-> ENABLED <-> SERVER-OTHER TLS client hello session resumption detected (server-other.rules) * 3:41548 <-> ENABLED <-> SERVER-OTHER F5 BIG-IP TLS session ticket implementation uninitialized memory disclosure attempt (server-other.rules)
* 1:41515 <-> ENABLED <-> POLICY-OTHER McAfee Virus Scan Linux outdated version detected (policy-other.rules) * 1:4142 <-> DISABLED <-> SERVER-ORACLE Oracle reports servlet command execution attempt (server-oracle.rules) * 1:40367 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:40366 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer ArraySpeciesCreate type confusion attempt (browser-ie.rules) * 1:39710 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string mozilla/2.0 (blacklist.rules) * 1:37274 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:37273 <-> ENABLED <-> FILE-OFFICE Microsoft Office RTF parser heap overflow attempt (file-office.rules) * 1:35780 <-> ENABLED <-> FILE-PDF Adobe Reader out of bounds memory read attempt (file-pdf.rules) * 1:35316 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string EI Plugin updater (blacklist.rules) * 1:24110 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to an MP3 file (malware-other.rules) * 1:24109 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a ZIP file (malware-other.rules) * 1:24108 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a RAR file (malware-other.rules) * 1:24107 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a BMP file (malware-other.rules) * 1:24106 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a PNG file (malware-other.rules) * 1:24105 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a GIF file (malware-other.rules) * 1:24104 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPEG file (malware-other.rules) * 1:24103 <-> DISABLED <-> MALWARE-OTHER HTTP POST request to a JPG file (malware-other.rules) * 1:23636 <-> DISABLED <-> INDICATOR-OBFUSCATION JavaScript built-in function parseInt appears obfuscated - likely packer or encoder (indicator-obfuscation.rules) * 1:23218 <-> ENABLED <-> EXPLOIT-KIT Redkit Repeated Exploit Request Pattern (exploit-kit.rules) * 1:23157 <-> ENABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit binary download (exploit-kit.rules) * 1:23156 <-> DISABLED <-> EXPLOIT-KIT Nuclear Pack exploit kit landing page (exploit-kit.rules) * 1:23114 <-> DISABLED <-> INDICATOR-OBFUSCATION GIF header with PHP tags - likely malicious (indicator-obfuscation.rules) * 1:23113 <-> DISABLED <-> INDICATOR-OBFUSCATION eval gzinflate base64_decode call - likely malicious (indicator-obfuscation.rules) * 1:18775 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI - /gpdcount (malware-cnc.rules) * 1:18774 <-> DISABLED <-> MALWARE-CNC URI request for known malicious URI (malware-cnc.rules) * 1:18492 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ilo.brenz.pl - Win.Trojan.Ramnit (blacklist.rules) * 1:18395 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Duckling/1.0 (blacklist.rules) * 1:18394 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCRecover (blacklist.rules) * 1:18393 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string vyre32 (blacklist.rules) * 1:18392 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string qixi (blacklist.rules) * 1:18391 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string MyLove (blacklist.rules) * 1:18390 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Delphi 5.x (blacklist.rules) * 1:18389 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string 3653Client (blacklist.rules) * 1:18388 <-> ENABLED <-> BLACKLIST User-Agent known malicious user-agent string RookIE/1.0 (blacklist.rules) * 1:18387 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string dwplayer (blacklist.rules) * 1:18386 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AHTTPConnection (blacklist.rules) * 1:18385 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTPCSDCENTER (blacklist.rules) * 1:18383 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPInstaller (blacklist.rules) * 1:18382 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WMUpdate (blacklist.rules) * 1:18381 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Travel Update (blacklist.rules) * 1:18380 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPUpdater (blacklist.rules) * 1:18379 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AskInstallChecker (blacklist.rules) * 1:18378 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoHotkey (blacklist.rules) * 1:18377 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string malware (blacklist.rules) * 1:18376 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Trololo (blacklist.rules) * 1:18375 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string HTTP Wininet (blacklist.rules) * 1:18374 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string SurfBear (blacklist.rules) * 1:18373 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Installer (blacklist.rules) * 1:18371 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string QvodDown (blacklist.rules) * 1:18370 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Mozilla Windows MSIE (blacklist.rules) * 1:18369 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iexp-get (blacklist.rules) * 1:18368 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Our_Agent (blacklist.rules) * 1:18367 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string FPRecover (blacklist.rules) * 1:18366 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string OCInstaller (blacklist.rules) * 1:18365 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Agentcc (blacklist.rules) * 1:18364 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string msndown (blacklist.rules) * 1:18363 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules) * 1:18362 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Search Toolbar 1.1 (blacklist.rules) * 1:18361 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Downloader1.1 (blacklist.rules) * 1:18360 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Oncues (blacklist.rules) * 1:18359 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Shareaza (blacklist.rules) * 1:18358 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_INETLOAD (blacklist.rules) * 1:18357 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Setup Factory (blacklist.rules) * 1:18356 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string random (blacklist.rules) * 1:18355 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Se2011 (blacklist.rules) * 1:18354 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string opera/8.11 (blacklist.rules) * 1:18353 <-> ENABLED <-> BLACKLIST User-Agent request for known PUA user agent - SelectRebates (blacklist.rules) * 1:18352 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string PinballCorp-BSAI/VER_STR_COMMA (blacklist.rules) * 1:18351 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPUpdater (blacklist.rules) * 1:18350 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GabPath (blacklist.rules) * 1:18349 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Flipopia (blacklist.rules) * 1:18348 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Opera/9.80 Pesto/2.2.15 (blacklist.rules) * 1:18347 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string AutoIt (blacklist.rules) * 1:18346 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string GPRecover (blacklist.rules) * 1:18345 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string Macrovision_DM_2.4.15 (blacklist.rules) * 1:18343 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string WSEnrichment (blacklist.rules) * 1:18342 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSIS_DOWNLOAD (blacklist.rules) * 1:18341 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string UtilMind HTTPGet (blacklist.rules) * 1:18340 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string ClickAdsByIE 0.7.5 (blacklist.rules) * 1:18338 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string NSISDL/1.2 (blacklist.rules) * 1:18337 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string iamx/3.11 (blacklist.rules) * 1:18336 <-> DISABLED <-> BLACKLIST User-Agent known malicious user-agent string gbot/2.3 (blacklist.rules) * 1:18260 <-> DISABLED <-> BLACKLIST DNS request for known malware domain freenetgameonline.com (blacklist.rules) * 1:18259 <-> DISABLED <-> BLACKLIST DNS request for known malware domain whysohardx.com (blacklist.rules) * 1:18258 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ftuny.com (blacklist.rules) * 1:18257 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dns-check.biz (blacklist.rules) * 1:18256 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tutubest.com (blacklist.rules) * 1:18255 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gopheisstoo.cc (blacklist.rules) * 1:18254 <-> DISABLED <-> BLACKLIST DNS request for known malware domain checkserverstux.com (blacklist.rules) * 1:18253 <-> DISABLED <-> BLACKLIST DNS request for known malware domain blogsmonitoringservice.com (blacklist.rules) * 1:18252 <-> DISABLED <-> BLACKLIST DNS request for known malware domain protectyourpc-11.com (blacklist.rules) * 1:18251 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vcxde.com (blacklist.rules) * 1:18132 <-> DISABLED <-> INDICATOR-OBFUSCATION malware-associated JavaScript obfuscation function (indicator-obfuscation.rules) * 1:17917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /zeus/config.bin (blacklist.rules) * 1:17916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /dh/stats.bin (blacklist.rules) * 1:17915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /1001ns/cfg3n.bin (blacklist.rules) * 1:17914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /LjBin/Bin.Dll (blacklist.rules) * 1:17913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ok.exe (blacklist.rules) * 1:17912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /upopwin/count.asp?mac= (blacklist.rules) * 1:17911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /winhelper.exe (blacklist.rules) * 1:17910 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /7xdown.exe (blacklist.rules) * 1:17909 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/css/1.exe (blacklist.rules) * 1:17908 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /images/crypt_22.exe (blacklist.rules) * 1:17907 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF DATADIR Download (blacklist.rules) * 1:17906 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 2x/.*php (blacklist.rules) * 1:17905 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - 1de49069b6044785e9dfcd4c035cfd0c.php (blacklist.rules) * 1:17904 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /tongji.js (blacklist.rules) * 1:17903 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - stid= (blacklist.rules) * 1:17902 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /?getexe=loader.exe (blacklist.rules) * 1:17901 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /mybackup21.rar (blacklist.rules) * 1:17900 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /basic/cn3c2/c.*dll (blacklist.rules) * 1:17899 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /reques0.asp?kind=006&mac= (blacklist.rules) * 1:17898 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /get2.php?c=VTOXUGUI&d= (blacklist.rules) * 1:17897 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.moneytw8.com (blacklist.rules) * 1:17895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pyow.prixi-soft.ir (blacklist.rules) * 1:17894 <-> DISABLED <-> BLACKLIST DNS request for known malware domain streq.cn (blacklist.rules) * 1:17893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.zxc0001.com (blacklist.rules) * 1:17891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bestkind.ru (blacklist.rules) * 1:17889 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.ajie520.com (blacklist.rules) * 1:17887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain info.collectionerrorreport.com (blacklist.rules) * 1:17886 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.spamature.com (blacklist.rules) * 1:17885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain waytoall.com (blacklist.rules) * 1:17884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gimmemyporn.com (blacklist.rules) * 1:17883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain autouploaders.net (blacklist.rules) * 1:17882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain procca.com (blacklist.rules) * 1:17881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fucktosky.com (blacklist.rules) * 1:17879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cfg.353wanwan.com (blacklist.rules) * 1:17878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ayb.host127-0-0-1.com (blacklist.rules) * 1:17876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 91629.com (blacklist.rules) * 1:17875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.very-young-boys.com (blacklist.rules) * 1:17874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain f19dd4abb8b8bdf2.cn (blacklist.rules) * 1:17873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mummimpegs.com (blacklist.rules) * 1:17872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www3.sexown.com (blacklist.rules) * 1:17871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain brutalxvideos.com (blacklist.rules) * 1:17870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trojan8.com (blacklist.rules) * 1:17866 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aebankonline.com (blacklist.rules) * 1:17864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tubexxxmatures.com (blacklist.rules) * 1:17863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rpt2.21civ.com (blacklist.rules) * 1:17860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mejac.com (blacklist.rules) * 1:17859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promotds.com (blacklist.rules) * 1:17858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kingsizematures.com (blacklist.rules) * 1:17857 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.cnhack.cn (blacklist.rules) * 1:17856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckfuckvids.com (blacklist.rules) * 1:17855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain acofinder.com (blacklist.rules) * 1:17854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.lamiaexragazza.com (blacklist.rules) * 1:17853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dommonview.com (blacklist.rules) * 1:17851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain game.685faiudeme.com (blacklist.rules) * 1:17850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pornfucklist.com (blacklist.rules) * 1:17849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fuckersucker.com (blacklist.rules) * 1:17847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mskla.com (blacklist.rules) * 1:17846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain trumpetlicks.com (blacklist.rules) * 1:17845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain aahydrogen.com (blacklist.rules) * 1:17844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.derquda.com (blacklist.rules) * 1:17843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extralargevideos.com (blacklist.rules) * 1:17842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain extrahotx.net (blacklist.rules) * 1:17840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain www.grannyplanet.com (blacklist.rules) * 1:17839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain js.222233.com (blacklist.rules) * 1:17838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vc.iwriteweb.com (blacklist.rules) * 1:17837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xxsmovies.com (blacklist.rules) * 1:17836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gbsup.com (blacklist.rules) * 1:17835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xpresdnet.com (blacklist.rules) * 1:17834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 343.boolans.com (blacklist.rules) * 1:17831 <-> DISABLED <-> BLACKLIST DNS request for known malware domain edrichfinearts.com (blacklist.rules) * 1:17830 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dickvsclit.net (blacklist.rules) * 1:17828 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 67.201.36.16 (blacklist.rules) * 1:17827 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sexmoviesland.net (blacklist.rules) * 1:17826 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cheaps1.info (blacklist.rules) * 1:17824 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teenxmovs.net (blacklist.rules) * 1:17821 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ketsymbol.com (blacklist.rules) * 1:17819 <-> DISABLED <-> BLACKLIST DNS request for known malware domain motuh.com (blacklist.rules) * 1:17350 <-> DISABLED <-> SERVER-ORACLE Oracle Application Server forms arbitrary system command execution attempt (server-oracle.rules) * 1:16933 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /root/9 frt.rar (blacklist.rules) * 1:16932 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /qqnongchang/qqkj. (blacklist.rules) * 1:16931 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - feedbigfoot.php?m= (blacklist.rules) * 1:16930 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count.asp?mac= (blacklist.rules) * 1:16929 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - gate.php?guid= (blacklist.rules) * 1:16928 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /stat.html?0dPg0uXTraCSqrOdlrKpmpyorePbz (blacklist.rules) * 1:16927 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - MGWEB.php?c=TestUrl (blacklist.rules) * 1:16926 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - strMode=setup&strID=pcvaccine&strPC= (blacklist.rules) * 1:16925 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /message.php?subid= (blacklist.rules) * 1:16924 <-> ENABLED <-> BLACKLIST URI request for known malicious URI - /inst.php?fff= (blacklist.rules) * 1:16923 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /search.php?username=coolweb07&keywords= (blacklist.rules) * 1:16922 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /cgi-bin/rd.cgi?f=/vercfg.dat?AgentID= (blacklist.rules) * 1:16921 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /s1/launcher/update/Update/data/ (blacklist.rules) * 1:16920 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /DownLoadFile/BaePo/ver (blacklist.rules) * 1:16919 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /tmp/pm.exe?t= (blacklist.rules) * 1:16918 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ultimate/fight (blacklist.rules) * 1:16917 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /ekaterina/velika (blacklist.rules) * 1:16916 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /jarun/jezerce (blacklist.rules) * 1:16915 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - /MNG/Download/?File=AZF (blacklist.rules) * 1:16914 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - .bin?ucsp (blacklist.rules) * 1:16913 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - count_log/log/boot.php?p= (blacklist.rules) * 1:16912 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - net/cfg2.bin (blacklist.rules) * 1:16911 <-> DISABLED <-> BLACKLIST URI request for known malicious URI - ucsp0416.exe?t= (blacklist.rules) * 1:16910 <-> DISABLED <-> BLACKLIST DNS request for known malware domain pattern - 0-0-0-0-0-0-0.info (blacklist.rules) * 1:16909 <-> DISABLED <-> BLACKLIST DNS request for known malware domain babah20122012.com - Trojan-Spy.Win32.Zbot.akbb (blacklist.rules) * 1:16908 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ootaivilei.ru - Trojan-Spy.Win32.Zbot.akme (blacklist.rules) * 1:16907 <-> DISABLED <-> BLACKLIST DNS request for known malware domain livetrust.info - Trojan-Spy.Win32.Zbot.akku (blacklist.rules) * 1:16906 <-> DISABLED <-> BLACKLIST DNS request for known malware domain down.p2pplay.com - Trojan-GameThief.Win32.OnLineGames.wgkv (blacklist.rules) * 1:16903 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gpwg.ws - Worm.Win32.AutoRun.bjca (blacklist.rules) * 1:16902 <-> DISABLED <-> BLACKLIST DNS request for known malware domain promojoy.net - Packed.Win32.Krap.gx (blacklist.rules) * 1:16901 <-> DISABLED <-> BLACKLIST DNS request for known malware domain local.1140.co.kr - Trojan-Downloader.Win32.Genome.aobm (blacklist.rules) * 1:16900 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reportes201.com - Trojan-Downloader.Win32.Genome.ashe (blacklist.rules) * 1:16898 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sx21.e4578.com - Trojan.Win32.Scar.ccqb (blacklist.rules) * 1:16896 <-> DISABLED <-> BLACKLIST DNS request for known malware domain reward.pnshop.co.kr - Backdoor.Win32.Agent.ahra (blacklist.rules) * 1:16895 <-> DISABLED <-> BLACKLIST DNS request for known malware domain alodh.in - Backdoor.Win32.Delf.vde (blacklist.rules) * 1:16893 <-> DISABLED <-> BLACKLIST DNS request for known malware domain primusdns.ru - Backdoor.Win32.Havar.eh (blacklist.rules) * 1:16892 <-> DISABLED <-> BLACKLIST DNS request for known malware domain fg545633.host.zgridc.com - Trojan.Win32.Pincav.abub (blacklist.rules) * 1:16891 <-> DISABLED <-> BLACKLIST DNS request for known malware domain solo1928.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16890 <-> DISABLED <-> BLACKLIST DNS request for known malware domain in6cs.com - Trojan.Win32.Tdss.beea (blacklist.rules) * 1:16888 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dbtte.com - Trojan-Banker.Win32.Banz.crk (blacklist.rules) * 1:16887 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hesneclimi.ru - Packed.Win32.Krap.ae (blacklist.rules) * 1:16885 <-> DISABLED <-> BLACKLIST DNS request for known malware domain monicaecarlos.com - Trojan-Downloader.Win32.Genome.awxv (blacklist.rules) * 1:16884 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bits4ever.ru - Trojan-Spy.Win32.Zbot.aknt (blacklist.rules) * 1:16883 <-> DISABLED <-> BLACKLIST DNS request for known malware domain mcafee-registry.ru - Trojan-Spy.Win32.Zbot.akgb (blacklist.rules) * 1:16882 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 111.168lala.com - Backdoor.Win32.Popwin.cyn (blacklist.rules) * 1:16881 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sex-gifts.ru - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16879 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dnfpomo.dnfranran.com - Trojan-GameThief.Win32.OnLineGames.bnkx (blacklist.rules) * 1:16878 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vopret.ru - Trojan.Win32.FraudPack.axwn (blacklist.rules) * 1:16877 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ddkom.biz - Trojan.Win32.Scar.ckhr (blacklist.rules) * 1:16876 <-> DISABLED <-> BLACKLIST DNS request for known malware domain c.softdowns.info - Trojan.BAT.Agent.yn (blacklist.rules) * 1:16875 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.free-sms.co.kr - Trojan.Win32.Vilsel.akp (blacklist.rules) * 1:16874 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ophaeghaev.ru - Trojan-Spy.Win32.Zbot.akmi (blacklist.rules) * 1:16873 <-> DISABLED <-> BLACKLIST DNS request for known malware domain youword.cn - Trojan.Win32.Scar.bvgu (blacklist.rules) * 1:16872 <-> DISABLED <-> BLACKLIST DNS request for known malware domain postmetoday.ru - Packed.Win32.Katusha.j (blacklist.rules) * 1:16871 <-> DISABLED <-> BLACKLIST DNS request for known malware domain parfaitpournous.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16870 <-> DISABLED <-> BLACKLIST DNS request for known malware domain search.sidegreen.com - Backdoor.Win32.Agent.arqi (blacklist.rules) * 1:16869 <-> DISABLED <-> BLACKLIST DNS request for known malware domain tt.vv49.com - Trojan-GameThief.Win32.OnLineGames.bnkb (blacklist.rules) * 1:16868 <-> DISABLED <-> BLACKLIST DNS request for known malware domain hostshack.net - Trojan.Win32.Buzus.empl (blacklist.rules) * 1:16865 <-> DISABLED <-> BLACKLIST DNS request for known malware domain cnfg.maxsitesrevenues.net - Trojan.Win32.BHO.afke (blacklist.rules) * 1:16864 <-> DISABLED <-> BLACKLIST DNS request for known malware domain taiping2033.2288.org - Trojan-Downloader.Win32.Selvice.afy (blacklist.rules) * 1:16863 <-> DISABLED <-> BLACKLIST DNS request for known malware domain teendx.com - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16862 <-> DISABLED <-> BLACKLIST DNS request for known malware domain phaizeipeu.ru - Packed.Win32.Krap.gx (blacklist.rules) * 1:16861 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gite-eguisheim.com - Trojan-Downloader.Win32.Piker.clp (blacklist.rules) * 1:16860 <-> DISABLED <-> BLACKLIST DNS request for known malware domain urodinam.net - Trojan.Win32.TDSS.azsj (blacklist.rules) * 1:16859 <-> DISABLED <-> BLACKLIST DNS request for known malware domain gerherber.com - Trojan-Spy.Win32.Zbot.akdw (blacklist.rules) * 1:16858 <-> DISABLED <-> BLACKLIST DNS request for known malware domain charter-x.biz - Packed.Win32.Krap.ae (blacklist.rules) * 1:16856 <-> DISABLED <-> BLACKLIST DNS request for known malware domain andy.cd - Backdoor.Win32.Agent.auto (blacklist.rules) * 1:16855 <-> DISABLED <-> BLACKLIST DNS request for known malware domain d.123kuaihuo.com - Trojan.Win32.Scar.clbx (blacklist.rules) * 1:16854 <-> DISABLED <-> BLACKLIST DNS request for known malware domain up1.give2sms.com - Trojan-Downloader.Win32.Genome.est (blacklist.rules) * 1:16853 <-> DISABLED <-> BLACKLIST DNS request for known malware domain vh26.e4578.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16852 <-> DISABLED <-> BLACKLIST DNS request for known malware domain v.yao63.com - Trojan-Downloader.Win32.Agent.dqns (blacklist.rules) * 1:16851 <-> DISABLED <-> BLACKLIST DNS request for known malware domain forelc.cc - Trojan-Ransom.Win32.XBlocker.ahe (blacklist.rules) * 1:16850 <-> DISABLED <-> BLACKLIST DNS request for known malware domain kldmten.net - Trojan-Spy.Win32.Zbot.akra (blacklist.rules) * 1:16849 <-> DISABLED <-> BLACKLIST DNS request for known malware domain re05.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16847 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rz12.e6805.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16846 <-> DISABLED <-> BLACKLIST DNS request for known malware domain bedayton.com - Trojan-Downloader.Win32.Agent.dlhe (blacklist.rules) * 1:16845 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rc04.e6532.com - Trojan-Downloader.Win32.Genome.awld (blacklist.rules) * 1:16844 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rm08.e4562.com - Trojan-Downloader.Win32.Agent.dngx (blacklist.rules) * 1:16843 <-> DISABLED <-> BLACKLIST DNS request for known malware domain 1.7zsm.com - Trojan-Downloader.Win32.Agent.dtuo (blacklist.rules) * 1:16842 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sp19.e4578.com - Trojan-Downloader.Win32.Genome.njz (blacklist.rules) * 1:16841 <-> DISABLED <-> BLACKLIST DNS request for known malware domain podgorz.org - Trojan-Spy.Win32.Zbot.gen (blacklist.rules) * 1:16840 <-> DISABLED <-> BLACKLIST DNS request for known malware domain rx11.e6532.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16839 <-> DISABLED <-> BLACKLIST DNS request for known malware domain sh16.e8753.com - Trojan.Win32.Scar.ccqb (blacklist.rules) * 1:16838 <-> DISABLED <-> BLACKLIST DNS request for known malware domain xlm.ppvsr.com - Trojan-GameThief.Win32.OnLineGames.wwcf (blacklist.rules) * 1:16837 <-> DISABLED <-> BLACKLIST DNS request for known malware domain dangercheats.com.br - Trojan.Win32.Refroso.arnq (blacklist.rules) * 1:16836 <-> DISABLED <-> BLACKLIST DNS request for known malware domain ra03.e5732.com - Trojan-Clicker.Win32.Small.afg (blacklist.rules) * 1:16835 <-> DISABLED <-> BLACKLIST DNS request for known malware domain exe.146843.com - Trojan.Win32.Opeg.a (blacklist.rules) * 1:16834 <-> DISABLED <-> BLACKLIST DNS request for known malware domain qd.netkill.com.cn - Trojan-Downloader.Win32.Adload.rzx (blacklist.rules) * 1:16833 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16832 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16831 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16830 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16829 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16828 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16827 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16826 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16825 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16824 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16823 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FlyStudio known command and control channel traffic (malware-cnc.rules) * 1:16822 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16821 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16820 <-> ENABLED <-> MALWARE-CNC Win.Trojan.Kryptik variant outbound connection (malware-cnc.rules) * 1:16819 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16818 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16817 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16816 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16815 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16814 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16813 <-> DISABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16812 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16811 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16810 <-> ENABLED <-> MALWARE-CNC known command and control channel traffic (malware-cnc.rules) * 1:16809 <-> ENABLED <-> MALWARE-CNC Win.Trojan.FraudPack variant outbound connection (malware-cnc.rules)
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
