* Talos combines our security experts from TRAC, SecApps, and VRT teams.
This SRU number: 2016-08-01-001
Previous SRU number: 2016-07-27-001
Applies to:
This SEU number: 1521
Previous SEU: 1520
Applies to:
This is the complete list of rules modified in SRU 2016-08-01-001 and SEU 1521.
The format of the file is:
GID - SID - Rule Group - Rule Message - Policy State
The Policy State refers to each default Sourcefire policy, Connectivity, Balanced and Security.
The default passive policy state is the same as the Balanced policy state with the exception of alert being used instead of drop.
Note: Unless stated explicitly, the rules are for the series of products listed above.
| GID | SID | Rule Group | Rule Message | Policy State | ||
|---|---|---|---|---|---|---|
| Con. | Bal. | Sec. | ||||
| 1 | 22048 | MALWARE-CNC | Win.Trojan.Zeus P2P outbound connection | off | alert | drop |
| 1 | 23492 | MALWARE-CNC | Win.Trojan.ZeroAccess outbound connection | off | drop | drop |
| 1 | 23493 | MALWARE-CNC | Win.Trojan.ZeroAccess outbound connection | drop | drop | drop |
| 1 | 23606 | MALWARE-CNC | Win.Trojan.Sofacy.A outbound connection | off | off | drop |
| 1 | 23607 | MALWARE-CNC | Win.Trojan.Sofacy.A outbound connection | off | off | drop |
| 1 | 23780 | MALWARE-CNC | Win.Trojan.Begfanit.A outbound connection | off | off | off |
| 1 | 24224 | MALWARE-CNC | Win.Trojan.Spy variant outbound connection | off | drop | drop |
| 1 | 24341 | MALWARE-CNC | Win.Trojan.Spy variant outbound connection | off | off | off |
| 1 | 24349 | MALWARE-CNC | Win.Trojan.Spy variant outbound connection | off | off | off |
| 1 | 24350 | MALWARE-CNC | Win.Trojan.Spy variant outbound connection | off | off | off |
| 1 | 24381 | MALWARE-CNC | Win.Trojan.VB variant outbound connection | off | drop | drop |
| 1 | 24382 | MALWARE-CNC | Win.Trojan.VB variant outbound connection | off | drop | drop |
| 1 | 24383 | MALWARE-CNC | Win.Trojan.Dipwit outbound connection | off | off | drop |
| 1 | 24384 | MALWARE-CNC | Win.Trojan.Tracur variant outbound connection | off | off | drop |
| 1 | 24385 | MALWARE-CNC | Win.Trojan.Tracur variant outbound connection | off | off | drop |
| 1 | 25627 | MALWARE-CNC | Win.Trojan.Reventon variant outbound connection | off | drop | drop |
| 1 | 25807 | MALWARE-CNC | Win.Trojan.Urausy Botnet variant outbound connection | off | drop | drop |
| 1 | 26911 | MALWARE-CNC | Win.Trojan.Rombrast Trojan outbound connection | off | drop | drop |
| 1 | 26912 | MALWARE-CNC | Win.Trojan.Rombrast Trojan outbound connection | off | drop | drop |
| 1 | 27022 | MALWARE-CNC | Win.Trojan.Netweird.A outbound connection | off | off | off |
| 1 | 27023 | MALWARE-CNC | Win.Trojan.Netweird.A outbound connection | off | off | drop |
| 1 | 27150 | BROWSER-IE | Microsoft Internet Explorer use after free attempt | off | drop | drop |
| 1 | 27152 | BROWSER-IE | Microsoft Internet Explorer use after free attempt | off | drop | drop |
| 1 | 27201 | MALWARE-CNC | Win.Trojan.Neurevt variant outbound connection | off | drop | drop |
| 1 | 27545 | MALWARE-CNC | Osx.Trojan.Janicab outbound connection | off | drop | drop |
| 1 | 27546 | MALWARE-CNC | Osx.Trojan.Janicab outbound connection | off | drop | drop |
| 1 | 27547 | MALWARE-CNC | Osx.Trojan.Janicab outbound connection | off | drop | drop |
| 1 | 27867 | MALWARE-CNC | Win.Trojan.Dropper outbound connection | drop | drop | drop |
| 1 | 28072 | MALWARE-CNC | Win.Trojan.Omexo outbound connection | off | drop | drop |
| 1 | 28096 | MALWARE-CNC | Win.Trojan.Spynet variant connection | off | off | drop |
| 1 | 28141 | MALWARE-CNC | Win.Trojan.banker outbound connection | off | drop | drop |
| 1 | 28143 | MALWARE-CNC | Win.Trojan.Medfos outbound connection | off | drop | drop |
| 1 | 28209 | MALWARE-CNC | Win.Worm.IRCbot outbound connection | off | drop | drop |
| 1 | 28210 | MALWARE-CNC | Win.Worm.IRCbot outbound connection | off | drop | drop |
| 1 | 28211 | MALWARE-CNC | Win.Worm.IRCbot outbound connection | off | drop | drop |
| 1 | 28234 | MALWARE-CNC | Win.Trojan.Hdslogger outbound connection | off | drop | drop |
| 1 | 28239 | MALWARE-CNC | Win.Trojan.Tuxido outbound connection | off | drop | drop |
| 1 | 28807 | MALWARE-CNC | Win.Trojan.Injector variant outbound connection | off | drop | drop |
| 1 | 28809 | MALWARE-CNC | Win.Trojan.Dofoil inbound connection | off | drop | drop |
| 1 | 29031 | MALWARE-CNC | Win.Trojan.Banload variant inbound connection | off | drop | drop |
| 1 | 29149 | MALWARE-CNC | Win.Trojan.Janicab outbound connection | off | drop | drop |
| 1 | 29155 | MALWARE-CNC | Win.Trojan.Vwealer outbound connection | off | drop | drop |
| 1 | 29289 | MALWARE-CNC | Win.Trojan.Kmnokay outbound connection | off | drop | drop |
| 1 | 29302 | MALWARE-CNC | Win.Trojan.Diswenshow outbound connection | off | drop | drop |
| 1 | 29307 | MALWARE-CNC | Win.Trojan.Fraxytime outbound connection | off | drop | drop |
| 1 | 29325 | MALWARE-CNC | Win.Trojan.Horsamaz outbound connection | off | drop | drop |
| 1 | 29331 | MALWARE-CNC | Win.Trojan.Aokaspid outbound connection using modem | off | drop | drop |
| 1 | 29332 | MALWARE-CNC | Win.Trojan.Aokaspid outbound connection using lan | off | drop | drop |
| 1 | 29333 | MALWARE-CNC | Win.Trojan.Aokaspid outbound connection using proxy server | off | drop | drop |
| 1 | 29334 | MALWARE-CNC | Win.Trojan.Aokaspid outbound connection using other | off | drop | drop |
| 1 | 29340 | MALWARE-CNC | Win.Trojan.Plusau outbound connection | off | drop | drop |
| 1 | 29353 | MALWARE-CNC | Win.Trojan.Zeagle outbound connection | off | drop | drop |
| 1 | 29440 | MALWARE-CNC | Win.Trojan.Chewbacca outbound connection | off | drop | drop |
| 1 | 29615 | MALWARE-CNC | Win.Trojan.Keylogger outbound connection | off | drop | drop |
| 1 | 29616 | MALWARE-CNC | Win.Trojan.Keylogger inbound connection | off | drop | drop |
| 1 | 29644 | MALWARE-CNC | Win.Trojan.Sdconsent outbound connection | off | drop | drop |
| 1 | 29670 | MALWARE-CNC | Win.Trojan.Caphaw outbound connection | off | drop | drop |
| 1 | 29924 | MALWARE-CNC | Win.Trojan.Farfli outbound connection | off | drop | drop |
| 1 | 29980 | MALWARE-CNC | Win.Trojan.Fucom outbound connection | off | drop | drop |
| 1 | 30063 | MALWARE-CNC | Win.Trojan.Zbot outbound connection | off | drop | drop |
| 1 | 30064 | MALWARE-CNC | Win.Trojan.Zbot outbound connection | off | drop | drop |
| 1 | 30334 | MALWARE-CNC | Win.Trojan.ProjectHook initial outbound connection | off | drop | drop |
| 1 | 30482 | MALWARE-CNC | Win.Trojan.Zbot/Bublik inbound connection | off | drop | drop |
| 1 | 30551 | MALWARE-CNC | Malicious BitCoiner Miner download - Win.Trojan.Minerd | off | drop | drop |
| 1 | 30552 | MALWARE-CNC | Malicious BitCoiner Miner download - Win.Trojan.Systema | off | drop | drop |
| 1 | 30752 | MALWARE-CNC | Win.Trojan.Tesyong outbound connection | off | drop | drop |
| 1 | 30804 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30805 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30806 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30807 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30808 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30809 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30810 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30811 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30812 | MALWARE-CNC | Win.Trojan.Hulpob outbound connection | off | drop | drop |
| 1 | 30882 | MALWARE-CNC | Win.Trojan.Rbrute inbound connection | off | drop | drop |
| 1 | 30883 | MALWARE-CNC | Win.Trojan.Rbrute inbound connection | off | drop | drop |
| 1 | 30923 | MALWARE-CNC | Win.Trojan.Sefnit outbound connection | off | drop | drop |
| 1 | 30924 | MALWARE-CNC | Win.Trojan.Hd backdoor inbound connection | off | off | drop |
| 1 | 30926 | MALWARE-CNC | Win.Trojan.Hd backdoor outbound secure-connection | off | off | drop |
| 1 | 30978 | MALWARE-CNC | Win.Trojan.Rbrute inbound connection | off | drop | drop |
| 1 | 30984 | MALWARE-CNC | Win.Trojan.Vonriamt outbound connection | off | drop | drop |
| 1 | 31014 | MALWARE-CNC | Win.Trojan.Cryptowall variant outbound connection | off | drop | drop |
| 1 | 31081 | MALWARE-CNC | Win.Trojan.WinSpy variant outbound connection | off | drop | drop |
| 1 | 31123 | MALWARE-CNC | Win.Trojan.Gigade variant inbound connection | off | off | off |
| 1 | 31124 | MALWARE-CNC | Win.Trojan.Pyrtomsop outbound connection | off | drop | drop |
| 1 | 31136 | MALWARE-CNC | Win.Trojan.ZeroAccess inbound connection | drop | drop | drop |
| 1 | 31168 | MALWARE-CNC | Win.Trojan.Guise outbound connection | off | drop | drop |
| 1 | 31224 | MALWARE-CNC | Win.Trojan.Cryptor outbound connection | off | drop | drop |
| 1 | 31236 | MALWARE-CNC | Win.Trojan.Hidead outbound connection | off | drop | drop |
| 1 | 31290 | MALWARE-CNC | Win.Trojan.Vextstl outbound connection | off | drop | drop |
| 1 | 31293 | MALWARE-CNC | Win.Trojan.Dyre publickey outbound connection | off | off | drop |
| 1 | 31319 | MALWARE-CNC | Win.Trojan.Zediv outbound connection | off | drop | drop |
| 1 | 31459 | MALWARE-CNC | Win.Trojan.Jaktinier outbound connection | off | drop | drop |
| 1 | 31548 | MALWARE-CNC | Win.Trojan.Yakes variant inbound connection | off | off | drop |
| 1 | 31693 | MALWARE-CNC | Win.Trojan.Korplug Poisoned Hurricane Malware outbound connection | off | drop | drop |
| 1 | 31706 | MALWARE-CNC | Win.Trojan.Korgapam outbound connection | off | drop | drop |
| 1 | 31718 | MALWARE-CNC | Win.Trojan.Critroni outbound connection | off | drop | drop |
| 1 | 31744 | MALWARE-CNC | Win.Trojan.Eratoma outbound connection | off | drop | drop |
| 1 | 31748 | MALWARE-CNC | Win.Trojan.Qulkonwi outbound connection | off | drop | drop |
| 1 | 31753 | MALWARE-CNC | Win.Trojan.Elpapok outbound connection | off | drop | drop |
| 1 | 31768 | MALWARE-CNC | Win.Trojan.Ecsudown outbound connection | off | drop | drop |
| 1 | 31813 | MALWARE-CNC | Win.Trojan.Expiro outbound connection | off | drop | drop |
| 1 | 31832 | MALWARE-CNC | Win.Trojan.Pfinet outbound connection | off | drop | drop |
| 1 | 31833 | MALWARE-CNC | Win.Trojan.Chkbot outbound connection | off | drop | drop |
| 1 | 31883 | MALWARE-CNC | Win.Trojan.Waterspout outbound connection | off | drop | drop |
| 1 | 31925 | MALWARE-CNC | Linux.Trojan.Jynxkit outbound connection | off | drop | drop |
| 1 | 31944 | MALWARE-CNC | Win.Trojan.Tavdig outbound connection | off | drop | drop |
| 1 | 32065 | MALWARE-CNC | Win.Trojan.Asprox inbound connection | off | drop | drop |
| 1 | 32126 | MALWARE-CNC | Win.Trojan.Lizarbot outbound connection | off | drop | drop |
| 1 | 32163 | BROWSER-IE | Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt | off | off | off |
| 1 | 32164 | BROWSER-IE | Microsoft Internet Explorer GetUpdatedLayout partial table declaration use-after-free attempt | off | off | off |
| 1 | 32188 | MALWARE-CNC | Win.Trojan.BlackEnergy3 outbound connection | off | drop | drop |
| 1 | 32189 | MALWARE-CNC | Win.Trojan.BlackEnergy2 outbound connection | off | drop | drop |
| 1 | 32198 | MALWARE-CNC | Win.Trojan.Mujormel outbound connection | off | drop | drop |
| 1 | 32311 | MALWARE-CNC | Win.Trojan.Rehtesyk outbound connection | off | drop | drop |
| 1 | 32792 | MALWARE-CNC | Win.Virus.Ransomlock inbound connection | off | drop | drop |
| 1 | 32908 | MALWARE-CNC | Win.Trojan.TinyZBot outbound connection | off | drop | drop |
| 1 | 32909 | MALWARE-CNC | Win.Trojan.TinyZBot outbound connection | off | drop | drop |
| 1 | 32910 | MALWARE-CNC | Win.Trojan.TinyZBot outbound connection | off | drop | drop |
| 1 | 33145 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33165 | MALWARE-CNC | Win.Trojan.Poweliks outbound connection | off | drop | drop |
| 1 | 33646 | MALWARE-CNC | Linux.Trojan.XORDDoS outbound connection | off | drop | drop |
| 1 | 33647 | MALWARE-CNC | Linux.Trojan.XORDDoS outbound connection | off | drop | drop |
| 1 | 33648 | MALWARE-CNC | Linux.Trojan.XORDDoS outbound connection | off | drop | drop |
| 1 | 33650 | MALWARE-CNC | Win.Trojan.Tinba outbound connection | off | drop | drop |
| 1 | 33678 | MALWARE-CNC | Win.Trojan.Athena variant outbound connection | off | drop | drop |
| 1 | 33704 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33745 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33746 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33747 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33748 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33749 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33750 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33751 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33752 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33753 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33754 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33755 | MALWARE-CNC | Win.Trojan.Dridex initial outbound connection | off | drop | drop |
| 1 | 33756 | MALWARE-CNC | Win.Ransomware.CTB-Locker outbound connection | off | drop | drop |
| 1 | 33757 | MALWARE-CNC | Win.Ransomware.CTB-Locker outbound connection | off | drop | drop |
| 1 | 33859 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33860 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33861 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33862 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33863 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33864 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33865 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33866 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33867 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33868 | MALWARE-CNC | Win.Trojan.Dridex3 initial outbound connection | off | drop | drop |
| 1 | 33880 | MALWARE-CNC | Win.Backdoor.Casper outbound connection | off | drop | drop |
| 1 | 33893 | MALWARE-CNC | Win.Trojan.Xerq outbound connection | off | drop | drop |
| 1 | 33931 | MALWARE-CNC | Win.Worm.Goldrv variant outbound connection | off | drop | drop |
| 1 | 33933 | MALWARE-CNC | Win.Trojan.Penget variant outbound connection | off | drop | drop |
| 1 | 33966 | MALWARE-CNC | Win.Worm.Mafusc variant outbound connection | off | drop | drop |
| 1 | 33996 | MALWARE-CNC | Win.Trojan.Pwexes variant outbound connection | off | drop | drop |
| 1 | 33997 | MALWARE-CNC | Win.Trojan.Pwexes variant outbound connection | off | drop | drop |
| 1 | 34001 | MALWARE-CNC | Win.Trojan.Picommex outbound connection | off | drop | drop |
| 1 | 34002 | MALWARE-CNC | Win.Trojan.Picommex outbound connection | off | drop | drop |
| 1 | 34003 | MALWARE-CNC | Win.Trojan.Picommex outbound connection | off | drop | drop |
| 1 | 34004 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34005 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34006 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34007 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34008 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34009 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34010 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34011 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34012 | MALWARE-CNC | Win.Trojan.Explosive variant outbound connection | off | drop | drop |
| 1 | 34013 | MALWARE-CNC | Win.Trojan.Ayuther variant outbound connection | off | drop | drop |
| 1 | 34025 | MALWARE-CNC | Win.Trojan.Ayuther variant outbound connection | off | drop | drop |
| 1 | 34026 | MALWARE-CNC | Win.Trojan.Endstar variant outbound connection | off | drop | drop |
| 1 | 34029 | MALWARE-CNC | Win.Worm.Tuscas variant outbound connection | off | drop | drop |
| 1 | 34030 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34031 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34032 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34033 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34034 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34035 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34036 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34037 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34038 | MALWARE-CNC | Win.Trojan.Dridex4 initial outbound connection | off | drop | drop |
| 1 | 34045 | MALWARE-CNC | Win.Trojan.Eitenckay initial outbound connection | off | drop | drop |
| 1 | 34049 | MALWARE-CNC | Win.Backdoor.EvilBunny variant outbound connection | off | drop | drop |
| 1 | 34050 | MALWARE-CNC | Win.Backdoor.Nepigon variant outbound connection | off | drop | drop |
| 1 | 34115 | MALWARE-CNC | MacOS.Trojan.Wirelurker variant outbound connection | off | drop | drop |
| 1 | 34116 | MALWARE-CNC | MacOS.Trojan.Wirelurker variant outbound connection | off | drop | drop |
| 1 | 34117 | MALWARE-CNC | Win.Backdoor.Zupdax variant outbound connection | off | drop | drop |
| 1 | 34128 | MALWARE-CNC | Win.Trojan.WIntruder outbound connection | off | drop | drop |
| 1 | 34132 | MALWARE-CNC | Win.Backdoor.Erotimpact variant outbound connection | off | drop | drop |
| 1 | 34140 | MALWARE-CNC | Win.Trojan.Dyre publickey outbound connection | off | off | drop |
| 1 | 34155 | MALWARE-CNC | MacOS.Backdoor.Xslcmd outbound connection | off | drop | drop |
| 1 | 34219 | MALWARE-CNC | Win.Trojan.Nanocore variant outbound connection | off | drop | drop |
| 1 | 34246 | MALWARE-CNC | Win.Backdoor.Yebot variant outbound connection | off | off | drop |
| 1 | 34261 | MALWARE-CNC | Linux.Trojan.XORDDoS outbound connection | off | drop | drop |
| 1 | 34262 | MALWARE-CNC | Linux.Trojan.XORDDoS outbound connection | off | drop | drop |
| 1 | 34263 | MALWARE-CNC | Linux.Trojan.XORDDoS outbound connection | off | drop | drop |
| 1 | 34286 | MALWARE-CNC | Win.Trojan.Mudrop variant outbound connection | off | drop | drop |
| 1 | 34296 | MALWARE-CNC | Win.Trojan.Kraken outbound connection | off | drop | drop |
| 1 | 34297 | MALWARE-CNC | Win.Trojan.Kraken outbound connection | off | drop | drop |
| 1 | 34319 | MALWARE-CNC | Win.Worm.Klogwjds variant outbound connection | off | drop | drop |
| 1 | 34322 | MALWARE-CNC | Win.Worm.Klogwjds variant outbound connection | off | drop | drop |
| 1 | 34327 | MALWARE-CNC | Win.Trojan.Bedepshel variant outbound connection | off | drop | drop |
| 1 | 34329 | MALWARE-CNC | Cryptolocker variant inbound connection | off | off | off |
| 1 | 34346 | MALWARE-CNC | Win.Trojan.Backspace outbound connection | off | drop | drop |
| 1 | 34347 | MALWARE-CNC | Win.Trojan.Cheprobnk variant outbound connection | off | drop | drop |
| 1 | 34362 | MALWARE-CNC | Win.Trojan.Mantal variant outbound connection | off | drop | drop |
| 1 | 34366 | MALWARE-CNC | Win.Trojan.Mantal variant outbound connection | off | drop | drop |
| 1 | 34459 | MALWARE-CNC | Win.Trojan.Pvzin variant outbound connection | off | drop | drop |
| 1 | 34460 | MALWARE-CNC | Win.Worm.Mozibe variant outbound connection | off | drop | drop |
| 1 | 34461 | MALWARE-CNC | Linux.Trojan.Mumblehard variant outbound connection | off | drop | drop |
| 1 | 34462 | MALWARE-CNC | Linux.Trojan.Mumblehard variant outbound connection | off | drop | drop |
| 1 | 34469 | MALWARE-CNC | Win.Backdoor.Nirunte variant outbound connection | off | drop | drop |
| 1 | 34470 | MALWARE-CNC | Win.Backdoor.Nirunte variant outbound connection | off | drop | drop |
| 1 | 34476 | MALWARE-CNC | Win.Trojan.Kriptovor variant outbound connection | off | drop | drop |
| 1 | 34489 | MALWARE-CNC | Win.Trojan.Nalodew variant outbound connection | off | drop | drop |
| 1 | 34491 | MALWARE-CNC | Win.Trojan.MalPutty variant outbound connection | off | off | drop |
| 1 | 34567 | MALWARE-CNC | MacOS.Trojan.MacVX outbound connection | off | drop | drop |
| 1 | 34572 | MALWARE-CNC | Win.Trojan.Zinnemls variant outbound connection | off | drop | drop |
| 1 | 34608 | MALWARE-CNC | Win.Trojan.Punkey variant outbound connection | off | drop | drop |
| 1 | 34609 | MALWARE-CNC | Trojan.NitLove variant outbound connection | off | drop | drop |
| 1 | 34624 | MALWARE-CNC | Win.Trojan.Crypaura variant outbound connection | off | drop | drop |
| 1 | 34818 | MALWARE-CNC | Win.Trojan.Emdivi outbound connection | off | drop | drop |
| 1 | 34869 | MALWARE-CNC | Win.Trojan.XTalker outbound connection | off | drop | drop |
| 1 | 34872 | MALWARE-CNC | Win.Trojan.Compfolder variant outbound connection | off | drop | drop |
| 1 | 34965 | MALWARE-CNC | Win.Trojan.Cryptolocker outbound connection | off | drop | drop |
| 1 | 35031 | MALWARE-CNC | Win.Trojan.Konus outbound connection | off | drop | drop |
| 1 | 35050 | MALWARE-CNC | Win.Trojan.Scar variant outbound connection | off | drop | drop |
| 1 | 35127 | BROWSER-IE | Microsoft Internet Explorer local file information disclosure attempt | off | off | off |
| 1 | 35128 | BROWSER-IE | Microsoft Internet Explorer local file information disclosure attempt | off | off | off |
| 1 | 35254 | MALWARE-CNC | Win.Dropper.Agent inbound connection | off | drop | drop |
| 1 | 35312 | MALWARE-CNC | Win.Trojan.Ursnif outbound connection | off | drop | drop |
| 1 | 35386 | MALWARE-CNC | Win.Trojan.Bedep initial outbound connection | off | drop | drop |
| 1 | 35387 | MALWARE-CNC | Win.Trojan.Andromeda initial outbound connection | off | drop | drop |
| 1 | 35733 | MALWARE-CNC | Win.Trojan.Potao outbound connection | off | drop | drop |
| 1 | 35749 | MALWARE-CNC | Win.Backdoor.IsSpace outbound connection | off | drop | drop |
| 1 | 35750 | MALWARE-CNC | Win.Backdoor.IsSpace initial outbound connection | off | drop | drop |
| 1 | 35794 | MALWARE-CNC | Win.Trojan.TeslaCrypt outbound connection | off | drop | drop |
| 1 | 35967 | BROWSER-IE | Microsoft Edge sandbox CreateFileW arbitrary file delete attempt | off | off | off |
| 1 | 35968 | BROWSER-IE | Microsoft Edge sandbox CreateFileW arbitrary file delete attempt | off | off | off |
| 1 | 36054 | MALWARE-CNC | Ios.Backdoor.SYNful inbound connection | off | drop | drop |
| 1 | 36106 | MALWARE-CNC | Win.Trojan.Hodoor APT variant outbound connection | off | drop | drop |
| 1 | 36294 | MALWARE-CNC | Win.Backdoor.Nisinul variant outbound connection | off | drop | drop |
| 1 | 36471 | MALWARE-CNC | Andr.Trojan.Kemoge outbound connection | off | drop | drop |
| 1 | 36522 | MALWARE-CNC | Win.Trojan.Banker.NWT variant outbound connection | off | drop | drop |
| 1 | 36639 | MALWARE-CNC | Win.Trojan.Tavex outbound connection | off | drop | drop |
| 1 | 36732 | MALWARE-CNC | Win.Trojan.Sefnit variant outbound connection | off | drop | drop |
| 1 | 36765 | MALWARE-CNC | Win.Trojan.Stupeval variant outbound connection | off | drop | drop |
| 1 | 36807 | MALWARE-CNC | Win.Trojan.Nodslit variant outbound connection | off | drop | drop |
| 1 | 37036 | MALWARE-CNC | Win.Trojan.Alina variant outbound connection | off | drop | drop |
| 1 | 37047 | MALWARE-CNC | Win.Trojan.Vonterra outbound connection | off | drop | drop |
| 1 | 37052 | MALWARE-CNC | ATSEngine credit card number sent via URL parameter | off | drop | drop |
| 1 | 37212 | MALWARE-CNC | Win.Trojan.Pmabot outbound connection | off | drop | drop |
| 1 | 37213 | MALWARE-CNC | Win.Trojan.Pmabot outbound connection | off | drop | drop |
| 1 | 37214 | MALWARE-CNC | Win.Trojan.Pmabot outbound connection | off | drop | drop |
| 1 | 37215 | MALWARE-CNC | Win.Trojan.Pmabot outbound connection | off | drop | drop |
| 1 | 37225 | MALWARE-CNC | Win.Trojan.Isniffer outbound connection | off | drop | drop |
| 1 | 37226 | MALWARE-CNC | Win.Trojan.Isniffer outbound connection | off | drop | drop |
| 1 | 37227 | MALWARE-CNC | Win.Trojan.Isniffer outbound connection | off | drop | drop |
| 1 | 37228 | MALWARE-CNC | Win.Trojan.Isniffer outbound connection | off | drop | drop |
| 1 | 37296 | MALWARE-CNC | Win.Trojan.Sesramot variant outbound connection | off | drop | drop |
| 1 | 37297 | MALWARE-CNC | Win.Trojan.Sesramot variant outbound connection | off | drop | drop |
| 1 | 37317 | MALWARE-CNC | Win.Trojan.Radamant inbound connection | off | drop | drop |
| 1 | 37323 | MALWARE-CNC | Win.Trojan.Direvex variant outbound connection | off | drop | drop |
| 1 | 37457 | MALWARE-CNC | Win.Trojan.Sovfo variant outbound connection | off | drop | drop |
| 1 | 37636 | MALWARE-CNC | Win.Trojan.Graftor outbound connection | off | drop | drop |
| 1 | 37637 | MALWARE-CNC | Win.Trojan.Graftor outbound connection | off | drop | drop |
| 1 | 38018 | MALWARE-CNC | Win.Trojan.Dridex outbound connection | off | drop | drop |
| 1 | 38067 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38068 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38069 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38070 | BROWSER-IE | Microsoft Internet Explorer CTreePos type confusion attempt | off | drop | drop |
| 1 | 38116 | MALWARE-CNC | Osx.Trojan.Keranger outbound connection | off | drop | drop |
| 1 | 38255 | MALWARE-CNC | Win-Linux.Trojan.Derusbi variant outbound connection | off | drop | drop |
| 1 | 38256 | MALWARE-CNC | Win-Linux.Trojan.Derusbi variant outbound connection | off | drop | drop |
| 1 | 38257 | MALWARE-CNC | Win-Linux.Trojan.Derusbi variant outbound connection | off | drop | drop |
| 1 | 38258 | MALWARE-CNC | Win-Linux.Trojan.Derusbi variant outbound connection | off | drop | drop |
| 1 | 38514 | MALWARE-CNC | Win.Trojan.Sweeper outbound connection | off | drop | drop |
| 1 | 38515 | MALWARE-CNC | Win.Trojan.Sweeper outbound connection | off | drop | drop |
| 1 | 38516 | MALWARE-CNC | Win.Trojan.Sweeper outbound connection | off | drop | drop |
| 1 | 38557 | MALWARE-CNC | Win.Trojan.GateKeylogger outbound connection | off | drop | drop |
| 1 | 38585 | MALWARE-CNC | Win.Backdoor.DFSCook variant outbound connection | off | drop | drop |
| 1 | 38586 | MALWARE-CNC | Win.Backdoor.DFSCook variant outbound connection | off | drop | drop |
| 1 | 38588 | MALWARE-CNC | Win.Backdoor.DFSCook variant outbound connection | off | drop | drop |
| 1 | 38607 | MALWARE-CNC | Win.Trojan.Qakbot variant outbound connection | off | drop | drop |
| 1 | 38643 | MALWARE-CNC | Win.Trojan.Jadowndec outbound connection | off | drop | drop |
| 1 | 38644 | MALWARE-CNC | Win.Trojan.Jadowndec outbound connection | off | drop | drop |
| 1 | 38645 | MALWARE-CNC | Win.Trojan.Jadowndec outbound connection | off | drop | drop |
| 1 | 38646 | MALWARE-CNC | Win.Trojan.Jadowndec outbound connection | off | drop | drop |
| 1 | 38647 | MALWARE-CNC | Win.Trojan.Jadowndec outbound connection | off | drop | drop |
| 1 | 38886 | MALWARE-CNC | Win.Trojan.Bayrob variant outbound connection | off | drop | drop |
| 1 | 39052 | MALWARE-CNC | Win.Trojan.Adialer variant outbound connection | off | drop | drop |
| 1 | 39064 | MALWARE-CNC | Win.Trojan.Sinrin initial JS dropper outbound connection | off | drop | drop |
| 1 | 39084 | MALWARE-CNC | Win.Trojan.Cript outbound connection | off | drop | drop |
| 1 | 39085 | MALWARE-CNC | Win.Trojan.Cript outbound connection | off | drop | drop |
| 1 | 39086 | MALWARE-CNC | Win.Trojan.Cript outbound connection | off | drop | drop |
| 1 | 39117 | MALWARE-CNC | Win.Trojan.Symmi variant outbound connection | off | drop | drop |
| 1 | 39465 | MALWARE-CNC | Win.Trojan.Unlock92 outbound connection | off | drop | drop |
| 1 | 39573 | MALWARE-CNC | Win.Backdoor.NanoBot variant outbound connection | off | drop | drop |
| 1 | 39574 | MALWARE-CNC | Win.Backdoor.NanoBot variant outbound connection | off | drop | drop |
| 1 | 39575 | MALWARE-CNC | Win.Backdoor.NanoBot variant outbound connection | off | drop | drop |
| 1 | 39576 | MALWARE-CNC | Win.Backdoor.NanoBot variant outbound connection | off | drop | drop |
| 1 | 39577 | MALWARE-CNC | Win.Backdoor.NanoBot variant outbound connection | off | drop | drop |
| 1 | 39578 | MALWARE-CNC | Win.Backdoor.NanoBot variant inbound connection | off | drop | drop |
| 1 | 39579 | MALWARE-CNC | Win.Backdoor.NanoBot variant outbound connection | off | drop | drop |
| 1 | 39580 | MALWARE-CNC | Win.Backdoor.NanoBot variant outbound connection | off | drop | drop |
| 1 | 39581 | MALWARE-CNC | Win.Trojan.NanoBot/Perseus initial outbound connection | off | drop | drop |
| 1 | 39705 | MALWARE-CNC | Win.Trojan.Zeus variant inbound connection | off | drop | drop |
| 1 | 39730 | MALWARE-CNC | Win.Adware.Xiazai outbound connection | off | drop | drop |
| 1 | 39735 | FILE-OTHER | VideoCharge buffer overflow SEH attempt | off | off | off |
| 1 | 39736 | FILE-OTHER | VideoCharge buffer overflow SEH attempt | off | off | off |
| 1 | 39738 | MALWARE-CNC | Win.Trojan.Trans variant outbound connection | off | drop | drop |