########################################################################################### # NOTE: This is a dummy/example Suricata ruleset to demonstrate Aristotle's capabilities. # # (https://github.com/secureworks/aristotle/) # # This is NOT a real ruleset designed to be used by Suricata. # ########################################################################################### #better-schema 1.0 drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNIFORM DESIGN Malware Communication"; flow:established,to_server; content:"design"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-19,updated_at 2018-03-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181235;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - VAST SKULLCAP Traffic Detected"; flow:established,to_client; content:"skullcap"; priority:3; metadata:hostile src_ip,created_at 2018-05-25,capec_id 403,updated_at 2018-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181236;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MID VISITOR Malware Communication"; flow:established,to_server; content:"visitor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-15,updated_at 2017-08-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181237;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WICKED GUESTBOOK Malware Communication"; flow:established,to_server; content:"guestbook"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-09,updated_at 2019-06-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181238;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOUD SCENERY Malware Communication"; flow:established, to_server; content:"scenery"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-07-18,updated_at 2015-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181239;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUZZLED DREAM Malware Communication"; flow:established, to_server; content:"dream"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-02-19,updated_at 2017-02-26,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181240;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROFESSIONAL LITERATURE Malware Communication"; flow:established, to_server; content:"literature"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-08-03,updated_at 2016-08-12,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181241;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GEOGRAPHICAL TEACHER Malware Communication"; flow:established, to_server; content:"teacher"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-10,updated_at 2019-09-21,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181242;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNIFORM ELEMENT Malware Communication"; flow:established, to_server; content:"element"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-05-05,updated_at 2019-05-08,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181243;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPLETE INDIGENCE Traffic Detected"; flow:established, to_client; file_data; content:"indigence"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-09-05,capec_id 100,updated_at 2019-09-10,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target http-client,attack_target client,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80181244;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALID BEANIE Malware Communication"; flow:established,to_server; content:"beanie"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-14,updated_at 2018-08-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181245;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAVE SHIRTDRESS Malware Communication"; flow:established, to_server; content:"shirtdress"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-10,updated_at 2018-09-12,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181246;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRETTY BEGINNER Malware Communication"; flow:established,to_server; content:"beginner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-11,updated_at 2019-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181247;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCHANGED BAGGAGE Malware Communication"; flow:established,to_server; content:"baggage"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-03,updated_at 2017-10-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181248;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLEAMING MOTION Exploitation Attempt Seen"; flow:established, to_server; content:"motion"; priority:3; metadata:hostile src_ip,created_at 2017-04-10,capec_id 255,updated_at 2017-04-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-6344690,protocols http,protocols tcp; rev:2; sid:80181249;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NICE UNKNOWNHPICK Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNhpick"; priority:3; metadata:hostile src_ip,created_at 2019-05-14,capec_id 100,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-3038940,protocols http,protocols tcp; rev:2; sid:80181250;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENDED SPECIALIST Malware Communication"; flow:established,to_server; content:"specialist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-11-02,updated_at 2015-11-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181251;) alert tcp any any -> $HOME_NET any (msg:"Acme - STRANGE COWBOY Exploitation Attempt Seen"; flow:established, to_server; content:"cowboy"; priority:3; metadata:cwe_id 119,hostile dest_ip,created_at 2016-02-18,capec_id 255,updated_at 2016-02-19,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-2024951,protocols tcp; rev:1; sid:80181252;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESIDENTIAL PONCHO Exploitation Attempt Seen"; flow:established, to_server; content:"poncho"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-02-05,capec_id 100,updated_at 2018-02-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,cve 2017-7732859,protocols tcp; rev:1; sid:80181253;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELEGANT CELLAR Malware Communication"; flow:established,to_server; content:"cellar"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-06,updated_at 2019-05-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181254;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLEEPY SAFE Malware Communication"; flow:established,to_server; content:"safe"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-02-04,updated_at 2016-02-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181255;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WHISPERING MOVIE Malware Communication"; flow:established,to_server; content:"movie"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-11-02,updated_at 2018-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181256;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OKAY PLASTER Traffic Detected"; flow:established, to_server; content:"plaster"; priority:3; metadata:hostile src_ip,created_at 2017-03-06,capec_id 213,updated_at 2017-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181257;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TESTY AUDITORIUM Malware Communication"; flow:established,to_server; content:"auditorium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-11,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181258;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RARE DELAY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"delay"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-03-22,capec_id 253,updated_at 2019-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2017-6648765,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80181259;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNFORTUNATE GROWTH Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"growth"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-06,capec_id 253,updated_at 2019-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target http-client,attack_target client,cve 2019-6334149,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80181260;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL SAD Malware Communication"; flow:established,to_server; content:"sad"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-22,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181261;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COSTLY HEDGEHOG Malware Communication"; flow:established,to_server; content:"hedgehog"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-17,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181262;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCURATE MIDDLE Malware Communication"; flow:established,to_server; content:"middle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-27,updated_at 2018-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181263;) #alert http any any -> $HOME_NET any (msg:"Acme - DUE HEALTH Exploitation Attempt Seen"; flow:established, to_server; content:"health"; priority:3; metadata:hostile src_ip,created_at 2015-06-05,capec_id 213,updated_at 2015-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-1322911,protocols http,protocols tcp; rev:2; sid:80181264;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNUSUAL BOYFRIEND Exploitation Attempt Seen"; flow:established, to_server; content:"boyfriend"; priority:3; metadata:hostile src_ip,created_at 2016-09-10,capec_id 100,updated_at 2016-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-8227450,protocols tcp; rev:1; sid:80181265;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LONG PEPPER Exploitation Attempt Seen"; flow:established, to_server; content:"pepper"; priority:3; metadata:cwe_id 120,cvss_v3_base 8.1,hostile dest_ip,created_at 2019-02-21,capec_id 100,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cvss_v3_temporal 8.4,cve 2018-7206828,cvss_v2_temporal 8.4,protocols tcp; rev:1; sid:80181266;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCRAWNY AUDITORIUM Exploitation Attempt Seen"; flow:established, to_server; content:"auditorium"; priority:3; metadata:hostile src_ip,created_at 2018-04-18,capec_id 100,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,cve 2018-9842516,protocols dns,protocols tcp; rev:1; sid:80181267;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT HIVE Exploitation Attempt Seen"; flow:established, to_server; content:"hive"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-07-02,capec_id 100,updated_at 2019-07-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-5285939,cve 2019-5285939,protocols http,protocols tcp; rev:2; sid:80181268;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIOLENT POSITION Malware Communication"; flow:established,to_server; content:"position"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2019-09-08,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-2065193,cve 2019-2065193,cve 2019-2065193,protocols http,protocols tcp; rev:1; sid:80181269;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LITTLE RAIL Exploitation Attempt Seen"; flow:established,to_server; content:"rail"; priority:3; metadata:hostile dest_ip,created_at 2017-03-02,capec_id 100,updated_at 2017-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-8487239,protocols smb,protocols tcp; rev:1; sid:80181270;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RASPY HIGHWAY Malware Communication"; flow:established,to_server; content:"highway"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-09,updated_at 2018-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181271;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRITORIAL INSULATION Malware Communication"; flow:established,to_server; content:"insulation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-14,updated_at 2017-06-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181272;) alert tcp any any -> $HOME_NET any (msg:"Acme - QUALIFIED STAR Exploitation Attempt Seen"; flow:established, to_server; content:"star"; priority:4; metadata:cwe_id 119,created_at 2019-02-16,capec_id 255,updated_at 2019-02-21,filename acme.rules,priority info,rule_source acme-rule-factory,cve 2019-2403439,protocols tcp; rev:1; sid:80181273;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIGHT VESTMENT Exploitation Attempt Seen"; flow:established, to_server; content:"vestment"; priority:3; metadata:cwe_id 615,hostile src_ip,created_at 2017-01-15,capec_id 253,updated_at 2017-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-5386665,protocols http,protocols tcp; rev:2; sid:80181274;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REAR TRANSACTION Exploitation Attempt Seen"; flow:established, to_server; content:"transaction"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2018-02-19,updated_at 2018-02-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-5351856,protocols http,protocols tcp; rev:2; sid:80181275;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANY UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:cwe_id 200,cwe_id 79,hostile src_ip,created_at 2019-02-10,updated_at 2019-02-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181276;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RICH CRASH Traffic Detected"; flow:established, to_server; content:"crash"; priority:4; metadata:cwe_id 200,cwe_id 79,hostile src_ip,created_at 2019-07-21,capec_id 310,updated_at 2019-07-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181277;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLASSICAL GOBBLER Traffic Detected"; flow:established,to_server; content:"gobbler"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2019-02-10,capec_id 253,updated_at 2019-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,attack_target http-server,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80181278;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN FIGHT Exploitation Attempt Seen"; flow:established, to_server; content:"fight"; priority:4; metadata:created_at 2017-07-19,updated_at 2017-07-25,filename acme.rules,priority info,rule_source acme-rule-factory,cve 2017-4267642,protocols smb,protocols tcp; rev:1; sid:80181279;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY BOWLING Traffic Detected"; flow:established, to_server; content:"bowling"; priority:3; metadata:hostile src_ip,created_at 2019-02-18,capec_id 286,updated_at 2019-02-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80181280;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIGHT TEACH Malware Communication"; flow:established,to_server; content:"teach"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-08,updated_at 2019-09-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181281;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLOW BUCKET Malware Communication"; flow:established,to_server; content:"bucket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-11,updated_at 2018-04-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181282;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INEVITABLE BUCKET Malware Communication"; flow:established,to_server; content:"bucket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-27,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181283;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRONG PROGRAM Malware Communication"; flow:established,to_server; content:"program"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-27,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181284;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PATIENT LIVESTOCK Malware Communication"; flow:established,to_server; content:"livestock"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-19,updated_at 2018-04-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181285;) drop http $HOME_NET any -> any any (msg:"Acme - GREAT BEGONIA Malware Communication"; flow:established,to_server; content:"begonia"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-08-02,updated_at 2017-08-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181286;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAME TEACHING Malware Communication"; flow:established,to_server; content:"teaching"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2017-07-05,updated_at 2017-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:5; sid:80181287;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANUAL ACCELERATOR Malware Communication"; flow:established,to_server; content:"accelerator"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-03,updated_at 2019-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181288;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JOLLY BADGE Malware Communication"; flow:established,to_server; content:"badge"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-10,updated_at 2019-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181289;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVING BOOKEND Traffic Detected"; flow:established, to_server; content:"bookend"; priority:1; metadata:hostile dest_ip,created_at 2018-04-23,updated_at 2018-04-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181290;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN DIMENSION Malware Communication"; flow:established,to_server; content:"dimension"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-04,updated_at 2019-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181291;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VARYING GUN Malware Communication"; flow:established,to_server; content:"gun"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-17,updated_at 2019-01-17,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181292;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARP DRAWBRIDGE Malware Communication"; flow:established,to_server; content:"drawbridge"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-24,updated_at 2018-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181293;) drop http $HOME_NET any -> any any (msg:"Acme - AGGREGATE SELECT Malware Communication"; flow:established,to_server; content:"select"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-01,updated_at 2016-01-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181294;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCERTAIN MINE Malware Communication"; flow:established,to_server; content:"mine"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-10,updated_at 2019-11-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181295;) drop http $HOME_NET any -> any any (msg:"Acme - LATE SHOE-HORN Malware Communication"; flow:established,to_server; content:"shoe-horn"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-09,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181296;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SOUTH KOREA Malware Communication"; flow:established,to_server; content:"south"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-24,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target dns-client,attack_target client,protocols http,protocols dns,protocols tcp; rev:2; sid:80181297;) drop http $HOME_NET any -> any any (msg:"Acme - SOLAR UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-25,updated_at 2018-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181298;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERSONAL TILL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"till"; priority:3; metadata:cwe_id 125,cvss_v3_base 3.3,hostile src_ip,created_at 2018-07-27,capec_id 255,updated_at 2018-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cvss_v3_temporal 3.8,cve 2018-5038096,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80181299;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFEATED PAPER Malware Communication"; flow:established,to_server; content:"paper"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-23,updated_at 2019-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181300;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PERSONAL SIDECAR Malware Communication"; flow:established,to_server; content:"sidecar"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-22,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181301;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICK UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-12,updated_at 2016-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181302;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EFFICIENT SCENE Malware Communication"; flow:established,to_server; content:"scene"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-09-06,updated_at 2017-09-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181303;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AVERAGE RATE Exploitation Attempt Seen"; flow:established, to_server; content:"rate"; priority:3; metadata:hostile src_ip,created_at 2018-04-20,capec_id 248,updated_at 2018-04-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-141501,protocols http,protocols tcp; rev:2; sid:80181304;) drop tcp $HOME_NET any -> any any (msg:"Acme - SIGNIFICANT FIGHT Malware Communication"; flow:established,to_server; content:"fight"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-26,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181305;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - FIRM WISEGUY Exploitation Attempt Seen"; flow:established, to_server; content:"wiseguy"; priority:3; metadata:cwe_id 401,hostile src_ip,created_at 2019-08-17,capec_id 119,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-47829,protocols http,protocols tcp; rev:1; sid:80181306;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEUTRAL EPAULIERE Exploitation Attempt Seen"; flow:established, to_server; content:"epauliere"; priority:3; metadata:hostile src_ip,created_at 2019-01-25,capec_id 265,updated_at 2019-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2487941,protocols http,protocols tcp; rev:2; sid:80181307;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COASTAL DIPLOMA Exploitation Attempt Seen"; flow:established, to_client; content:"diploma"; priority:4; metadata:created_at 2018-07-17,updated_at 2018-07-17,filename acme.rules,priority info,rule_source acme-rule-factory,cve 2018-7273422,protocols telnet,protocols tcp; rev:2; sid:80181308;) drop tcp $HOME_NET any -> any any (msg:"Acme - POSSIBLE STEW Malware Communication"; flow:established,to_server; content:"stew"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-02-08,updated_at 2015-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181309;) drop tcp $HOME_NET any -> any any (msg:"Acme - RELIEVED ANGER Malware Communication"; flow:established,to_server; content:"anger"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181310;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIVEN LASAGNA Exploitation Attempt Seen"; flow:established, to_server; content:"lasagna"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2019-05-21,capec_id 119,updated_at 2019-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target telnet-server,attack_target server,cve 2017-4575763,protocols telnet,protocols tcp; rev:1; sid:80181311;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRODUCTIVE STABLE Traffic Detected"; flow:established, to_server; content:"stable"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-01-18,capec_id 100,updated_at 2018-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target telnet-server,attack_target server,protocols telnet,protocols tcp; rev:1; sid:80181312;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOUGH EIGHT Malware Communication"; flow:established,to_server; content:"eight"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-01,updated_at 2018-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181313;) #alert tcp any any -> $HOME_NET any (msg:"Acme - RATIONAL RAWHIDE Exploitation Attempt Seen"; flow:established, to_server; content:"rawhide"; priority:3; metadata:cwe_id 23,hostile src_ip,created_at 2019-05-03,capec_id 119,updated_at 2019-05-03,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-8979974,protocols http,protocols tcp; rev:1; sid:80181314;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISCIPLINARY SISTER Exploitation Attempt Seen"; flow:established, to_server; content:"sister"; priority:3; metadata:hostile src_ip,created_at 2019-08-18,capec_id 119,updated_at 2019-08-25,filename smtp.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2019-7688183,protocols smtp,protocols tcp; rev:1; sid:80181315;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLIEST SPLIT Malware Communication"; flow:established,to_server; content:"split"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-27,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181316;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICK VAULTING Malware Communication"; flow:established,to_server; content:"vaulting"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-08,updated_at 2017-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181317;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IRAQI STATUS Malware Communication"; flow:established,to_server; content:"status"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-07,updated_at 2016-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181318;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSIDERABLE REINDEER Malware Communication"; flow:established,to_server; content:"reindeer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181319;) drop http $HOME_NET any -> any any (msg:"Acme - UNKNOWN COMPETITOR Malware Communication"; flow:established,to_server; content:"competitor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-14,updated_at 2017-03-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181320;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HORRIBLE GUESS Traffic Detected"; flow:established,to_client; file_data; content:"guess"; priority:3; metadata:hostile src_ip,created_at 2019-10-26,capec_id 118,updated_at 2019-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181321;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INSUFFICIENT COTTAGE Traffic Detected"; flow:established, to_server; content:"cottage"; priority:4; metadata:created_at 2018-10-03,updated_at 2018-10-22,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80181322;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PAWNSHOP Exploitation Attempt Seen"; flow:established, to_server; content:"pawnshop"; priority:4; metadata:created_at 2018-03-17,updated_at 2018-03-18,filename acme.rules,priority info,rule_source acme-rule-factory,cve 2016-5387181,protocols ftp,protocols tcp; rev:2; sid:80181323;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EAGER CASTANETS Traffic Detected"; flow:established,to_server; content:"castanets"; priority:3; metadata:hostile src_ip,created_at 2018-08-11,updated_at 2018-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181324;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TRINKET Traffic Detected"; flow:established, to_server; content:"trinket"; priority:4; metadata:created_at 2019-01-07,updated_at 2019-01-21,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80181325;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BITTER MILLENNIUM Traffic Detected"; flow:established,to_client; content:"millennium"; priority:3; metadata:cwe_id 618,hostile src_ip,created_at 2017-08-17,capec_id 119,updated_at 2017-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181326;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RICH SUNSHINE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"sunshine"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-01-01,capec_id 100,updated_at 2019-01-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-4893664,protocols http,protocols tcp; rev:2; sid:80181327;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRONT KALE Traffic Detected"; flow:established, to_client; content:"kale"; priority:3; metadata:hostile src_ip,created_at 2019-07-21,capec_id 119,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cvss_v2_temporal 1.6,protocols http,protocols tcp; rev:2; sid:80181328;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARENTAL DEFINITION Traffic Detected"; flow:established, to_client; file_data; content:"definition"; priority:4; metadata:created_at 2018-07-01,updated_at 2018-07-21,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80181329;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELIGIOUS RELIGION Malware Communication"; flow:established,to_server; content:"religion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-14,updated_at 2018-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181330;) drop tcp $HOME_NET any -> any any (msg:"Acme - ACCEPTABLE EFFACEMENT Malware Communication"; flow:established,to_server; content:"effacement"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-24,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181331;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EERIE UNKNOWNWARE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWNware"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2016-07-06,capec_id 100,updated_at 2016-07-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-4369326,protocols http,protocols tcp; rev:2; sid:80181332;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EDUCATIONAL WAFER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"wafer"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-08,capec_id 253,updated_at 2019-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-5096675,protocols http,protocols tcp; rev:2; sid:80181333;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NUMEROUS UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-05-07,capec_id 100,updated_at 2017-05-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-9699393,protocols http,protocols tcp; rev:2; sid:80181334;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNHAPPY TEACH Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"teach"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-10-03,capec_id 123,updated_at 2019-10-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-9289722,protocols http,protocols tcp; rev:2; sid:80181335;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOVELY QUINCE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"quince"; priority:3; metadata:cwe_id 119,cvss_v3_base 7.6,hostile src_ip,created_at 2019-06-06,capec_id 255,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target http-client,attack_target client,cvss_v3_temporal 8.4,cve 2019-1594616,cvss_v2_temporal 8.4,protocols http,protocols tcp; rev:3; sid:80181336;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROUD PLAIN Traffic Detected"; flow:established,to_server; content:"plain"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-08-15,capec_id 213,updated_at 2019-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181337;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERNATIONAL DASHBOARD Traffic Detected"; flow:established,to_server; content:"dashboard"; priority:3; metadata:hostile src_ip,created_at 2019-07-23,capec_id 66,updated_at 2019-07-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181338;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIDDEN BAG Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"bag"; priority:3; metadata:cwe_id 843,cvss_v3_base 2.1,hostile src_ip,created_at 2018-09-09,capec_id 255,updated_at 2018-09-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target http-client,attack_target client,cvss_v3_temporal 2.5,cve 2018-8824617,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:3; sid:80181339;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEARBY C-CLAMP Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"c-clamp"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-08-19,capec_id 118,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cve 2019-6372696,cvss_v2_temporal 3.2,protocols http,protocols tcp; rev:2; sid:80181340;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTREME COUGAR Traffic Detected"; flow:established, to_server; content:"cougar"; priority:3; metadata:hostile src_ip,created_at 2018-02-02,capec_id 310,updated_at 2018-02-28,filename finger.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181341;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIG SONGBIRD Exploitation Attempt Seen"; flow:established, to_server; content:"songbird"; priority:3; metadata:hostile src_ip,created_at 2019-01-24,capec_id 310,updated_at 2019-01-26,filename finger.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2017-7012108,protocols tcp; rev:1; sid:80181342;) alert tcp $HOME_NET any -> any any (msg:"Acme - PERMANENT DIME Traffic Detected"; flow:established, to_client; content:"dime"; priority:3; metadata:hostile dest_ip,created_at 2018-07-03,capec_id 112,updated_at 2018-07-07,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181343;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCEPTABLE SEEDER Traffic Detected"; flow:established, to_server; content:"seeder"; priority:4; metadata:hostile src_ip,created_at 2019-05-21,capec_id 262,updated_at 2019-05-26,filename ftp.rules,priority info,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181344;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP FINDING Traffic Detected"; flow:established, to_server; content:"finding"; priority:4; metadata:cwe_id 16,hostile src_ip,created_at 2018-01-23,capec_id 70,updated_at 2018-01-28,filename ftp.rules,priority info,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181345;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BAD EGG Malware Communication"; flow:established,to_server; content:"egg"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-04-01,updated_at 2015-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80181346;) #alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN VENOM Traffic Detected"; flow:established, to_server; content:"venom"; priority:3; metadata:hostile src_ip,created_at 2015-05-07,capec_id 49,updated_at 2015-05-28,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp; rev:2; sid:80181347;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STEADY QUESTION Traffic Detected"; flow:established, to_server; content:"question"; priority:2; metadata:cwe_id 200,hostile src_ip,created_at 2018-01-05,capec_id 116,updated_at 2018-01-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181348;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SORE MOBILE Exploitation Attempt Seen"; flow:established, to_server; content:"mobile"; priority:3; metadata:hostile src_ip,created_at 2019-09-27,capec_id 135,updated_at 2019-09-28,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2018-9956403,protocols ftp,protocols tcp; rev:1; sid:80181349;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPERIENCED INTESTINE Traffic Detected"; flow:established, to_server; content:"intestine"; priority:3; metadata:hostile src_ip,created_at 2018-09-10,capec_id 150,updated_at 2018-09-20,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:2; sid:80181350;) alert tcp any any -> any any (msg:"Acme - COMPLETE HARM Traffic Detected"; flow:established, to_client; content:"harm"; priority:3; metadata:hostile dest_ip,created_at 2019-10-19,capec_id 49,updated_at 2019-10-23,filename misc.rules,priority low,rule_source acme-rule-factory,protocols dns,protocols tcp; rev:1; sid:80181351;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HAPPY MARACA Traffic Detected"; flow:established, to_server; content:"maraca"; priority:3; metadata:hostile src_ip,created_at 2019-09-09,capec_id 70,updated_at 2019-09-11,filename misc.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181352;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESPONSIBLE INDEPENDENCE Traffic Detected"; flow:established, to_server; content:"independence"; priority:3; metadata:hostile src_ip,created_at 2015-09-22,capec_id 310,updated_at 2015-09-22,filename misc.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181353;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLAR IRONCLAD Traffic Detected"; flow:established,to_client; content:"ironclad"; priority:4; metadata:hostile src_ip,created_at 2017-11-10,updated_at 2017-11-10,filename misc.rules,priority info,rule_source acme-rule-factory,attack_target client,attack_target vnc-client,protocols vnc,protocols tcp; rev:1; sid:80181354;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARACTERISTIC VOYAGE Traffic Detected"; flow:established, to_server; content:"voyage"; priority:3; metadata:hostile src_ip,created_at 2017-07-06,capec_id 286,updated_at 2017-07-28,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181355;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DELICIOUS TICKET Exploitation Attempt Seen"; flow:established, to_server; content:"ticket"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-05-09,updated_at 2019-05-17,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2016-2569835,protocols smb,protocols tcp; rev:1; sid:80181356;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICKEST MULTIMEDIA Malware Communication"; flow:established,to_server; content:"multimedia"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-22,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181357;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRINCIPAL BOTUNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"botUNKNOWN"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2016-08-09,capec_id 310,updated_at 2016-08-19,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2015-6728365,protocols smb,protocols tcp; rev:1; sid:80181358;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERNAL RIDDLE Traffic Detected"; flow:established; content:"riddle"; priority:3; metadata:created_at 2019-03-01,capec_id 123,updated_at 2019-03-04,filename overflow.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181359;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MONETARY VERDICT Traffic Detected"; flow:established; content:"verdict"; priority:3; metadata:created_at 2017-06-01,capec_id 123,updated_at 2017-06-07,filename overflow.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181360;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REAR CRUDE Traffic Detected"; flow:established; content:"crude"; priority:3; metadata:created_at 2019-05-15,capec_id 123,updated_at 2019-05-18,filename overflow.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181361;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - URBAN VIOLA Traffic Detected"; flow:established, to_server; content:"viola"; priority:3; metadata:hostile src_ip,created_at 2019-06-17,capec_id 123,updated_at 2019-06-19,filename overflow.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181362;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN INDUSTRY Traffic Detected"; flow:established; content:"industry"; priority:3; metadata:created_at 2016-06-27,capec_id 255,updated_at 2016-06-28,filename overflow.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181363;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEERFUL SALT Traffic Detected"; flow:established, to_server; content:"salt"; priority:3; metadata:hostile src_ip,created_at 2019-04-14,capec_id 100,updated_at 2019-04-19,filename overflow.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181364;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN APPLIANCE Traffic Detected"; flow:established; content:"appliance"; priority:3; metadata:created_at 2018-10-08,capec_id 255,updated_at 2018-10-17,filename overflow.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181365;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MISCOMMUNICATION Traffic Detected"; flow:established; content:"miscommunication"; priority:3; metadata:created_at 2018-10-21,capec_id 123,updated_at 2018-10-21,filename overflow.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181366;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY UNKNOWN Traffic Detected"; flow:established; content:"UNKNOWN"; priority:3; metadata:created_at 2019-02-22,capec_id 123,updated_at 2019-02-23,filename overflow.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181367;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANGRY LUNGE Traffic Detected"; flow:established, to_server; content:"lunge"; priority:3; metadata:hostile src_ip,created_at 2019-02-19,capec_id 255,updated_at 2019-02-24,filename overflow.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181368;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SORRY CONDITION Traffic Detected"; flow:established, to_client; file_data; content:"condition"; priority:3; metadata:hostile src_ip,created_at 2015-01-13,capec_id 253,updated_at 2015-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181369;) alert tcp $HOME_NET any -> any any (msg:"Acme - LOUD MONKEY Exploitation Attempt Seen"; flow:established, to_server; content:"monkey"; priority:4; metadata:cwe_id 119,created_at 2019-10-23,updated_at 2019-10-23,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.4,cve 2019-5765154,cvss_v2_temporal 1.9,protocols smb,protocols tcp; rev:2; sid:80181370;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INITIAL DRAFT Traffic Detected"; flow:established,to_server; content:"draft"; priority:3; metadata:hostile src_ip,created_at 2018-05-24,capec_id 66,updated_at 2018-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181371;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-04-14,capec_id 66,updated_at 2018-04-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181372;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE INSTUNKNOWNENTATION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"instUNKNOWNentation"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-02-19,capec_id 255,updated_at 2015-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target http-client,attack_target client,cve 2015-4074373,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:2; sid:80181373;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALONE SHAKE Malware Communication"; flow:established,to_server; content:"shake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-22,updated_at 2015-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181374;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELICIOUS CLIMB Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"climb"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-03,capec_id 119,updated_at 2019-04-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-3273725,cve 2017-3273725,cve 2017-3273725,cve 2017-3273725,cve 2017-3273725,cve 2017-3273725,cve 2017-3273725,protocols http,protocols tcp; rev:2; sid:80181375;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOCATIONAL NOTORIETY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"notoriety"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-02-11,capec_id 119,updated_at 2018-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-9931226,cve 2015-9931226,cve 2015-9931226,cve 2015-9931226,cve 2015-9931226,cve 2015-9931226,cve 2015-9931226,protocols http,protocols tcp; rev:2; sid:80181376;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCERNED THIRST Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"thirst"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-04,capec_id 100,updated_at 2019-08-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-7222646,protocols http,protocols tcp; rev:2; sid:80181377;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAPID CHAIRLIFT Exploitation Attempt Seen"; flow:established, to_client; content:"chairlift"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-11-07,capec_id 255,updated_at 2018-11-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-3959064,protocols http,protocols tcp; rev:3; sid:80181378;) alert tcp any any -> $HOME_NET any (msg:"Acme - INNER DWELLING Exploitation Attempt Seen"; flow:established, to_server; content:"dwelling"; priority:3; metadata:hostile src_ip,created_at 2019-08-12,updated_at 2019-08-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target tls-server,cve 2019-5037910,protocols tls,protocols tcp; rev:1; sid:80181379;) #alert http any any -> $HOME_NET any (msg:"Acme - LTD STORY Traffic Detected"; flow:established, to_server; content:"story"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-03-27,capec_id 310,updated_at 2019-03-27,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181380;) #alert http any any -> $HOME_NET any (msg:"Acme - DULL PICKET Traffic Detected"; flow:established, to_server; content:"picket"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-03-19,capec_id 310,updated_at 2019-03-21,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181381;) #alert http any any -> $HOME_NET any (msg:"Acme - FAIR UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2017-07-12,capec_id 310,updated_at 2017-07-17,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181382;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN RESTAURANT Traffic Detected"; flow:established, to_server; content:"restaurant"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2017-08-18,capec_id 310,updated_at 2017-08-18,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181383;) #alert http any any -> $HOME_NET any (msg:"Acme - SCARY FENCING Traffic Detected"; flow:established, to_server; content:"fencing"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-02-03,capec_id 310,updated_at 2019-02-24,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181384;) #alert http any any -> $HOME_NET any (msg:"Acme - FREQUENT MALLET Traffic Detected"; flow:established, to_server; content:"mallet"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-09-27,capec_id 310,updated_at 2019-09-28,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181385;) #alert http any any -> $HOME_NET any (msg:"Acme - ADVERSE MOWER Traffic Detected"; flow:established, to_server; content:"mower"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-10-16,capec_id 310,updated_at 2019-10-22,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181386;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPICY WRECKER Malware Communication"; flow:established,to_server; content:"wrecker"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-01,updated_at 2019-08-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181387;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FACSIMILE Exploitation Attempt Seen"; flow:established, to_client; content:"facsimile"; priority:4; metadata:cwe_id 119,created_at 2019-10-25,capec_id 255,updated_at 2019-10-27,filename acme.rules,priority info,rule_source acme-rule-factory,cve 2018-4268476,protocols ssh,protocols tcp; rev:1; sid:80181388;) #alert http any any -> $HOME_NET any (msg:"Acme - SUNNY GUARD Traffic Detected"; flow:established, to_server; content:"guard"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-06-21,capec_id 310,updated_at 2019-06-24,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181389;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OLYMPIC OPTION Traffic Detected"; flow:established, to_server; content:"option"; priority:4; metadata:created_at 2019-06-06,capec_id 115,updated_at 2019-06-09,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.3,cvss_v2_temporal 6.4,protocols ftp,protocols tcp; rev:2; sid:80181390;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCEPTUAL MILLISECOND Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"millisecond"; priority:3; metadata:cwe_id 264,cwe_id 399,cwe_id 20,cwe_id 119,cwe_id 79,cwe_id 189,hostile src_ip,created_at 2019-08-04,capec_id 128,updated_at 2019-08-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,cve 2019-3199075,protocols http,protocols tcp; rev:2; sid:80181391;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KEY THRONE Exploitation Attempt Seen"; flow:established, to_client; content:"throne"; priority:3; metadata:cwe_id 264,cwe_id 399,cwe_id 20,cwe_id 119,cwe_id 79,cwe_id 189,hostile src_ip,created_at 2019-10-09,capec_id 255,updated_at 2019-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,cve 2019-4998251,protocols http,protocols tcp; rev:2; sid:80181392;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TROPICAL CONSTELLATION Traffic Detected"; flow:established, to_server; content:"constellation"; priority:3; metadata:hostile src_ip,created_at 2019-05-26,updated_at 2019-05-26,filename smtp.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181393;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIDDEN DOWNGRADE Traffic Detected"; flow:established,to_server; content:"downgrade"; priority:4; metadata:hostile src_ip,created_at 2018-04-19,capec_id 290,updated_at 2018-04-22,filename smtp.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181394;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OCCASIONAL IRIDESCENCE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"iridescence"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2018-01-13,capec_id 248,updated_at 2018-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2017-9923912,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80181395;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTINCT GROCERY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"grocery"; priority:3; metadata:hostile src_ip,created_at 2019-10-14,capec_id 63,updated_at 2019-10-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-1379501,protocols http,protocols tcp; rev:2; sid:80181396;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESIDENTIAL TITANIUM Traffic Detected"; flow:established, to_client; file_data; content:"titanium"; priority:3; metadata:hostile src_ip,created_at 2017-10-21,capec_id 251,updated_at 2017-10-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181397;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARMING SMOKE Traffic Detected"; flow:established, to_server; content:"smoke"; priority:3; metadata:hostile src_ip,created_at 2017-06-03,updated_at 2017-06-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181398;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPICY FEAR Traffic Detected"; flow:established, to_server; content:"fear"; priority:3; metadata:hostile src_ip,created_at 2015-10-18,capec_id 118,updated_at 2015-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181399;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY LATEX Traffic Detected"; flow:established, to_client; file_data; content:"latex"; priority:3; metadata:hostile src_ip,created_at 2015-01-27,updated_at 2015-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181400;) drop tcp any any -> $HOME_NET any (msg:"Acme - CLOSE SAMOVAR Malware Communication"; flow:established; content:"samovar"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-04-22,updated_at 2019-04-28,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:3; sid:80181401;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBVIOUS TEACHING Traffic Detected"; flow:established, to_server; content:"teaching"; priority:3; metadata:hostile src_ip,created_at 2016-04-02,capec_id 135,updated_at 2016-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181402;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIVEN STRAIN Traffic Detected"; flow:established, to_server; content:"strain"; priority:3; metadata:hostile src_ip,created_at 2015-05-01,capec_id 118,updated_at 2015-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181403;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIVAL BULB Traffic Detected"; flow:established, to_server; content:"bulb"; priority:3; metadata:hostile src_ip,created_at 2018-05-20,capec_id 118,updated_at 2018-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181404;) #alert http any any -> $HOME_NET any (msg:"Acme - LAZY ASSUMPTION Traffic Detected"; flow:established, to_server; content:"assumption"; priority:3; metadata:hostile src_ip,created_at 2015-01-20,capec_id 310,updated_at 2015-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181405;) drop tcp any any -> $HOME_NET any (msg:"Acme - GRIEVING SIDESTREAM Malware Communication"; flow:established; content:"sidestream"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-08-16,updated_at 2018-08-21,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:2; sid:80181406;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANGRY EXPOSITION Traffic Detected"; flow:established, to_server; content:"exposition"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-02-11,capec_id 213,updated_at 2019-02-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181407;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POOR PUNCH Traffic Detected"; flow:established, to_server; content:"punch"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-11-24,capec_id 213,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181408;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ZEBRAFISH Traffic Detected"; flow:established, to_server; content:"zebrafish"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2016-02-11,capec_id 213,updated_at 2016-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181409;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLYMPIC EAGLE Malware Communication"; flow:established,to_client; content:"eagle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-01-22,updated_at 2019-01-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181410;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KIND FISHMONGER Exploitation Attempt Seen"; flow:established, to_client; content:"fishmonger"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2016-11-13,capec_id 100,updated_at 2016-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-7289062,cve 2015-7289062,cve 2015-7289062,cve 2015-7289062,protocols http,protocols tcp; rev:2; sid:80181411;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISLEADING PROFESSOR Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"professor"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2017-02-08,capec_id 100,updated_at 2017-02-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-3196496,cve 2015-3196496,cve 2015-3196496,cve 2015-3196496,protocols http,protocols tcp; rev:2; sid:80181412;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEDICAL IMPLEMENT Malware Communication"; flow:established,to_server; content:"implement"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-17,updated_at 2018-05-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181413;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREAT BUNCH Malware Communication"; flow:established,to_server; content:"bunch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-20,updated_at 2019-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181414;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OCCUPATIONAL FAUCET Malware Communication"; flow:established,to_server; content:"faucet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-22,updated_at 2017-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181415;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS HAT Exploitation Attempt Seen"; flow:established, to_server; content:"hat"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2017-06-10,updated_at 2017-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,attack_target http-server,cve 2016-9821929,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:1; sid:80181416;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCESSIBLE PINAFORE Traffic Detected"; flow:established, to_server; content:"pinafore"; priority:3; metadata:hostile src_ip,created_at 2019-03-22,capec_id 310,updated_at 2019-03-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181417;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BREEZY REFECTORY Malware Communication"; flow:established,to_server; content:"refectory"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-12,updated_at 2017-08-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181418;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPREHENSIVE UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-01-24,capec_id 151,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-841386,protocols http,protocols tcp; rev:2; sid:80181419;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THUNDERING CRIBBAGE Malware Communication"; flow:established,to_server; content:"cribbage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-07,updated_at 2016-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181420;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVOLUTIONARY METRO Malware Communication"; flow:established,to_server; content:"metro"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-07,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181421;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RASPY LYMPHOCYTE Exploitation Attempt Seen"; flow:established, to_server; content:"lymphocyte"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-08-22,capec_id 115,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target irc-server,attack_target server,cve 2017-871096,cvss_v2_temporal 7.5,protocols irc,protocols tcp; rev:1; sid:80181422;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNPY LAPDOG Exploitation Attempt Seen"; flow:established, to_server; content:"lapdog"; priority:3; metadata:cwe_id 20,cwe_id 183,hostile src_ip,created_at 2019-07-19,capec_id 115,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cve 2017-516618,cve 2017-516618,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80181423;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMOGGY TEACHER Exploitation Attempt Seen"; flow:established, to_server; content:"teacher"; priority:3; metadata:created_at 2017-03-27,capec_id 213,updated_at 2017-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-5708932,protocols ftp,protocols tcp; rev:1; sid:80181424;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MECHANICAL DIVING Exploitation Attempt Seen"; flow:established, to_client; content:"diving"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-01-25,capec_id 100,updated_at 2017-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,cve 2017-7228070,protocols ftp,protocols tcp; rev:1; sid:80181425;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LITERARY GARB Exploitation Attempt Seen"; flow:established, to_server; content:"garb"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2019-10-09,capec_id 128,updated_at 2019-10-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-6030236,protocols tcp; rev:1; sid:80181426;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOCATIONAL FRUIT Traffic Detected"; flow:established, to_client; file_data; content:"fruit"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-02-25,capec_id 248,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80181427;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SECRET ROSE Malware Communication"; flow:established,to_server; content:"rose"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-03,updated_at 2017-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181428;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SPLENDID TEMPORARY Traffic Detected"; flow:established, to_server; content:"temporary"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-10-22,capec_id 310,updated_at 2019-10-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target telnet-server,attack_target server,protocols telnet,protocols tcp; rev:1; sid:80181429;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SITUATION Exploitation Attempt Seen"; flow:established, to_server; content:"situation"; priority:3; metadata:hostile src_ip,created_at 2018-02-24,capec_id 255,updated_at 2018-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target pop-server,attack_target server,cve 2015-1706710,protocols tcp,protocols pop; rev:1; sid:80181430;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHY FOREVER Exploitation Attempt Seen"; flow:established, to_server; content:"forever"; priority:3; metadata:hostile src_ip,created_at 2018-08-22,capec_id 255,updated_at 2018-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-3356511,protocols tcp; rev:1; sid:80181431;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD-FASHIONED INCOME Traffic Detected"; flow:established, to_server; content:"income"; priority:3; metadata:hostile src_ip,created_at 2019-11-25,capec_id 310,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181432;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRIGHTENED REFRIGERATOR Traffic Detected"; flow:established, to_server; content:"refrigerator"; priority:3; metadata:hostile src_ip,created_at 2019-01-11,capec_id 310,updated_at 2019-01-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181433;) drop tcp $HOME_NET any -> any any (msg:"Acme - UNNECESSARY PLAIN Malware Communication"; flow:established,to_server; content:"plain"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-27,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181434;) alert tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN GRANDDAUGHTER Traffic Detected"; flow:established, to_client; content:"granddaughter"; priority:3; metadata:hostile dest_ip,created_at 2019-01-07,capec_id 112,updated_at 2019-01-12,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:2; sid:80181435;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE HIVE Malware Communication"; flow:established,to_server; content:"hive"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-08-19,updated_at 2015-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181436;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OPERA Traffic Detected"; flow:established,to_server; content:"opera"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-11-14,capec_id 7,updated_at 2019-11-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181437;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN COD Traffic Detected"; flow:established,to_server; content:"cod"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2015-09-15,capec_id 7,updated_at 2015-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181438;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVINCING HIGH-RISE Exploitation Attempt Seen"; flow:established, to_server; content:"high-rise"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-01-24,capec_id 213,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target server,cve 2018-1711979,cvss_v2_temporal 6.4,protocols tcp; rev:1; sid:80181439;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RURAL SHIFT Traffic Detected"; flow:established, to_server; content:"shift"; priority:3; metadata:hostile src_ip,created_at 2018-05-08,capec_id 125,updated_at 2018-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181440;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRIED VERANDA Traffic Detected"; flow:established, to_server; content:"veranda"; priority:4; metadata:hostile src_ip,created_at 2019-08-18,capec_id 125,updated_at 2019-08-22,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181441;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAT ZEBRAFISH Malware Communication"; flow:established,to_server; content:"zebrafish"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-01,updated_at 2019-10-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181442;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRIED PANSY Malware Communication"; flow:established, to_server; content:"pansy"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-04-11,updated_at 2018-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181443;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - READY CALCULATOR Malware Communication"; flow:established, to_server; content:"calculator"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2015-03-06,updated_at 2015-03-21,filename virus.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181444;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DAILY SAVE Malware Communication"; flow:established, to_server; content:"save"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-10-01,updated_at 2019-10-17,filename virus.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181445;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SHOAT Malware Communication"; flow:established,to_server; content:"shoat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-02,updated_at 2017-01-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181446;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AWFUL TRANSMISSION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"transmission"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-06-20,capec_id 119,updated_at 2018-06-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cve 2017-385370,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80181447;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RICH CRADLE Exploitation Attempt Seen"; flow:established, to_server; content:"cradle"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2015-03-16,capec_id 119,updated_at 2015-03-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-4587923,protocols http,protocols tcp; rev:2; sid:80181448;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAIN SHAKE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"shake"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-08-19,capec_id 253,updated_at 2018-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-7945328,protocols http,protocols tcp; rev:2; sid:80181449;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BOILING CORMORANT Exploitation Attempt Seen"; flow:established, to_server; content:"cormorant"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2015-09-24,capec_id 310,updated_at 2015-09-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-3159784,protocols http,protocols tcp; rev:2; sid:80181450;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTENSE TAM-O'-SHANTER Traffic Detected"; flow:established, to_server; content:"tam-o'-shanter"; priority:3; metadata:hostile src_ip,created_at 2018-04-21,capec_id 310,updated_at 2018-04-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181451;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENSE DUD Traffic Detected"; flow:established, to_server; content:"dud"; priority:3; metadata:hostile src_ip,created_at 2016-02-07,capec_id 310,updated_at 2016-02-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181452;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEADING UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-09-27,capec_id 310,updated_at 2017-09-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181453;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TINY COMMISSION Traffic Detected"; flow:established,to_server; content:"commission"; priority:3; metadata:hostile src_ip,created_at 2016-08-02,capec_id 310,updated_at 2016-08-15,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181454;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREY ADVERTISEMENT Traffic Detected"; flow:established,to_server; content:"advertisement"; priority:3; metadata:hostile src_ip,created_at 2019-11-26,capec_id 310,updated_at 2019-11-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181455;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERNAL CO-PRODUCER Traffic Detected"; flow:established,to_server; content:"co-producer"; priority:3; metadata:hostile src_ip,created_at 2018-08-04,capec_id 310,updated_at 2018-08-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181456;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELEVANT STALLION Traffic Detected"; flow:established, to_server; content:"stallion"; priority:3; metadata:hostile src_ip,created_at 2018-03-15,capec_id 310,updated_at 2018-03-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181457;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRIMINAL GRAND Traffic Detected"; flow:established, to_server; content:"grand"; priority:3; metadata:hostile src_ip,created_at 2016-06-17,capec_id 310,updated_at 2016-06-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181458;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIVIC TARD Traffic Detected"; flow:established, to_server; content:"tard"; priority:3; metadata:hostile src_ip,created_at 2016-05-06,capec_id 310,updated_at 2016-05-06,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181459;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPOTLESS FINISH Exploitation Attempt Seen"; flow:established, to_server; content:"finish"; priority:3; metadata:hostile src_ip,created_at 2018-08-01,capec_id 310,updated_at 2018-08-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-3576783,protocols http,protocols tcp; rev:2; sid:80181460;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARYING AUTHORITY Traffic Detected"; flow:established, to_server; content:"authority"; priority:3; metadata:hostile src_ip,created_at 2019-04-11,capec_id 310,updated_at 2019-04-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181461;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NERVOUS SPEAKERPUNKNOWNE Traffic Detected"; flow:established, to_server; content:"speakerpUNKNOWNe"; priority:3; metadata:hostile src_ip,created_at 2018-07-05,capec_id 310,updated_at 2018-07-18,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181462;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AWFUL UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-01-07,capec_id 310,updated_at 2019-01-18,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181463;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUCIAL CRASH Traffic Detected"; flow:established, to_server; content:"crash"; priority:3; metadata:hostile src_ip,created_at 2018-01-08,capec_id 310,updated_at 2018-01-13,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181464;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRAINY GUARANTEE Traffic Detected"; flow:established, to_server; content:"guarantee"; priority:3; metadata:hostile src_ip,created_at 2017-09-26,capec_id 310,updated_at 2017-09-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181465;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLYMPIC CARLOAD Traffic Detected"; flow:established, to_server; content:"carload"; priority:3; metadata:hostile src_ip,created_at 2017-08-01,capec_id 310,updated_at 2017-08-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181466;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POWERFUL UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2016-02-07,capec_id 310,updated_at 2016-02-07,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-9582683,protocols http,protocols tcp; rev:2; sid:80181467;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN INNOCENCE Exploitation Attempt Seen"; flow:established, to_server; content:"innocence"; priority:3; metadata:hostile src_ip,created_at 2019-01-05,capec_id 310,updated_at 2019-01-13,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-2212997,protocols http,protocols tcp; rev:2; sid:80181468;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFIDENTIAL STOCKING Traffic Detected"; flow:established, to_server; content:"stocking"; priority:3; metadata:hostile src_ip,created_at 2018-10-12,capec_id 310,updated_at 2018-10-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181469;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PETITE UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-04-09,capec_id 310,updated_at 2017-04-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-2212457,protocols http,protocols tcp; rev:2; sid:80181470;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PETITE FEW Traffic Detected"; flow:established, to_server; content:"few"; priority:3; metadata:hostile src_ip,created_at 2019-02-17,capec_id 310,updated_at 2019-02-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181471;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAUTIOUS EAT Traffic Detected"; flow:established, to_server; content:"eat"; priority:3; metadata:hostile src_ip,created_at 2019-06-06,capec_id 310,updated_at 2019-06-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181472;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEAK DESK Traffic Detected"; flow:established, to_server; content:"desk"; priority:3; metadata:hostile src_ip,created_at 2018-08-03,capec_id 310,updated_at 2018-08-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181473;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WHISPERING GEOGRAPHY Traffic Detected"; flow:established, to_server; content:"geography"; priority:3; metadata:hostile src_ip,created_at 2017-03-05,capec_id 310,updated_at 2017-03-19,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181474;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - PURPLE ESPADRILLE Traffic Detected"; flow:established, to_server; content:"espadrille"; priority:3; metadata:hostile src_ip,created_at 2019-07-21,capec_id 310,updated_at 2019-07-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181475;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERNAL GRIEF Traffic Detected"; flow:established, to_server; content:"grief"; priority:3; metadata:hostile src_ip,created_at 2019-05-19,capec_id 310,updated_at 2019-05-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181476;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEFIANT JUICE Traffic Detected"; flow:established, to_server; content:"juice"; priority:3; metadata:hostile src_ip,created_at 2017-05-13,capec_id 310,updated_at 2017-05-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181477;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - PREMIER CUPCAKE Exploitation Attempt Seen"; flow:established,to_client; content:"cupcake"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2017-03-25,capec_id 100,updated_at 2017-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6874383,protocols http,protocols tcp; rev:1; sid:80181478;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POLITICAL RIDE Traffic Detected"; flow:established, to_server; content:"ride"; priority:3; metadata:hostile src_ip,created_at 2018-02-18,capec_id 310,updated_at 2018-02-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181479;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUOUS ROD Exploitation Attempt Seen"; flow:established, to_server; content:"rod"; priority:3; metadata:hostile src_ip,created_at 2019-11-08,capec_id 310,updated_at 2019-11-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-9508517,protocols http,protocols tcp; rev:2; sid:80181480;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHARED VOICE Exploitation Attempt Seen"; flow:established,to_client; content:"voice"; priority:3; metadata:hostile src_ip,created_at 2016-02-17,capec_id 253,updated_at 2016-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-2207999,protocols http,protocols tcp; rev:1; sid:80181481;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AVERAGE FEUNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"feUNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-07-06,capec_id 248,updated_at 2018-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-5691481,protocols http,protocols tcp; rev:1; sid:80181482;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BOTUNKNOWN HUMIDITY Traffic Detected"; flow:established, to_server; content:"humidity"; priority:3; metadata:hostile src_ip,created_at 2018-01-13,capec_id 310,updated_at 2018-01-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181483;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUAINT TRIBE Traffic Detected"; flow:established, to_server; content:"tribe"; priority:3; metadata:hostile src_ip,created_at 2019-04-12,capec_id 310,updated_at 2019-04-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181484;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRACEFUL SCRIP Malware Communication"; flow:established,to_server; content:"scrip"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-02,updated_at 2018-10-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181485;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RED GOOD Traffic Detected"; flow:established,to_server; content:"good"; priority:3; metadata:hostile src_ip,created_at 2018-01-26,capec_id 310,updated_at 2018-01-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181486;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIABLE UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-08-12,capec_id 310,updated_at 2018-08-17,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181487;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHRONIC IN-JOKE Traffic Detected"; flow:established,to_server; content:"in-joke"; priority:3; metadata:hostile src_ip,created_at 2017-03-16,capec_id 310,updated_at 2017-03-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181488;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YOUNG QUARTZ Traffic Detected"; flow:established,to_server; content:"quartz"; priority:3; metadata:hostile src_ip,created_at 2016-05-21,capec_id 310,updated_at 2016-05-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181489;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURE HATRED Exploitation Attempt Seen"; flow:established, to_server; content:"hatred"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-11-16,capec_id 118,updated_at 2018-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-9487967,protocols http,protocols tcp; rev:2; sid:80181490;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BEAR Traffic Detected"; flow:established,to_server; content:"bear"; priority:3; metadata:hostile src_ip,created_at 2017-05-07,capec_id 310,updated_at 2017-05-12,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181491;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AESTHETIC SCARIFICATION Traffic Detected"; flow:established,to_server; content:"scarification"; priority:3; metadata:hostile src_ip,created_at 2018-07-23,capec_id 310,updated_at 2018-07-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181492;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELATED GARB Traffic Detected"; flow:established,to_server; content:"garb"; priority:3; metadata:hostile src_ip,created_at 2017-07-16,capec_id 310,updated_at 2017-07-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181493;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REALISTIC REFLECTION Traffic Detected"; flow:established,to_server; content:"reflection"; priority:3; metadata:hostile src_ip,created_at 2019-11-17,capec_id 310,updated_at 2019-11-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181494;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RETIRED GLASSES Exploitation Attempt Seen"; flow:established, to_server; content:"glasses"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-05-02,capec_id 248,updated_at 2018-05-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-2908209,protocols http,protocols tcp; rev:2; sid:80181495;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE-EYED CONTROL Exploitation Attempt Seen"; flow:established, to_server; content:"control"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-06-24,capec_id 118,updated_at 2018-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-4756615,protocols http,protocols tcp; rev:2; sid:80181496;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN INDICATION Traffic Detected"; flow:established, to_server; content:"indication"; priority:3; metadata:hostile src_ip,created_at 2019-04-26,capec_id 310,updated_at 2019-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181497;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MODERN CARBON Traffic Detected"; flow:established, to_server; content:"carbon"; priority:3; metadata:hostile src_ip,created_at 2019-09-15,capec_id 310,updated_at 2019-09-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181498;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN FUTURE Traffic Detected"; flow:established, to_server; content:"future"; priority:3; metadata:hostile src_ip,created_at 2019-03-18,capec_id 310,updated_at 2019-03-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181499;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL TENNIS Traffic Detected"; flow:established, to_server; content:"tennis"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-09-27,capec_id 118,updated_at 2018-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181500;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CASTANETS Traffic Detected"; flow:established, to_server; content:"castanets"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-06-27,capec_id 118,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181501;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEERFUL TEAM Traffic Detected"; flow:established, to_server; content:"team"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-02-21,capec_id 118,updated_at 2019-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181502;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPRESSIVE SKATE Traffic Detected"; flow:established, to_server; content:"skate"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-08-15,capec_id 118,updated_at 2018-08-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181503;) alert http any any -> $HOME_NET any (msg:"Acme - GUILTY UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile dest_ip,created_at 2019-08-15,capec_id 66,updated_at 2019-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181504;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - FRONT MANNER Traffic Detected"; flow:established,to_server; content:"manner"; priority:3; metadata:hostile src_ip,created_at 2017-05-26,capec_id 66,updated_at 2017-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181505;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - REGULAR MOMENT Traffic Detected"; flow:established,to_server; content:"moment"; priority:3; metadata:hostile src_ip,created_at 2016-06-12,capec_id 66,updated_at 2016-06-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181506;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIVINE BASSOON Traffic Detected"; flow:established, to_server; content:"bassoon"; priority:3; metadata:hostile src_ip,created_at 2017-03-18,capec_id 310,updated_at 2017-03-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181507;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SOLE UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-03-26,capec_id 66,updated_at 2018-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181508;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISGUSTED SURVEY Exploitation Attempt Seen"; flow:established, to_server; content:"survey"; priority:3; metadata:hostile src_ip,created_at 2018-10-07,capec_id 310,updated_at 2018-10-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-6094752,protocols http,protocols tcp; rev:2; sid:80181509;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT HACKWORK Traffic Detected"; flow:established, to_server; content:"hackwork"; priority:3; metadata:hostile src_ip,created_at 2018-06-12,capec_id 310,updated_at 2018-06-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181510;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CERTAIN INK Traffic Detected"; flow:established, to_server; content:"ink"; priority:3; metadata:hostile src_ip,created_at 2017-06-14,capec_id 310,updated_at 2017-06-19,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181511;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEGITIMATE PICKLE Traffic Detected"; flow:established, to_server; content:"pickle"; priority:3; metadata:hostile src_ip,created_at 2019-11-15,capec_id 310,updated_at 2019-11-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181512;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELECTUNKNOWN LUNCH Traffic Detected"; flow:established, to_server; content:"lunch"; priority:3; metadata:hostile src_ip,created_at 2016-09-25,capec_id 310,updated_at 2016-09-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181513;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRAIGHTFORWARD UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-04-19,capec_id 310,updated_at 2018-04-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-5886997,protocols http,protocols tcp; rev:2; sid:80181514;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMERICAN MIXER Traffic Detected"; flow:established, to_server; content:"mixer"; priority:3; metadata:hostile src_ip,created_at 2018-08-07,capec_id 310,updated_at 2018-08-12,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181515;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TERRIBLE PRIMARY Exploitation Attempt Seen"; flow:established, to_server; content:"primary"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-08-18,updated_at 2018-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-3949218,protocols http,protocols tcp; rev:1; sid:80181516;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CANOPY Exploitation Attempt Seen"; flow:established, to_server; content:"canopy"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-01-03,capec_id 63,updated_at 2019-01-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-7000301,protocols http,protocols tcp; rev:2; sid:80181517;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AGREEABLE HAY Exploitation Attempt Seen"; flow:established, to_server; content:"hay"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2017-07-04,capec_id 248,updated_at 2017-07-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-7072569,protocols http,protocols tcp; rev:2; sid:80181518;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN AFTERSHAVE Malware Communication"; flow:established,to_server; content:"aftershave"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-21,updated_at 2017-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181519;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAVY TIME Malware Communication"; flow:established,to_server; content:"time"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-23,updated_at 2018-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181520;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CONTINUOUS INSIDE Exploitation Attempt Seen"; flow:established,to_client; content:"inside"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-04-18,capec_id 253,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target http-client,attack_target client,cve 2018-1574111,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:1; sid:80181521;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEFEATED GLADIOLUS Traffic Detected"; flow:established, to_server; content:"gladiolus"; priority:3; metadata:hostile src_ip,created_at 2018-02-03,capec_id 253,updated_at 2018-02-10,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181522;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RAINSTORM Exploitation Attempt Seen"; flow:established,to_server; content:"rainstorm"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2016-10-12,updated_at 2016-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,attack_target http-server,cve 2015-3477680,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80181523;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCREECHING TEXTBOOK Exploitation Attempt Seen"; flow:established, to_server; content:"textbook"; priority:3; metadata:hostile src_ip,created_at 2019-02-21,capec_id 310,updated_at 2019-02-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-2865590,protocols http,protocols tcp; rev:2; sid:80181524;) #alert http any any -> $HOME_NET any (msg:"Acme - GIVEN SALT Traffic Detected"; flow:established, to_server; content:"salt"; priority:3; metadata:hostile src_ip,created_at 2019-05-23,capec_id 310,updated_at 2019-05-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181525;) #alert http any any -> $HOME_NET any (msg:"Acme - TEMPORARY CHAIRMAN Exploitation Attempt Seen"; flow:established, to_server; content:"chairman"; priority:3; metadata:hostile src_ip,created_at 2019-02-19,capec_id 310,updated_at 2019-02-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-5913962,protocols http,protocols tcp; rev:2; sid:80181526;) #alert http any any -> $HOME_NET any (msg:"Acme - DIFFICULT COMMUNICANT Exploitation Attempt Seen"; flow:established, to_server; content:"communicant"; priority:3; metadata:hostile src_ip,created_at 2018-01-05,capec_id 310,updated_at 2018-01-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-8817053,protocols http,protocols tcp; rev:2; sid:80181527;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MULTIPLE REST Exploitation Attempt Seen"; flow:established, to_server; content:"rest"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-07,capec_id 255,updated_at 2019-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,cve 2019-196033,cvss_v2_temporal 4.4,protocols tcp; rev:1; sid:80181528;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHARED AIRPORT Traffic Detected"; flow:established, to_server; content:"airport"; priority:3; metadata:hostile src_ip,created_at 2018-06-20,capec_id 310,updated_at 2018-06-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181529;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CALM HELICOPTER Malware Communication"; flow:established,to_server; content:"helicopter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-20,updated_at 2019-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181530;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MID PEER-TO-PEER Traffic Detected"; flow:established, to_server; content:"peer-to-peer"; priority:3; metadata:hostile src_ip,created_at 2018-11-04,capec_id 310,updated_at 2018-11-05,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181531;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CORRECT OAR Traffic Detected"; flow:established, to_server; content:"oar"; priority:3; metadata:hostile src_ip,created_at 2019-04-02,capec_id 310,updated_at 2019-04-16,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181532;) #alert http any any -> $HOME_NET any (msg:"Acme - ALTERUNKNOWN RHINOCEROS Exploitation Attempt Seen"; flow:established, to_server; content:"rhinoceros"; priority:3; metadata:hostile src_ip,created_at 2018-06-16,capec_id 310,updated_at 2018-06-18,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2951166,protocols http,protocols tcp; rev:2; sid:80181533;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2016-08-18,capec_id 310,updated_at 2016-08-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181534;) #alert http any any -> $HOME_NET any (msg:"Acme - FEUNKNOWN MACRAME Exploitation Attempt Seen"; flow:established, to_server; content:"macrame"; priority:3; metadata:hostile src_ip,created_at 2017-05-13,capec_id 310,updated_at 2017-05-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-8598559,protocols http,protocols tcp; rev:2; sid:80181535;) #alert http any any -> $HOME_NET any (msg:"Acme - FIERCE SUPERMARKET Exploitation Attempt Seen"; flow:established, to_server; content:"supermarket"; priority:3; metadata:hostile src_ip,created_at 2019-03-18,capec_id 310,updated_at 2019-03-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-6833233,protocols http,protocols tcp; rev:2; sid:80181536;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTIRE SOW Traffic Detected"; flow:established, to_server; content:"sow"; priority:3; metadata:cwe_id 657,hostile dest_ip,created_at 2019-05-04,updated_at 2019-05-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181537;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINOR KNOWLEDGE Malware Communication"; flow:established, to_server; content:"knowledge"; priority:4; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-12,updated_at 2018-06-24,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181538;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BAGGAGE Traffic Detected"; flow:established, to_server; content:"baggage"; priority:3; metadata:hostile src_ip,created_at 2019-11-25,capec_id 310,updated_at 2019-11-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181539;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TECHNOLOGICAL EXAMINATION Traffic Detected"; flow:established, to_server; content:"examination"; priority:3; metadata:hostile src_ip,created_at 2018-08-04,capec_id 310,updated_at 2018-08-04,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181540;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRETTY HANDSAW Exploitation Attempt Seen"; flow:established, to_server; content:"handsaw"; priority:3; metadata:hostile src_ip,created_at 2018-11-10,capec_id 310,updated_at 2018-11-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-1169775,protocols http,protocols tcp; rev:2; sid:80181541;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIME COMFORTABLE Malware Communication"; flow:established,to_server; content:"comfortable"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-11,updated_at 2017-06-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181542;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN IDEAL Traffic Detected"; flow:established, to_server; content:"ideal"; priority:3; metadata:hostile src_ip,created_at 2019-01-17,capec_id 310,updated_at 2019-01-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181543;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINENTAL SECRETARY Traffic Detected"; flow:established, to_server; content:"secretary"; priority:3; metadata:hostile src_ip,created_at 2016-09-10,capec_id 310,updated_at 2016-09-14,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181544;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN APOLOGY Exploitation Attempt Seen"; flow:established, to_server; content:"apology"; priority:3; metadata:hostile src_ip,created_at 2018-07-17,capec_id 310,updated_at 2018-07-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-9954323,protocols http,protocols tcp; rev:2; sid:80181545;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WOODEN STALLION Traffic Detected"; flow:established, to_server; content:"stallion"; priority:3; metadata:hostile src_ip,created_at 2017-05-13,capec_id 310,updated_at 2017-05-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181546;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIXED MARKETING Traffic Detected"; flow:established, to_server; content:"marketing"; priority:3; metadata:hostile src_ip,created_at 2019-11-04,capec_id 310,updated_at 2019-11-16,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181547;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ICY SPEAR Traffic Detected"; flow:established, to_server; content:"spear"; priority:3; metadata:hostile src_ip,created_at 2019-06-01,capec_id 310,updated_at 2019-06-13,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181548;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN JEFF Traffic Detected"; flow:established, to_server; content:"jeff"; priority:3; metadata:hostile src_ip,created_at 2016-08-08,capec_id 310,updated_at 2016-08-17,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181549;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCRETE UNKNOWNENING Traffic Detected"; flow:established, to_server; content:"UNKNOWNening"; priority:3; metadata:hostile src_ip,created_at 2019-04-16,capec_id 310,updated_at 2019-04-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181550;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BASIC HOME Traffic Detected"; flow:established, to_server; content:"home"; priority:3; metadata:hostile src_ip,created_at 2019-05-17,capec_id 310,updated_at 2019-05-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181551;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VICTORIOUS CRAFT Traffic Detected"; flow:established, to_server; content:"craft"; priority:3; metadata:hostile src_ip,created_at 2017-01-12,capec_id 310,updated_at 2017-01-12,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181552;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUAL WAKE Traffic Detected"; flow:established, to_server; content:"wake"; priority:3; metadata:hostile src_ip,created_at 2019-03-02,capec_id 310,updated_at 2019-03-16,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181553;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP HIPPOPOTAMUS Traffic Detected"; flow:established, to_server; content:"hippopotamus"; priority:3; metadata:hostile src_ip,created_at 2018-09-08,capec_id 310,updated_at 2018-09-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181554;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNFAIR RETOUCH Traffic Detected"; flow:established, to_server; content:"retouch"; priority:3; metadata:hostile src_ip,created_at 2018-09-10,capec_id 310,updated_at 2018-09-11,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181555;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIGHTY CAPON Traffic Detected"; flow:established, to_server; content:"capon"; priority:3; metadata:hostile src_ip,created_at 2019-06-08,capec_id 310,updated_at 2019-06-09,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181556;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS BRAIN Exploitation Attempt Seen"; flow:established, to_server; content:"brain"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-09-03,capec_id 310,updated_at 2019-09-15,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-1449586,protocols http,protocols tcp; rev:2; sid:80181557;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOUD GLOVES Traffic Detected"; flow:established, to_server; content:"gloves"; priority:3; metadata:hostile src_ip,created_at 2018-03-26,capec_id 310,updated_at 2018-03-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181558;) #alert http any any -> $HOME_NET any (msg:"Acme - JITTERY EXCHANGE Traffic Detected"; flow:established, to_server; content:"exchange"; priority:3; metadata:hostile src_ip,created_at 2019-08-24,capec_id 310,updated_at 2019-08-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181559;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - INDUSTRIAL GARDEN Traffic Detected"; flow:established, to_server; content:"garden"; priority:3; metadata:hostile src_ip,created_at 2015-05-21,capec_id 310,updated_at 2015-05-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181560;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPERIENCED STONEWORK Traffic Detected"; flow:established, to_server; content:"stonework"; priority:3; metadata:hostile src_ip,created_at 2019-10-19,capec_id 310,updated_at 2019-10-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181561;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSOLUTE BOAR Traffic Detected"; flow:established, to_server; content:"boar"; priority:3; metadata:hostile src_ip,created_at 2016-03-21,capec_id 310,updated_at 2016-03-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181562;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SATISFACTORY STREAM Traffic Detected"; flow:established, to_server; content:"stream"; priority:3; metadata:hostile src_ip,created_at 2015-03-23,capec_id 310,updated_at 2015-03-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181563;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SOOT Traffic Detected"; flow:established, to_server; content:"soot"; priority:3; metadata:hostile src_ip,created_at 2019-10-24,capec_id 310,updated_at 2019-10-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181564;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MINIMAL CONE Traffic Detected"; flow:established, to_server; content:"cone"; priority:3; metadata:hostile src_ip,created_at 2019-08-07,capec_id 310,updated_at 2019-08-12,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181565;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUST HEART Traffic Detected"; flow:established, to_server; content:"heart"; priority:3; metadata:hostile src_ip,created_at 2019-08-21,capec_id 310,updated_at 2019-08-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181566;) #alert http any any -> $HOME_NET any (msg:"Acme - RASPY MARKET Traffic Detected"; flow:established, to_server; content:"market"; priority:3; metadata:hostile src_ip,created_at 2019-01-24,capec_id 310,updated_at 2019-01-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181567;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCORNFUL UNKNOWNHPASTE Traffic Detected"; flow:established, to_server; content:"UNKNOWNhpaste"; priority:3; metadata:hostile src_ip,created_at 2019-01-15,capec_id 310,updated_at 2019-01-17,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181568;) #alert http any any -> $HOME_NET any (msg:"Acme - NOTABLE GLUE Exploitation Attempt Seen"; flow:established, to_server; content:"glue"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-03-10,capec_id 310,updated_at 2018-03-13,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-4188071,protocols http,protocols tcp; rev:2; sid:80181569;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARIED BEND Exploitation Attempt Seen"; flow:established, to_server; content:"bend"; priority:3; metadata:hostile src_ip,created_at 2017-07-14,capec_id 310,updated_at 2017-07-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-6622260,protocols http,protocols tcp; rev:2; sid:80181570;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIGID TRADE Traffic Detected"; flow:established, to_server; content:"trade"; priority:3; metadata:hostile src_ip,created_at 2017-01-13,capec_id 310,updated_at 2017-01-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181571;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUAL ROADWAY Traffic Detected"; flow:established, to_server; content:"roadway"; priority:3; metadata:hostile src_ip,created_at 2017-09-02,capec_id 310,updated_at 2017-09-07,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181572;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEFT BEARD Traffic Detected"; flow:established, to_server; content:"beard"; priority:3; metadata:hostile src_ip,created_at 2019-04-25,capec_id 310,updated_at 2019-04-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181573;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIDICULOUS UNKNOWNPER Traffic Detected"; flow:established, to_server; content:"UNKNOWNper"; priority:3; metadata:hostile src_ip,created_at 2018-04-13,capec_id 310,updated_at 2018-04-13,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181574;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LATE FORMER Traffic Detected"; flow:established, to_server; content:"former"; priority:3; metadata:hostile src_ip,created_at 2018-11-09,capec_id 310,updated_at 2018-11-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181575;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LATE GLEN Traffic Detected"; flow:established, to_server; content:"glen"; priority:3; metadata:hostile src_ip,created_at 2018-07-09,capec_id 310,updated_at 2018-07-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181576;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DOUBLE APPOINTMENT Traffic Detected"; flow:established, to_server; content:"appointment"; priority:3; metadata:hostile src_ip,created_at 2017-02-18,capec_id 310,updated_at 2017-02-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181577;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERESTED UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-03-16,capec_id 156,updated_at 2019-03-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2017-8438273,protocols tcp; rev:1; sid:80181578;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPLICIT APERITIF Traffic Detected"; flow:established, to_server; content:"aperitif"; priority:3; metadata:hostile src_ip,created_at 2015-06-07,capec_id 310,updated_at 2015-06-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181579;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CORRESPONDING EMPLOYER Malware Communication"; flow:established, to_client; content:"employer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-01-14,updated_at 2018-01-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80181580;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - METROPOLITAN PEAR Traffic Detected"; flow:established, to_server; content:"pear"; priority:3; metadata:hostile src_ip,created_at 2018-09-01,capec_id 310,updated_at 2018-09-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181581;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - TOTAL PILGRIMAGE Exploitation Attempt Seen"; flow:established,to_client; content:"pilgrimage"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-06-21,capec_id 253,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-8714563,protocols http,protocols tcp; rev:1; sid:80181582;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRIED CRACK Exploitation Attempt Seen"; flow:established, to_server; content:"crack"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2017-02-06,capec_id 119,updated_at 2017-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cve 2017-9128875,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80181583;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ANALOGY Exploitation Attempt Seen"; flow:established, to_server; content:"analogy"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2019-02-26,capec_id 119,updated_at 2019-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cve 2015-5757716,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80181584;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL BATHTUB Malware Communication"; flow:established,to_server; content:"bathtub"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-24,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181585;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NORMAL PETTICOAT Traffic Detected"; flow:established, to_server; content:"petticoat"; priority:3; metadata:hostile src_ip,created_at 2017-04-01,capec_id 310,updated_at 2017-04-14,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181586;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACTUAL POULTRY Exploitation Attempt Seen"; flow:established, to_server; content:"poultry"; priority:3; metadata:hostile src_ip,created_at 2017-10-26,capec_id 310,updated_at 2017-10-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-7133843,protocols http,protocols tcp; rev:2; sid:80181587;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLOSSAL GHOST Traffic Detected"; flow:established, to_server; content:"ghost"; priority:3; metadata:hostile src_ip,created_at 2015-03-11,capec_id 310,updated_at 2015-03-17,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181588;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CRUCIAL THRUSH Traffic Detected"; flow:established, to_server; content:"thrush"; priority:3; metadata:hostile src_ip,created_at 2016-08-17,capec_id 310,updated_at 2016-08-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181589;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNEST PHEASANT Traffic Detected"; flow:established, to_server; content:"pheasant"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2019-06-21,capec_id 49,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181590;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUICKEST WALK Traffic Detected"; flow:established; content:"walk"; priority:3; metadata:created_at 2019-01-03,capec_id 100,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181591;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - STEADY BRUSH Traffic Detected"; flow:established, to_server; content:"brush"; priority:3; metadata:hostile src_ip,created_at 2017-02-21,capec_id 310,updated_at 2017-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181592;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN HURT Traffic Detected"; flow:established, to_server; content:"hurt"; priority:3; metadata:hostile src_ip,created_at 2018-01-10,capec_id 310,updated_at 2018-01-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181593;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENETIC TORSO Traffic Detected"; flow:established, to_server; content:"torso"; priority:4; metadata:hostile src_ip,created_at 2019-11-12,updated_at 2019-11-16,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181594;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONELY UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-08-09,updated_at 2017-08-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181595;) #alert http any any -> $HOME_NET any (msg:"Acme - CRUCIAL SUSPENDERS Traffic Detected"; flow:established, to_server; content:"suspenders"; priority:3; metadata:hostile src_ip,created_at 2018-06-25,capec_id 310,updated_at 2018-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181596;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JITTERY BULLDOZER Traffic Detected"; flow:established,to_server; content:"bulldozer"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-04-03,capec_id 213,updated_at 2019-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181597;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BAD URN Malware Communication"; flow:established,to_server; content:"urn"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-10,updated_at 2019-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181598;) drop tcp $HOME_NET any -> any any (msg:"Acme - INVISIBLE WARNING Malware Communication"; flow:established,to_server; content:"warning"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-27,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181599;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LOBSTER Malware Communication"; flow:established,to_server; content:"lobster"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-24,updated_at 2018-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181600;) drop tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN BUNCH Malware Communication"; flow:established,to_server; content:"bunch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-03,updated_at 2019-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181601;) #alert http any any -> $HOME_NET any (msg:"Acme - ARTIFICIAL BABOON Traffic Detected"; flow:established, to_server; content:"baboon"; priority:3; metadata:hostile src_ip,created_at 2019-08-16,capec_id 119,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181602;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COOPERATIVE APPARATUS Traffic Detected"; flow:established,to_client; file_data; content:"apparatus"; priority:3; metadata:cwe_id 134,hostile src_ip,created_at 2016-08-24,capec_id 135,updated_at 2016-08-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80181603;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SQUARE YIN Traffic Detected"; flow:established,to_client; file_data; content:"yin"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-08-21,capec_id 253,updated_at 2017-08-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target http-client,attack_target client,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80181604;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURVIVING WORLD Traffic Detected"; flow:established,to_client; file_data; content:"world"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-07-02,capec_id 253,updated_at 2019-07-07,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80181605;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY STEAL Traffic Detected"; flow:established, to_server; content:"steal"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-01-23,capec_id 213,updated_at 2017-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181606;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RADICAL BEGINNER Traffic Detected"; flow:established, to_server; content:"beginner"; priority:3; metadata:hostile src_ip,created_at 2018-02-25,capec_id 66,updated_at 2018-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181607;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIGHTY REPEAT Traffic Detected"; flow:established, to_server; content:"repeat"; priority:3; metadata:hostile src_ip,created_at 2018-05-24,capec_id 66,updated_at 2018-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181608;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUBJECTIVE HEART Traffic Detected"; flow:established, to_server; content:"heart"; priority:3; metadata:hostile src_ip,created_at 2018-08-13,capec_id 66,updated_at 2018-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181609;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMMENSE TRUNK Traffic Detected"; flow:established, to_server; content:"trunk"; priority:3; metadata:cwe_id 307,hostile dest_ip,created_at 2016-06-09,updated_at 2016-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80181610;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BOILING HAMMER Traffic Detected"; flow:established, to_server; content:"hammer"; priority:3; metadata:hostile src_ip,created_at 2018-05-02,capec_id 213,updated_at 2018-05-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181611;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - AGGREGATE GAITERS Traffic Detected"; flow:established, to_server; content:"gaiters"; priority:3; metadata:hostile src_ip,created_at 2018-06-20,capec_id 119,updated_at 2018-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181612;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COSTLY CURRENCY Traffic Detected"; flow:established, to_server; content:"currency"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-08-25,capec_id 213,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181613;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURE MEASUREMENT Traffic Detected"; flow:established, to_server; content:"measurement"; priority:3; metadata:hostile src_ip,created_at 2019-05-19,capec_id 310,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181614;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBNOXIOUS CLASP Traffic Detected"; flow:established, to_server; content:"clasp"; priority:3; metadata:hostile src_ip,created_at 2019-05-27,capec_id 213,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181615;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASLEEP SWALLOW Malware Communication"; flow:established,to_server; content:"swallow"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-18,updated_at 2017-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181616;) #alert tcp any any -> $HOME_NET any (msg:"Acme - NEAR SPORT Traffic Detected"; flow:established, to_server; content:"sport"; priority:3; metadata:hostile src_ip,created_at 2019-11-15,capec_id 310,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181617;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - IMMENSE CHIVE Traffic Detected"; flow:established, to_server; content:"chive"; priority:3; metadata:hostile src_ip,created_at 2016-05-04,capec_id 119,updated_at 2016-05-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181618;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN THREAD Traffic Detected"; flow:established, to_server; content:"thread"; priority:3; metadata:hostile src_ip,created_at 2019-03-23,capec_id 310,updated_at 2019-03-25,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:1; sid:80181619;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPREHENSIVE WOLF Malware Communication"; flow:established,to_server; content:"wolf"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-17,updated_at 2017-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181620;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL CAMPAIGN Malware Communication"; flow:established, to_client; content:"campaign"; priority:1; metadata:cwe_id 829,malware post-infection,hostile dest_ip,created_at 2018-04-14,updated_at 2018-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181621;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANCY SMOCK Malware Communication"; flow:established,to_client; content:"smock"; priority:2; metadata:cwe_id 829,malware pre-infection,hostile src_ip,created_at 2018-09-09,updated_at 2018-09-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181622;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GUILTY UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:2; metadata:cwe_id 829,malware pre-infection,hostile src_ip,created_at 2019-03-11,updated_at 2019-03-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181623;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTREME UNKNOWNESTY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWNesty"; priority:4; metadata:cwe_id 119,created_at 2019-09-01,updated_at 2019-09-10,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.8,cve 2017-964821,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:3; sid:80181624;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SIGNIFICANT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2015-07-21,updated_at 2015-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181625;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ASSISTANT UMBRELLA Exploitation Attempt Seen"; flow:established, to_client; content:"umbrella"; priority:4; metadata:cwe_id 20,created_at 2015-02-21,updated_at 2015-02-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 8.0,cve 2015-7843869,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80181626;) #alert http any any -> $HOME_NET any (msg:"Acme - RELIEVED CHORD Malware Communication"; flow:established, to_server; content:"chord"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2016-10-25,updated_at 2016-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181627;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STILL BANK Exploitation Attempt Seen"; flow:established,to_server; content:"bank"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-10-02,capec_id 63,updated_at 2019-10-07,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cve 2016-6685185,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80181628;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN PLUNGER Traffic Detected"; flow:established, to_server; content:"plunger"; priority:3; metadata:hostile src_ip,created_at 2016-02-04,capec_id 255,updated_at 2016-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181629;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIRECT BOTHER Exploitation Attempt Seen"; flow:established, to_client; content:"bother"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-02-06,capec_id 118,updated_at 2016-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target client,cve 2016-3616351,cvss_v2_temporal 6.3,protocols tcp; rev:1; sid:80181630;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-08-15,capec_id 63,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIG LEMON Traffic Detected"; flow:established,to_server; content:"lemon"; priority:3; metadata:hostile dest_ip,created_at 2017-11-21,capec_id 63,updated_at 2017-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181632;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUNNING QUILT Traffic Detected"; flow:established,to_server; content:"quilt"; priority:3; metadata:created_at 2017-11-27,capec_id 63,updated_at 2017-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181633;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOOSE MIGRANT Traffic Detected"; flow:established, to_server; content:"migrant"; priority:3; metadata:hostile src_ip,created_at 2017-08-04,capec_id 116,updated_at 2017-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181634;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNIAL BUFFET Traffic Detected"; flow:established, to_server; content:"buffet"; priority:3; metadata:hostile src_ip,created_at 2019-06-19,capec_id 118,updated_at 2019-06-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181635;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POST-WAR UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-02-23,capec_id 100,updated_at 2015-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-7889271,protocols http; rev:2; sid:80181636;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARIOUS JOB Traffic Detected"; flow:established,to_server; content:"job"; priority:3; metadata:hostile src_ip,created_at 2018-07-25,capec_id 310,updated_at 2018-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181637;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLOW RACCOON Traffic Detected"; flow:established, to_server; content:"raccoon"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-06-25,capec_id 251,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181638;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PLANNED HACKSAW Traffic Detected"; flow:established, to_server; content:"hacksaw"; priority:4; metadata:cwe_id 113,hostile dest_ip,created_at 2019-08-15,capec_id 138,updated_at 2019-08-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181639;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EFFECTIVE OFFICE Traffic Detected"; flow:established, to_server; content:"office"; priority:4; metadata:cwe_id 113,created_at 2018-10-03,updated_at 2018-10-22,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80181640;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASCINATING ASHRAM Exploitation Attempt Seen"; flow:established, to_client; content:"ashram"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-02-02,capec_id 255,updated_at 2016-02-03,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target http-client,attack_target client,cve 2015-6064529,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80181641;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - WOODEN BEST-SELLER Exploitation Attempt Seen"; flow:established, to_client; content:"best-seller"; priority:4; metadata:cwe_id 119,created_at 2018-03-06,updated_at 2018-03-20,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.6,cve 2017-2607538,cvss_v2_temporal 7.7,protocols http,protocols tcp; rev:2; sid:80181642;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-14,capec_id 255,updated_at 2019-04-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target http-client,attack_target client,cve 2019-2047695,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80181643;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EASTERN ACCOUNTANT Malware Communication"; flow:established,to_server; content:"accountant"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-08-19,updated_at 2016-08-25,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181644;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HUSHED CONGA Exploitation Attempt Seen"; flow:established, to_server; content:"conga"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-13,capec_id 100,updated_at 2019-03-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target server,attack_target http-server,cve 2018-9151155,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80181645;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INCREASING INTERNATIONAL Traffic Detected"; flow:established, to_server; content:"international"; priority:3; metadata:hostile src_ip,created_at 2019-01-21,capec_id 63,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181646;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GEOGRAPHICAL SHACK Traffic Detected"; flow:established, to_server; content:"shack"; priority:3; metadata:hostile dest_ip,created_at 2019-08-11,capec_id 63,updated_at 2019-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181647;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRITICAL UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 79,hostile dest_ip,created_at 2018-11-02,capec_id 63,updated_at 2018-11-04,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cve 2017-992582,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80181648;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AGGREGATE CLAVICLE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"clavicle"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-08-10,capec_id 253,updated_at 2016-08-19,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cve 2016-2610580,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80181649;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EARLY TEETH Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"teeth"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-11-02,capec_id 253,updated_at 2019-11-16,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target http-client,attack_target client,cve 2016-1274206,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80181650;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN QUESTION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"question"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-03-20,capec_id 253,updated_at 2019-03-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cve 2019-4993566,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80181651;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EMOTION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"emotion"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-06-04,capec_id 253,updated_at 2019-06-10,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target http-client,attack_target client,cve 2019-2398926,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80181652;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNEST CRITERION Malware Communication"; flow:established,to_server; content:"criterion"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-08,updated_at 2018-06-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181653;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSOLUTE FAT Malware Communication"; flow:established,to_server; content:"fat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-01,updated_at 2019-05-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181654;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DRAW Malware Communication"; flow:established,to_server; content:"draw"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-02,updated_at 2019-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181655;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENDED BARSTOOL Malware Communication"; flow:established,to_server; content:"barstool"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-18,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181656;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNKNOWN TOUGH-GUY Malware Communication"; flow:established,to_server; content:"tough-guy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-18,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181657;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNEXPECTED ROSE Traffic Detected"; flow:established,to_server; content:"rose"; priority:3; metadata:hostile src_ip,created_at 2017-02-25,capec_id 63,updated_at 2017-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181658;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HURT RAKE Malware Communication"; flow:established,to_server; content:"rake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181659;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUDDEN PANTRY Traffic Detected"; flow:established,to_server; content:"pantry"; priority:1; metadata:hostile dest_ip,created_at 2019-09-24,updated_at 2019-09-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80181660;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ISOLATED SING Malware Communication"; flow:established,to_server; content:"sing"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-05,updated_at 2019-06-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181661;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STALE TRAIN Exploitation Attempt Seen"; flow:established, to_client; content:"train"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-15,capec_id 123,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target client,cve 2019-8421409,cvss_v2_temporal 8.5,protocols tcp; rev:1; sid:80181662;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOISY SHEARLING Malware Communication"; flow:established,to_server; content:"shearling"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2015-04-10,updated_at 2015-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-5499867,cve 2015-5499867,cve 2015-5499867,protocols http,protocols tcp; rev:2; sid:80181663;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VARIABLE GHOST Malware Communication"; flow:established,to_server; content:"ghost"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-12,updated_at 2017-04-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181664;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CHURN Traffic Detected"; flow:established, to_server; content:"churn"; priority:4; metadata:cwe_id 113,created_at 2019-07-15,updated_at 2019-07-18,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80181665;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALID STILL Malware Communication"; flow:established,to_server; content:"still"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181666;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY TASK Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"task"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-07-15,capec_id 213,updated_at 2018-07-20,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2018-297400,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80181667;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL SOMEWHERE Exploitation Attempt Seen"; flow:established, to_server; content:"somewhere"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-08-05,capec_id 100,updated_at 2017-08-15,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target server,cve 2017-8019641,cvss_v2_temporal 4.5,protocols tcp; rev:1; sid:80181668;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BURNING SELECT Malware Communication"; flow:established,to_server; content:"select"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-13,updated_at 2018-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181669;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ZEALOUS UNKNOWNBALL Traffic Detected"; flow:established,to_server; content:"UNKNOWNball"; priority:3; metadata:hostile src_ip,created_at 2019-03-13,capec_id 63,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181670;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENDER UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-09,updated_at 2019-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181671;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLID EMOTION Traffic Detected"; flow:established, to_server; content:"emotion"; priority:3; metadata:hostile src_ip,created_at 2018-07-16,capec_id 63,updated_at 2018-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181672;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT GRAND Traffic Detected"; flow:established, to_server; content:"grand"; priority:3; metadata:hostile src_ip,created_at 2019-02-18,capec_id 63,updated_at 2019-02-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181673;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFENSIVE CULVERT Traffic Detected"; flow:established, to_server; content:"culvert"; priority:3; metadata:created_at 2018-08-06,capec_id 63,updated_at 2018-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181674;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DYING AMOUNT Traffic Detected"; flow:established, to_server; content:"amount"; priority:3; metadata:created_at 2016-02-25,capec_id 63,updated_at 2016-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181675;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARMING PICKAX Traffic Detected"; flow:established, to_server; content:"pickax"; priority:3; metadata:hostile src_ip,created_at 2019-03-14,capec_id 63,updated_at 2019-03-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181676;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORTHWHILE MEDIA Traffic Detected"; flow:established, to_server; content:"media"; priority:3; metadata:hostile src_ip,created_at 2017-10-12,capec_id 63,updated_at 2017-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181677;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INITIAL OVERCOAT Traffic Detected"; flow:established, to_server; content:"overcoat"; priority:3; metadata:created_at 2016-01-22,capec_id 63,updated_at 2016-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181678;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRAVE RETAILER Traffic Detected"; flow:established, to_server; content:"retailer"; priority:3; metadata:hostile src_ip,created_at 2019-07-08,capec_id 63,updated_at 2019-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181679;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RENEWED STORY Traffic Detected"; flow:established, to_server; content:"story"; priority:3; metadata:created_at 2018-09-22,capec_id 63,updated_at 2018-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181680;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLYMPIC REMOVE Traffic Detected"; flow:established, to_server; content:"remove"; priority:3; metadata:hostile src_ip,created_at 2015-06-04,capec_id 118,updated_at 2015-06-08,filename exploit.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181681;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DISCONNECTION Traffic Detected"; flow:established, to_server; content:"disconnection"; priority:3; metadata:hostile src_ip,created_at 2017-05-25,updated_at 2017-05-28,filename exploit.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181682;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY MACRAME Traffic Detected"; flow:established, to_server; content:"macrame"; priority:3; metadata:hostile src_ip,created_at 2019-06-04,updated_at 2019-06-06,filename exploit.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181683;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPEN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-09-18,updated_at 2019-09-28,filename exploit.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181684;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EAGER BONDSMAN Traffic Detected"; flow:established, to_server; content:"bondsman"; priority:3; metadata:hostile src_ip,created_at 2017-05-09,capec_id 310,updated_at 2017-05-20,filename finger.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181685;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BITTER UNKNOWNATO Malware Communication"; flow:established,to_server; content:"UNKNOWNato"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181686;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DESIRABLE TOUGH Traffic Detected"; flow:established, to_server; content:"tough"; priority:3; metadata:hostile src_ip,created_at 2019-11-26,capec_id 213,updated_at 2019-11-26,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181687;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAXIMUM DESERT Malware Communication"; flow:established,to_server; content:"desert"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-10,updated_at 2017-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181688;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - URBAN COOK Malware Communication"; flow:established,to_server; content:"cook"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-11,updated_at 2018-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181689;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCITED LEAGUE Exploitation Attempt Seen"; flow:established, to_server; content:"league"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2019-06-05,capec_id 232,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2016-9475530,cvss_v2_temporal 2.0,protocols http,protocols tcp; rev:2; sid:80181690;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HUNGRY PRACTICE Malware Communication"; flow:established, to_server; content:"practice"; priority:2; metadata:cwe_id 264,malware pre-infection,hostile src_ip,created_at 2017-05-07,updated_at 2017-05-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cve 2017-5861431,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:3; sid:80181691;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAIR SPANDEX Malware Communication"; flow:established,to_server; content:"spandex"; priority:1; metadata:cwe_id 264,malware post-infection,hostile dest_ip,created_at 2017-06-01,updated_at 2017-06-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target irc-client,attack_target client,cve 2015-6280331,cvss_v2_temporal 5.1,protocols irc,protocols tcp; rev:1; sid:80181692;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNAWARE STONEWORK Malware Communication"; flow:established,to_server; content:"stonework"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-10,updated_at 2019-08-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181693;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED MOONSCAPE Traffic Detected"; flow:established, to_server; content:"moonscape"; priority:3; metadata:hostile src_ip,created_at 2019-08-18,capec_id 223,updated_at 2019-08-25,filename misc.rules,priority low,rule_source acme-rule-factory,attack_target telnet-server,attack_target server,protocols telnet,protocols tcp; rev:1; sid:80181694;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - GOOD ADAPTER Exploitation Attempt Seen"; flow:established, to_server; content:"adapter"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-09-14,capec_id 115,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target server,attack_target http-server,cve 2018-8712781,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:1; sid:80181695;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - BROKEN WHALE Exploitation Attempt Seen"; flow:established, to_server; content:"whale"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-02-26,capec_id 115,updated_at 2017-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target server,attack_target http-server,cve 2017-3993130,cvss_v2_temporal 8.0,protocols http,protocols tcp; rev:1; sid:80181696;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEW BITE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"bite"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2019-08-20,capec_id 100,updated_at 2019-08-20,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target http-client,attack_target client,cve 2015-266999,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:2; sid:80181697;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAVOURITE AQUIFER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"aquifer"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-10-11,capec_id 100,updated_at 2019-10-17,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target http-client,attack_target client,cve 2019-2426435,cvss_v2_temporal 5.5,protocols http,protocols tcp; rev:2; sid:80181698;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIGHT CEMETERY Malware Communication"; flow:established, to_server; content:"cemetery"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-06-14,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-4941510,protocols http,protocols tcp; rev:2; sid:80181699;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MATHEMATICAL VIOLA Malware Communication"; flow:established, to_server; content:"viola"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-02-02,updated_at 2019-02-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-8108811,protocols http,protocols tcp; rev:2; sid:80181700;) drop tcp $HOME_NET any -> any any (msg:"Acme - FURIOUS SARONG Malware Communication"; flow:established,to_server; content:"sarong"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-08,updated_at 2019-06-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181701;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PROMOTION Malware Communication"; flow:established,to_server; content:"promotion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-17,updated_at 2019-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181702;) alert tcp $HOME_NET any -> any any (msg:"Acme - VERY LINGUISTICS Traffic Detected"; flow:established, to_client; content:"linguistics"; priority:3; metadata:created_at 2018-06-06,capec_id 112,updated_at 2018-06-06,filename rpc.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181703;) alert tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN ROAD Traffic Detected"; flow:established, to_client; content:"road"; priority:3; metadata:cwe_id 657,hostile dest_ip,created_at 2017-10-08,capec_id 112,updated_at 2017-10-24,filename rpc.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181704;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPECTED BARITONE Traffic Detected"; flow:established, to_server; content:"baritone"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-09-20,capec_id 223,updated_at 2019-09-24,filename rpc.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181705;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERSONAL UNKNOWN Traffic Detected"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 824,hostile src_ip,created_at 2018-11-04,capec_id 253,updated_at 2018-11-04,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80181706;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MILITARY LIVESTOCK Malware Communication"; flow:established,to_server; content:"livestock"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-02,updated_at 2018-08-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181707;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COSTLY ANNUAL Malware Communication"; flow:established,to_server; content:"annual"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-15,updated_at 2019-01-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181708;) #alert tcp any any -> $HOME_NET any (msg:"Acme - REMOTE SLIP Traffic Detected"; flow:established,to_server; content:"slip"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-01-12,capec_id 213,updated_at 2018-01-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,cvss_v2_temporal 5.4,protocols tcp; rev:1; sid:80181709;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DECISIVE BUNGALOW Exploitation Attempt Seen"; flow:established, to_server; content:"bungalow"; priority:3; metadata:cwe_id 476,hostile src_ip,created_at 2019-04-27,capec_id 119,updated_at 2019-04-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target server,cve 2018-6221969,cvss_v2_temporal 2.2,protocols tcp; rev:1; sid:80181710;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POISED CAPITAL Traffic Detected"; flow:established, to_server; content:"capital"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-09-25,capec_id 213,updated_at 2019-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181711;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN READING Malware Communication"; flow:established,to_server; content:"reading"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-09-02,updated_at 2016-09-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181712;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINANCIAL RHINOCEROS Malware Communication"; flow:established,to_server; content:"rhinoceros"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-11,updated_at 2019-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80181713;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORTHWHILE MIDLINE Traffic Detected"; flow:established, to_server; content:"midline"; priority:3; metadata:hostile src_ip,created_at 2018-02-02,updated_at 2018-02-20,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181714;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CHARACTER Traffic Detected"; flow:established, to_server; content:"character"; priority:3; metadata:hostile src_ip,created_at 2016-06-25,capec_id 100,updated_at 2016-06-27,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181715;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WHISPERING BASS Traffic Detected"; flow:established, to_server; content:"bass"; priority:3; metadata:hostile src_ip,created_at 2019-11-06,capec_id 100,updated_at 2019-11-24,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181716;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NERVOUS CARTILAGE Traffic Detected"; flow:established, to_server; content:"cartilage"; priority:3; metadata:hostile src_ip,created_at 2017-09-23,updated_at 2017-09-26,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,protocols dns,protocols tcp; rev:1; sid:80181717;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MIGHT Traffic Detected"; flow:established, to_server; content:"might"; priority:3; metadata:hostile src_ip,created_at 2019-08-08,updated_at 2019-08-13,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,protocols dns,protocols tcp; rev:1; sid:80181718;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD CONDUCTOR Traffic Detected"; flow:established, to_server; content:"conductor"; priority:3; metadata:hostile src_ip,created_at 2018-09-18,updated_at 2018-09-21,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,protocols dns,protocols tcp; rev:1; sid:80181719;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY SEAPLANE Traffic Detected"; flow:established, to_server; content:"seaplane"; priority:3; metadata:hostile src_ip,created_at 2019-03-03,updated_at 2019-03-14,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,protocols dns,protocols tcp; rev:1; sid:80181720;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SENTENCE Traffic Detected"; flow:established, to_client; content:"sentence"; priority:3; metadata:hostile dest_ip,created_at 2019-07-05,updated_at 2019-07-24,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,protocols dns,protocols tcp; rev:1; sid:80181721;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMMERCIAL WOODLAND Traffic Detected"; flow:established,to_server; content:"woodland"; priority:3; metadata:hostile src_ip,created_at 2019-05-25,updated_at 2019-05-26,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:1; sid:80181722;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RIP Traffic Detected"; flow:established, to_server; content:"rip"; priority:3; metadata:hostile src_ip,created_at 2019-04-04,capec_id 100,updated_at 2019-04-11,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181723;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN THROAT Traffic Detected"; flow:established, to_server; content:"throat"; priority:3; metadata:hostile src_ip,created_at 2019-04-02,updated_at 2019-04-21,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80181724;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LONG-TERM RESULT Traffic Detected"; flow:established, to_server; content:"result"; priority:3; metadata:hostile src_ip,created_at 2018-05-02,updated_at 2018-05-21,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181725;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RETIRED STINGER Traffic Detected"; flow:established, to_server; content:"stinger"; priority:3; metadata:hostile src_ip,created_at 2019-06-23,updated_at 2019-06-24,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181726;) #alert tcp any any -> $HOME_NET any (msg:"Acme - TROUBLED FAULT Traffic Detected"; flow:established, to_server; content:"fault"; priority:3; metadata:hostile src_ip,created_at 2017-01-24,updated_at 2017-01-28,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181727;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-02-18,updated_at 2019-02-23,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181728;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASHAMED CONGRESSMAN Traffic Detected"; flow:established, to_client; content:"congressman"; priority:3; metadata:hostile dest_ip,created_at 2019-01-20,capec_id 223,updated_at 2019-01-28,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181729;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INDUSTRIAL PENCIL Traffic Detected"; flow:established, to_server; content:"pencil"; priority:3; metadata:hostile src_ip,created_at 2016-07-05,updated_at 2016-07-06,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,protocols dns,protocols tcp; rev:1; sid:80181730;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MYSTERIOUS CESSPOOL Traffic Detected"; flow:established, to_server; content:"cesspool"; priority:3; metadata:hostile src_ip,created_at 2019-06-02,capec_id 100,updated_at 2019-06-25,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181731;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OUTCOME Traffic Detected"; flow:established, to_server; content:"outcome"; priority:3; metadata:hostile src_ip,created_at 2017-04-09,capec_id 100,updated_at 2017-04-20,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181732;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WRONG LOCOMOTIVE Traffic Detected"; flow:established, to_server; content:"locomotive"; priority:3; metadata:hostile src_ip,created_at 2018-08-12,capec_id 100,updated_at 2018-08-28,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181733;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIVEN IMPRESS Traffic Detected"; flow:established, to_server; content:"impress"; priority:3; metadata:hostile src_ip,created_at 2019-08-20,capec_id 100,updated_at 2019-08-28,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181734;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NERVOUS TIC Traffic Detected"; flow:established, to_server; content:"tic"; priority:3; metadata:hostile src_ip,created_at 2018-04-03,capec_id 100,updated_at 2018-04-25,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181735;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RARE OBESITY Traffic Detected"; flow:established, to_server; content:"obesity"; priority:3; metadata:hostile src_ip,created_at 2018-05-04,capec_id 100,updated_at 2018-05-16,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181736;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OVERWHELMING PEDAL Traffic Detected"; flow:established, to_server; content:"pedal"; priority:3; metadata:hostile src_ip,created_at 2018-05-06,capec_id 100,updated_at 2018-05-08,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181737;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFECTIVE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-02-06,capec_id 100,updated_at 2017-02-12,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181738;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPPOSITE FRICTION Traffic Detected"; flow:established, to_server; content:"friction"; priority:3; metadata:hostile src_ip,created_at 2019-01-18,capec_id 100,updated_at 2019-01-28,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181739;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEFINITE FURNITURE Traffic Detected"; flow:established, to_server; content:"furniture"; priority:3; metadata:hostile src_ip,created_at 2017-04-05,capec_id 100,updated_at 2017-04-14,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181740;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMBINED SIGNAL Traffic Detected"; flow:established, to_server; content:"signal"; priority:3; metadata:hostile src_ip,created_at 2018-10-04,capec_id 100,updated_at 2018-10-17,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181741;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURPRISED MINOR-LEAGUE Traffic Detected"; flow:established, to_server; content:"minor-league"; priority:3; metadata:hostile src_ip,created_at 2017-10-25,capec_id 100,updated_at 2017-10-26,filename sql.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181742;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STALE KETTLEDUNKNOWN Traffic Detected"; flow:established, to_server; content:"kettledUNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-10-03,capec_id 63,updated_at 2018-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181743;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUICK UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-11-22,capec_id 63,updated_at 2018-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181744;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILENT BUSINESS Traffic Detected"; flow:established,to_client; content:"business"; priority:3; metadata:cwe_id 307,hostile dest_ip,created_at 2019-07-17,capec_id 49,updated_at 2019-07-17,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181745;) drop http $HOME_NET any -> any any (msg:"Acme - SOUND DUTY Malware Communication"; flow:established,to_server; content:"duty"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-06,updated_at 2018-05-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181746;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DISGUST Traffic Detected"; flow:established, to_server; urilen:<50,norm; content:"disgust"; priority:1; metadata:hostile dest_ip,created_at 2018-06-12,updated_at 2018-06-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181747;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIABLE REVOLVE Traffic Detected"; flow:established, to_server; content:"revolve"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-06-09,capec_id 213,updated_at 2018-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181748;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEPRESSED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-01-06,updated_at 2015-01-22,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:6; sid:80181749;) drop http $HOME_NET any -> any any (msg:"Acme - DRAMATIC UNKNOWN Malware Communication"; flow:established,to_server; urilen:1; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-13,updated_at 2018-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80181750;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRETTY LAND Malware Communication"; flow:established,to_client; content:"land"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-08-13,updated_at 2019-08-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181751;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARLIAMENTARY APPOINTMENT Malware Communication"; flow:established,to_server; content:"appointment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-02,updated_at 2019-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80181752;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RESPONSIBLE MICE Malware Communication"; flow:established,to_server; content:"mice"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2015-02-12,updated_at 2015-02-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181753;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BITTER GASOLINE Malware Communication"; flow:established,to_server; content:"gasoline"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-22,updated_at 2019-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181754;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DARK CLOAKROOM Malware Communication"; flow:established,to_server; content:"cloakroom"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-01-05,updated_at 2018-01-24,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181755;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HELPLESS TYPHOON Malware Communication"; flow:established,to_server; urilen:<30,norm; content:"typhoon"; priority:3; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-02-11,updated_at 2019-02-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80181756;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PAYABLE DEFICIT Traffic Detected"; flow:established,to_server; content:"deficit"; priority:3; metadata:created_at 2019-03-13,updated_at 2019-03-21,filename ftp.rules,priority low,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80181757;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AUNKNOWNIC UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-10-04,capec_id 100,updated_at 2019-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-1513788,protocols http,protocols tcp; rev:2; sid:80181758;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUDICIAL RAY Traffic Detected"; flow:established, to_server; content:"ray"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-08-24,capec_id 213,updated_at 2018-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181759;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRETTY OMELET Traffic Detected"; flow:established, to_server; content:"omelet"; priority:3; metadata:hostile src_ip,created_at 2018-05-23,capec_id 310,updated_at 2018-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181760;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT HEIRLOOM Traffic Detected"; flow:established, to_server; content:"heirloom"; priority:3; metadata:hostile src_ip,created_at 2019-04-19,capec_id 310,updated_at 2019-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181761;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANTASTIC CONSTRUCTION Traffic Detected"; flow:established, to_server; content:"construction"; priority:3; metadata:hostile src_ip,created_at 2019-02-09,capec_id 310,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181762;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TALL RADIOSONDE Traffic Detected"; flow:established, to_server; content:"radiosonde"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-01-08,capec_id 213,updated_at 2019-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181763;) #alert http any any -> $HOME_NET any (msg:"Acme - EXCESSIVE ODOMETER Exploitation Attempt Seen"; flow:established, to_server; content:"odometer"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-09-22,capec_id 248,updated_at 2017-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-7742892,protocols http,protocols tcp; rev:2; sid:80181764;) #alert http any any -> $HOME_NET any (msg:"Acme - SIGNIFICANT BUNKHOUSE Traffic Detected"; flow:established, to_server; content:"bunkhouse"; priority:3; metadata:hostile src_ip,created_at 2016-11-11,capec_id 255,updated_at 2016-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181765;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NECESSARY UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 122,cvss_v3_base 4.8,hostile src_ip,created_at 2019-11-22,capec_id 100,updated_at 2019-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cvss_v3_temporal 3.7,cve 2015-9946332,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:3; sid:80181766;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PSYCHIATRIC MOWER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"mower"; priority:3; metadata:cwe_id 618,cwe_id 20,hostile src_ip,created_at 2018-10-13,capec_id 253,updated_at 2018-10-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2018-4222140,cvss_v2_temporal 1.1,protocols http,protocols tcp; rev:2; sid:80181767;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUALIFIED VALLEY Malware Communication"; flow:established; content:"valley"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2019-03-10,updated_at 2019-03-17,filename virus.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181768;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TINY FEED Malware Communication"; flow:established,to_client; content:"feed"; priority:1; metadata:cwe_id 399,malware post-infection,hostile src_ip,created_at 2019-07-08,updated_at 2019-07-09,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,cve 2019-1687657,cve 2019-1687657,protocols tls,protocols tcp; rev:1; sid:80181769;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUIET SCARIFICATION Traffic Detected"; flow:established, to_server; content:"scarification"; priority:3; metadata:hostile src_ip,created_at 2019-06-03,capec_id 310,updated_at 2019-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181770;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REVOLUTIONARY DEER Traffic Detected"; flow:established, to_server; content:"deer"; priority:3; metadata:hostile src_ip,created_at 2019-11-27,capec_id 310,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181771;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOCATIONAL CONVECTION Traffic Detected"; flow:established, to_server; content:"convection"; priority:3; metadata:hostile src_ip,created_at 2017-06-02,capec_id 213,updated_at 2017-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181772;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT LOCUST Traffic Detected"; flow:established,to_server; content:"locust"; priority:1; metadata:hostile dest_ip,created_at 2016-10-19,updated_at 2016-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181773;) alert http any any -> $HOME_NET any (msg:"Acme - PROUD PRESS Traffic Detected"; flow:established, to_server; content:"press"; priority:3; metadata:hostile src_ip,created_at 2018-01-21,updated_at 2018-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181774;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TAME HOSTESS Malware Communication"; flow:established,from_server; content:"hostess"; priority:1; metadata:cwe_id 119,malware post-infection,hostile src_ip,created_at 2018-11-27,updated_at 2018-11-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target http-client,attack_target client,cve 2018-5712583,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:1; sid:80181775;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DIG Malware Communication"; flow:established,from_server; content:"dig"; priority:1; metadata:cwe_id 119,malware post-infection,hostile src_ip,created_at 2016-01-12,updated_at 2016-01-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target http-client,attack_target client,cve 2016-1660132,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:1; sid:80181776;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - PUBLIC TINDERBOX Exploitation Attempt Seen"; flow:established, to_server; content:"tinderbox"; priority:3; metadata:hostile src_ip,created_at 2019-09-05,updated_at 2019-09-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-3518088,protocols http,protocols tcp; rev:1; sid:80181777;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - INNOVATIVE SPHERE Traffic Detected"; flow:established,to_server; content:"sphere"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2019-09-11,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181778;) alert http any any -> $HOME_NET any (msg:"Acme - EMPTY GRATITUDE Traffic Detected"; flow:established, to_server; content:"gratitude"; priority:3; metadata:hostile src_ip,created_at 2018-10-14,capec_id 248,updated_at 2018-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181779;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOOSE INTERIOR Traffic Detected"; flow:established, to_server; content:"interior"; priority:3; metadata:hostile src_ip,created_at 2019-05-22,capec_id 100,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181780;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INFORMAL ACKNOWLEDGMENT Malware Communication"; flow:established, to_server; content:"acknowledgment"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-05,updated_at 2018-03-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181781;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WITTY BUGGY Traffic Detected"; flow:established,to_server; content:"buggy"; priority:1; metadata:hostile dest_ip,created_at 2018-05-25,updated_at 2018-05-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181782;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - LIGHT EASE Traffic Detected"; flow:established,to_server; content:"ease"; priority:3; metadata:hostile src_ip,created_at 2019-09-11,capec_id 66,updated_at 2019-09-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181783;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUSHY LIGHTNING Traffic Detected"; flow:established,to_server; content:"lightning"; priority:3; metadata:hostile src_ip,created_at 2016-10-22,capec_id 66,updated_at 2016-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181784;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLE PARADE Traffic Detected"; flow:established,to_server; content:"parade"; priority:3; metadata:hostile src_ip,created_at 2018-08-20,capec_id 66,updated_at 2018-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181785;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOCIAL SHADOW Traffic Detected"; flow:established,to_server; content:"shadow"; priority:3; metadata:hostile src_ip,created_at 2018-09-09,capec_id 66,updated_at 2018-09-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181786;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN JUMP Traffic Detected"; flow:established,to_server; content:"jump"; priority:3; metadata:hostile src_ip,created_at 2019-07-22,capec_id 66,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181787;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ESTIMATED TRAVEL Traffic Detected"; flow:established,to_server; content:"travel"; priority:3; metadata:hostile src_ip,created_at 2019-08-14,capec_id 66,updated_at 2019-08-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181788;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - ADORABLE PLATE Exploitation Attempt Seen"; flow:established,to_server; content:"plate"; priority:3; metadata:cwe_id 426,cwe_id 427,hostile dest_ip,created_at 2018-08-07,updated_at 2018-08-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target http-client,attack_target client,cve 2017-1071353,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:1; sid:80181789;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPETENT HOMONYM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"homonym"; priority:3; metadata:cwe_id 618,cwe_id 94,hostile src_ip,created_at 2015-11-21,capec_id 253,updated_at 2015-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cve 2015-9868515,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80181790;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN EXTREME Malware Communication"; flow:established,to_server; content:"extreme"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-24,updated_at 2019-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181791;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SATISFACTORY GUITARIST Malware Communication"; flow:established,to_server; content:"guitarist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-19,updated_at 2018-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181792;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - EFFECTIVE TULIP Exploitation Attempt Seen"; flow:established, to_client; content:"tulip"; priority:4; metadata:cwe_id 94,hostile src_ip,created_at 2015-07-04,updated_at 2015-07-22,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cve 2015-2141385,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:2; sid:80181793;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - YOUNG PRIZE Exploitation Attempt Seen"; flow:established, to_client; content:"prize"; priority:4; metadata:cwe_id 94,created_at 2019-10-19,updated_at 2019-10-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.6,cve 2019-2524703,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80181794;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CALCULATION Traffic Detected"; flow:established, to_server; content:"calculation"; priority:3; metadata:hostile src_ip,created_at 2016-10-06,capec_id 63,updated_at 2016-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181795;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRANGE FLANKER Exploitation Attempt Seen"; flow:established, to_server; content:"flanker"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-09-08,capec_id 213,updated_at 2017-09-10,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2017-4690930,cvss_v2_temporal 3.5,protocols tcp; rev:1; sid:80181796;) #alert tcp any any -> $HOME_NET any (msg:"Acme - CLOSE GONG Exploitation Attempt Seen"; flow:established, to_server; content:"gong"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-07-23,capec_id 100,updated_at 2017-07-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target server,cve 2017-6260233,cvss_v2_temporal 5.2,protocols tcp; rev:1; sid:80181797;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSIDERABLE PLAIN Malware Communication"; flow:established,to_server; content:"plain"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-02,updated_at 2019-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181798;) #alert http any any -> $HOME_NET any (msg:"Acme - CHIEF UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-07-18,capec_id 262,updated_at 2017-07-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target server,attack_target http-server,cve 2015-9706159,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80181799;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY SALOON Traffic Detected"; flow:established,to_client; content:"saloon"; priority:4; metadata:hostile src_ip,created_at 2016-09-24,updated_at 2016-09-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http; rev:2; sid:80181800;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEPRESSED SHEARS Exploitation Attempt Seen"; flow:established, to_server; content:"shears"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2017-05-06,capec_id 248,updated_at 2017-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cve 2017-7717156,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80181801;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BENEFICIAL CHAIN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"chain"; priority:3; metadata:cwe_id 20,created_at 2018-07-09,capec_id 130,updated_at 2018-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,cve 2017-2815363,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80181802;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBVIOUS VELDT Exploitation Attempt Seen"; flow:established,to_server; content:"veldt"; priority:3; metadata:cwe_id 98,hostile src_ip,created_at 2018-06-27,capec_id 253,updated_at 2018-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cve 2017-6765123,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80181803;) #alert tcp any any -> $HOME_NET any (msg:"Acme - BIG RACER Exploitation Attempt Seen"; flow:established, to_server; content:"racer"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-02-15,capec_id 119,updated_at 2017-02-20,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target server,cve 2016-6913226,cvss_v2_temporal 3.3,protocols tcp; rev:1; sid:80181804;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN PRESENTATION Exploitation Attempt Seen"; flow:established, to_server; content:"presentation"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-05-05,capec_id 119,updated_at 2017-05-13,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,cve 2016-8772871,cvss_v2_temporal 5.0,protocols tcp; rev:1; sid:80181805;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THOUGHTLESS MAIN Exploitation Attempt Seen"; flow:established, to_server; content:"main"; priority:3; metadata:cwe_id 269,hostile src_ip,created_at 2017-08-01,capec_id 115,updated_at 2017-08-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,attack_target http-server,cve 2015-8744100,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80181806;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MILITARY NOUGAT Malware Communication"; flow:established,to_server; content:"nougat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-25,updated_at 2017-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181807;) #alert tcp any any -> $HOME_NET any (msg:"Acme - PROBABLE CANOE Traffic Detected"; flow:established, to_client; content:"canoe"; priority:3; metadata:cwe_id 509,created_at 2015-09-07,updated_at 2015-09-25,filename pop.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181808;) #alert tcp any any -> $EXTERNAL_NET any (msg:"Acme - GUNKNOWNPY FRAZZLE Traffic Detected"; flow:established, to_client; content:"frazzle"; priority:3; metadata:cwe_id 509,created_at 2019-08-08,updated_at 2019-08-26,filename pop.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181809;) #alert tcp any any -> $HOME_NET any (msg:"Acme - BAD FRAUDSTER Traffic Detected"; flow:established, to_client; content:"fraudster"; priority:3; metadata:cwe_id 509,hostile dest_ip,created_at 2019-06-27,updated_at 2019-06-28,filename pop.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181810;) #alert tcp any any -> $EXTERNAL_NET any (msg:"Acme - MAGNETIC CULTIVATOR Traffic Detected"; flow:established, to_client; content:"cultivator"; priority:3; metadata:cwe_id 509,created_at 2017-10-10,updated_at 2017-10-13,filename pop.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181811;) #alert tcp any any -> $HOME_NET any (msg:"Acme - VALID HOWITZER Traffic Detected"; flow:established, to_server; content:"howitzer"; priority:3; metadata:created_at 2019-06-01,updated_at 2019-06-17,filename pop.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181812;) #alert tcp any any -> $HOME_NET any (msg:"Acme - HIGH TRAINER Traffic Detected"; flow:established, to_server; content:"trainer"; priority:3; metadata:created_at 2019-07-23,updated_at 2019-07-28,filename encrypted.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181813;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE THIRST Traffic Detected"; flow:established, to_server; content:"thirst"; priority:3; metadata:hostile src_ip,created_at 2019-07-18,capec_id 310,updated_at 2019-07-21,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181814;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRELIMINARY PENTAGON Malware Communication"; flow:established,to_server; content:"pentagon"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-05,updated_at 2019-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181815;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - PERSONAL NOTIFY Exploitation Attempt Seen"; flow:established, to_server; content:"notify"; priority:3; metadata:hostile src_ip,created_at 2016-01-25,capec_id 213,updated_at 2016-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-599587,protocols http,protocols tcp; rev:2; sid:80181816;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROVINCIAL BIRDCAGE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"birdcage"; priority:3; metadata:cwe_id 125,cvss_v3_base 6.7,hostile src_ip,created_at 2017-05-04,capec_id 255,updated_at 2017-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cvss_v3_temporal 6.2,cve 2016-1152,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:3; sid:80181817;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MATURE CREEK Malware Communication"; flow:established,to_server; content:"creek"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-07,updated_at 2018-04-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181818;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIMITED ECUMENIST Traffic Detected"; flow:established, to_client; file_data; content:"ecumenist"; priority:3; metadata:cwe_id 346,hostile src_ip,created_at 2017-09-22,capec_id 262,updated_at 2017-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181819;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INSTANT WALKWAY Malware Communication"; flow:established, to_server; content:"walkway"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-06,updated_at 2019-07-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181820;) #alert tcp any any -> $HOME_NET any (msg:"Acme - THUNDERING CRACKERS Traffic Detected"; flow:established, to_server; content:"crackers"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-04-19,capec_id 100,updated_at 2019-04-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80181821;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNIFORM Traffic Detected"; flow:established, to_client; file_data; content:"uniform"; priority:3; metadata:hostile src_ip,created_at 2019-09-09,updated_at 2019-09-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181822;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YOUNG SUNFLOWER Malware Communication"; flow:established, to_server; content:"sunflower"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-14,updated_at 2019-07-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80181823;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISCIPLINARY BUTTER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"butter"; priority:3; metadata:hostile src_ip,created_at 2019-02-25,capec_id 262,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4200325,protocols http,protocols tcp; rev:2; sid:80181824;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN CATAMARAN Malware Communication"; flow:established; content:"catamaran"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-08-01,updated_at 2017-08-05,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80181825;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCRAWNY UNKNOWNSHOP Traffic Detected"; flow:established, to_client; content:"UNKNOWNshop"; priority:3; metadata:hostile src_ip,created_at 2018-07-04,capec_id 156,updated_at 2018-07-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181826;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLANK OKRA Traffic Detected"; flow:established,to_server; content:"okra"; priority:3; metadata:hostile src_ip,created_at 2019-07-21,capec_id 248,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181827;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUSHY PROPERTY Malware Communication"; flow:established,to_server; content:"property"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-04,updated_at 2019-08-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181828;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PERFECT HOUSEWORK Malware Communication"; flow:established,to_server; content:"housework"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-11,updated_at 2019-06-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181829;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNUSUAL SUSHI Traffic Detected"; flow:established,to_server; urilen:13,norm; content:"sushi"; priority:1; metadata:hostile dest_ip,created_at 2017-06-19,updated_at 2017-06-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181830;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRAZY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-06,updated_at 2017-03-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181831;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEMICAL COURSE Exploitation Attempt Seen"; flow:established, to_server; content:"course"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-03-23,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-1914007,cvss_v2_temporal 2.0,protocols http,protocols tcp; rev:2; sid:80181832;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEIGHBOURING PRINCIPAL Traffic Detected"; flow:established, to_server; content:"principal"; priority:3; metadata:hostile src_ip,created_at 2019-10-19,capec_id 63,updated_at 2019-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181833;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROAD BEGONIA Traffic Detected"; flow:established, to_server; content:"begonia"; priority:3; metadata:hostile src_ip,created_at 2019-05-04,capec_id 63,updated_at 2019-05-04,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181834;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANONYMOUS TALK Traffic Detected"; flow:established, to_server; content:"talk"; priority:3; metadata:hostile src_ip,created_at 2017-01-12,capec_id 63,updated_at 2017-01-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181835;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN INCOME Traffic Detected"; flow:established, to_server; content:"income"; priority:3; metadata:created_at 2019-07-19,capec_id 63,updated_at 2019-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181836;) alert tcp any any -> $HOME_NET any (msg:"Acme - SYMPATHETIC ESTIMATE Malware Communication"; flow:established, to_client; content:"estimate"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-11-21,updated_at 2019-11-25,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181837;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INADEQUATE UNKNOWN Traffic Detected"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:2; metadata:hostile src_ip,created_at 2016-11-24,capec_id 248,updated_at 2016-11-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181838;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOOSE SCORN Malware Communication"; flow:established, to_server; content:"scorn"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-11-05,updated_at 2019-11-14,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181839;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCITED SMASH Malware Communication"; flow:established,to_server; content:"smash"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-08,updated_at 2017-02-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:4; sid:80181840;) alert tcp any any -> $HOME_NET any (msg:"Acme - DISTURBED CACTUS Malware Communication"; flow:established, to_client; content:"cactus"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-02-25,updated_at 2019-02-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181841;) alert tcp any any -> $HOME_NET any (msg:"Acme - SHY FLOOR Malware Communication"; flow:established, to_client; content:"floor"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-02-25,updated_at 2019-02-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181842;) alert tcp any any -> $HOME_NET any (msg:"Acme - ENTITLED PEER Malware Communication"; flow:established, to_client; content:"peer"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-07-26,updated_at 2019-07-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181843;) alert tcp any any -> $HOME_NET any (msg:"Acme - SHORT DANCING Malware Communication"; flow:established, to_client; content:"dancing"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-01-14,updated_at 2019-01-22,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181844;) alert tcp any any -> $HOME_NET any (msg:"Acme - LONG RASPBERRY Malware Communication"; flow:established, to_client; content:"raspberry"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-01-06,updated_at 2019-01-09,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181845;) alert tcp any any -> $HOME_NET any (msg:"Acme - MAXIMUM GRENADE Malware Communication"; flow:established, to_client; content:"grenade"; priority:3; metadata:cwe_id 657,malware malware,created_at 2016-09-25,updated_at 2016-09-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181846;) alert tcp any any -> $HOME_NET any (msg:"Acme - ABLE BUZZARD Malware Communication"; flow:established, to_client; content:"buzzard"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-09-27,updated_at 2018-09-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181847;) alert tcp any any -> $HOME_NET any (msg:"Acme - QUICKEST TIMELINE Malware Communication"; flow:established, to_client; content:"timeline"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-09-20,updated_at 2018-09-24,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181848;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN KITTY Malware Communication"; flow:established, to_server; content:"kitty"; priority:3; metadata:cwe_id 657,malware malware,hostile src_ip,created_at 2019-01-26,updated_at 2019-01-27,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181849;) alert tcp any any -> any any (msg:"Acme - UNEMPLOYED STAIN Malware Communication"; flow:established; content:"stain"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2019-04-15,updated_at 2019-04-16,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181850;) alert tcp any any -> $HOME_NET any (msg:"Acme - SUCCESSIVE TYPE Malware Communication"; flow:established, to_client; content:"type"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-05-09,updated_at 2019-05-15,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181851;) alert tcp any any -> $HOME_NET any (msg:"Acme - SHARP UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-06-04,updated_at 2019-06-11,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181852;) alert tcp any any -> $HOME_NET any (msg:"Acme - COMPACT NEGATIVE Malware Communication"; flow:established, to_client; content:"negative"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-11-18,updated_at 2019-11-19,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181853;) alert tcp any any -> $HOME_NET any (msg:"Acme - DISTINCT RADIATOR Malware Communication"; flow:established, to_client; content:"radiator"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-11-18,updated_at 2019-11-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181854;) alert tcp any any -> $HOME_NET any (msg:"Acme - WORRIED TRACTOR Malware Communication"; flow:established, to_client; content:"tractor"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-04-21,updated_at 2017-04-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181855;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SPLENDID LEAKER Malware Communication"; flow:established, to_client; content:"leaker"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-02-02,updated_at 2019-02-06,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181856;) #alert tcp any any -> $HOME_NET any (msg:"Acme - GLAMOROUS CONFIRMATION Malware Communication"; flow:established, to_client; content:"confirmation"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-01-18,updated_at 2019-01-18,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181857;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLEXIBLE UNKNOWNSUIT Malware Communication"; flow:established,to_server; content:"UNKNOWNsuit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-09,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181858;) alert tcp any any -> $HOME_NET any (msg:"Acme - FASCINATING FREEDOM Malware Communication"; flow:established, to_client; content:"freedom"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-10-20,updated_at 2018-10-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181859;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN MIDLINE Malware Communication"; flow:established, to_client; content:"midline"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-10-02,updated_at 2019-10-13,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181860;) alert tcp any any -> $HOME_NET any (msg:"Acme - SHAKY RUIN Malware Communication"; flow:established, to_client; content:"ruin"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-10-25,updated_at 2017-10-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181861;) alert tcp any any -> $HOME_NET any (msg:"Acme - TIRED INDEPENDENCE Malware Communication"; flow:established; content:"independence"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-02-18,updated_at 2019-02-19,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181862;) alert tcp any any -> $HOME_NET any (msg:"Acme - GUILTY ATTACK Malware Communication"; flow:established, to_client; content:"attack"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-02-20,updated_at 2018-02-20,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181863;) alert tcp any any -> $HOME_NET any (msg:"Acme - SO-CALLED UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-04-03,updated_at 2019-04-12,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181864;) alert tcp any any -> $HOME_NET any (msg:"Acme - FRIGHTENED MARGIN Malware Communication"; flow:established, to_client; content:"margin"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-01-08,updated_at 2019-01-11,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181865;) #alert tcp any any -> $HOME_NET any (msg:"Acme - WRITTEN MINION Malware Communication"; flow:established, to_client; content:"minion"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-09-01,updated_at 2017-09-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181866;) #alert tcp any any -> $HOME_NET any (msg:"Acme - QUAINT UNKNOWN Malware Communication"; flow:established; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2015-04-25,updated_at 2015-04-25,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181867;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ALTITUDE Malware Communication"; flow:established, to_server; content:"altitude"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-02-07,updated_at 2019-02-15,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181868;) alert tcp any any -> $HOME_NET any (msg:"Acme - DIGITAL HYBRIDISATION Malware Communication"; flow:established, to_client; content:"hybridisation"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-01-04,updated_at 2019-01-14,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181869;) alert tcp any any -> $HOME_NET any (msg:"Acme - OUTSIDE PAVEMENT Malware Communication"; flow:established, to_client; content:"pavement"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-06-19,updated_at 2018-06-23,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181870;) alert tcp any any -> $HOME_NET any (msg:"Acme - UPSET TRIAL Malware Communication"; flow:established, to_client; content:"trial"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-06-15,updated_at 2018-06-23,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181871;) alert tcp any any -> $HOME_NET any (msg:"Acme - SORRY FUN Malware Communication"; flow:established, to_client; content:"fun"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-01-24,updated_at 2019-01-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181872;) alert tcp any any -> $HOME_NET any (msg:"Acme - LATE TRADITIONALISM Malware Communication"; flow:established, to_client; content:"traditionalism"; priority:3; metadata:cwe_id 657,malware malware,created_at 2016-07-09,updated_at 2016-07-09,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181873;) alert tcp any any -> $HOME_NET any (msg:"Acme - ASSISTANT GORILLA Malware Communication"; flow:established, to_client; content:"gorilla"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-06-12,updated_at 2019-06-24,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181874;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-02-02,updated_at 2018-02-10,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181875;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN TADPOLE Malware Communication"; flow:established, to_client; content:"tadpole"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-05-24,updated_at 2017-05-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181876;) #alert tcp any any -> $HOME_NET any (msg:"Acme - RETAIL UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-08-12,updated_at 2018-08-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181877;) alert tcp any any -> $HOME_NET any (msg:"Acme - INSTANT DRAMATURGE Malware Communication"; flow:established, to_client; content:"dramaturge"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-01-25,updated_at 2018-01-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181878;) alert tcp any any -> $HOME_NET any (msg:"Acme - TERRIBLE HOBBIT Malware Communication"; flow:established, to_client; content:"hobbit"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-08-09,updated_at 2019-08-24,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181879;) alert tcp any any -> $HOME_NET any (msg:"Acme - FELLOW COACH Malware Communication"; flow:established, to_client; content:"coach"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-02-03,updated_at 2017-02-16,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181880;) alert tcp any any -> $HOME_NET any (msg:"Acme - RED CUNKNOWN Malware Communication"; flow:established, to_client; content:"cUNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-03-13,updated_at 2019-03-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181881;) alert tcp any any -> $HOME_NET any (msg:"Acme - MERE FLOOD Malware Communication"; flow:established, to_client; content:"flood"; priority:3; metadata:cwe_id 657,malware malware,created_at 2016-07-22,updated_at 2016-07-24,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181882;) alert tcp any any -> $HOME_NET any (msg:"Acme - AMBITIOUS UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-01-21,updated_at 2017-01-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181883;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN WOUND Malware Communication"; flow:established, to_client; content:"wound"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-09-22,updated_at 2018-09-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181884;) alert tcp any any -> $HOME_NET any (msg:"Acme - ORDINARY PUSHER Malware Communication"; flow:established, to_client; content:"pusher"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-03-11,updated_at 2019-03-18,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181885;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAINT SYRUP Traffic Detected"; flow:established, to_server; content:"syrup"; priority:3; metadata:created_at 2018-08-22,capec_id 66,updated_at 2018-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80181886;) alert tcp any any -> $HOME_NET any (msg:"Acme - OLYMPIC SNOWMOBILING Malware Communication"; flow:established, to_client; content:"snowmobiling"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-10-16,updated_at 2019-10-23,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181887;) alert tcp any any -> $HOME_NET any (msg:"Acme - AGREEABLE CLIP Malware Communication"; flow:established, to_client; content:"clip"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-07-13,updated_at 2018-07-21,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181888;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHIVERING HALF Malware Communication"; flow:established, to_server; content:"half"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-01-23,updated_at 2019-01-28,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181889;) alert tcp any any -> $HOME_NET any (msg:"Acme - FAMOUS DEER Malware Communication"; flow:established, to_client; content:"deer"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-10-24,updated_at 2018-10-24,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181890;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREAT HAPPINESS Malware Communication"; flow:established, to_server; content:"happiness"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-03-20,updated_at 2017-03-23,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181891;) #alert tcp any any -> $HOME_NET any (msg:"Acme - FUN WRENCH Malware Communication"; flow:established, to_client; content:"wrench"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-03-20,updated_at 2019-03-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181892;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEERFUL LIGHT Malware Communication"; flow:established,to_client; file_data; content:"light"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2017-03-07,updated_at 2017-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181893;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAIR ALPENHORN Malware Communication"; flow:established, to_server; content:"alpenhorn"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-03-11,updated_at 2019-03-26,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181894;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN COLOR Malware Communication"; flow:established, to_client; content:"color"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-08-05,updated_at 2019-08-11,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181895;) alert tcp any any -> $HOME_NET any (msg:"Acme - JUDICIAL SYMPATHY Malware Communication"; flow:established, to_client; content:"sympathy"; priority:3; metadata:cwe_id 657,malware malware,created_at 2016-05-23,updated_at 2016-05-25,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181896;) alert tcp any any -> $HOME_NET any (msg:"Acme - DELICIOUS HOUSE Malware Communication"; flow:established, to_client; content:"house"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-01-11,updated_at 2019-01-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181897;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONDEMNED AMBULANCE Malware Communication"; flow:established, to_server; content:"ambulance"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-03-15,updated_at 2019-03-15,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181898;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DESPERATE HURRY Malware Communication"; flow:established,to_server; content:"hurry"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-11-23,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80181899;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLOSSAL KID Malware Communication"; flow:established, to_server; content:"kid"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-03-04,updated_at 2017-03-07,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181900;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIG TEXTBOOK Malware Communication"; flow:established,to_server; content:"textbook"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-24,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181901;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAUTIOUS USE Malware Communication"; flow:established,to_client; content:"use"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-06-13,updated_at 2017-06-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181902;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRITICAL EFFORT Malware Communication"; flow:established, to_server; content:"effort"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-01-08,updated_at 2017-01-12,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181903;) alert tcp any any -> $HOME_NET any (msg:"Acme - JUST MUSIC Malware Communication"; flow:established, to_client; content:"music"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-02-18,updated_at 2018-02-22,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181904;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBLIGED PHRASE Malware Communication"; flow:established, to_server; content:"phrase"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2019-09-05,updated_at 2019-09-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80181905;) alert tcp any any -> $HOME_NET any (msg:"Acme - LOUD GEM Malware Communication"; flow:established, to_client; content:"gem"; priority:3; metadata:cwe_id 657,malware malware,created_at 2015-06-08,updated_at 2015-06-20,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181906;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CUTE SLOTH Malware Communication"; flow:established, to_server; content:"sloth"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2016-09-01,updated_at 2016-09-20,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181907;) alert tcp any any -> $HOME_NET any (msg:"Acme - PURPLE HOSPITAL Malware Communication"; flow:established, to_client; content:"hospital"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-04-21,updated_at 2018-04-23,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181908;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KEEN CREST Malware Communication"; flow:established, to_server; content:"crest"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2018-09-11,updated_at 2018-09-24,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181909;) alert tcp any any -> $HOME_NET any (msg:"Acme - FUNNY EGG Malware Communication"; flow:established, to_client; content:"egg"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-03-25,updated_at 2017-03-25,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181910;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOVELY YOGA Malware Communication"; flow:established, to_server; content:"yoga"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2019-05-09,updated_at 2019-05-23,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:2; sid:80181911;) alert tcp any any -> $HOME_NET any (msg:"Acme - PRIME VAULTING Malware Communication"; flow:established, to_client; content:"vaulting"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-04-18,updated_at 2018-04-19,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181912;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHRILL INTERVIEW Malware Communication"; flow:established, to_server; content:"interview"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-11-15,updated_at 2019-11-27,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181913;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ATTRACTIVE NAMING Malware Communication"; flow:established, to_server; content:"naming"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-03-18,updated_at 2019-03-26,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181914;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLAD RACCOON Malware Communication"; flow:established, to_server; content:"raccoon"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2018-04-23,updated_at 2018-04-27,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181915;) alert tcp any any -> $HOME_NET any (msg:"Acme - IMAGIUNKNOWN PLUNGER Malware Communication"; flow:established, to_client; content:"plunger"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-09-02,updated_at 2019-09-16,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181916;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EERIE SNOWMAN Malware Communication"; flow:established, to_server; content:"snowman"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-11-21,updated_at 2019-11-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181917;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIANT SOCKS Malware Communication"; flow:established, to_server; content:"socks"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-10-17,updated_at 2017-10-21,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181918;) alert tcp any any -> $HOME_NET any (msg:"Acme - MINOR CYNIC Malware Communication"; flow:established, to_client; content:"cynic"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-09-09,updated_at 2017-09-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181919;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRIPED UNKNOWNFISH Malware Communication"; flow:established, to_server; content:"UNKNOWNfish"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-04-07,updated_at 2019-04-28,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181920;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHY SELF Malware Communication"; flow:established, to_server; content:"self"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2015-07-24,updated_at 2015-07-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181921;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIRCULAR CONCRETE Malware Communication"; flow:established, to_server; content:"concrete"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-04-02,updated_at 2017-04-19,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181922;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STILL LACK Malware Communication"; flow:established, to_server; content:"lack"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-08-09,updated_at 2019-08-13,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181923;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YUMMY UNKNOWNITY Malware Communication"; flow:established, to_server; content:"UNKNOWNity"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-07-17,updated_at 2019-07-20,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181924;) alert tcp any any -> $HOME_NET any (msg:"Acme - CROOKED GEOMETRY Malware Communication"; flow:established, to_client; content:"geometry"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-09-13,updated_at 2017-09-23,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181925;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPATIAL NEEDLE Malware Communication"; flow:established, to_server; content:"needle"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2018-02-18,updated_at 2018-02-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181926;) alert tcp any any -> $HOME_NET any (msg:"Acme - IDEOLOGICAL CRAFTSMAN Malware Communication"; flow:established, to_client; content:"craftsman"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-09-25,updated_at 2019-09-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181927;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHARP UNKNOWNHBRUSH Malware Communication"; flow:established, to_server; content:"UNKNOWNhbrush"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-05-19,updated_at 2017-05-23,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181928;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MONETARY DOUBLING Malware Communication"; flow:established, to_server; content:"doubling"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-05-15,updated_at 2017-05-26,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181929;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RAVEN Malware Communication"; flow:established, to_server; content:"raven"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-02-08,updated_at 2019-02-22,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181930;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WASTEFUL TORTOISE Malware Communication"; flow:established, to_server; content:"tortoise"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-06-01,updated_at 2019-06-23,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181931;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRAND COEVOLUTION Malware Communication"; flow:established, to_server; content:"coevolution"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-03-25,updated_at 2019-03-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181932;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIZZY PRINCESS Malware Communication"; flow:established, to_server; content:"princess"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2018-01-08,updated_at 2018-01-27,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181933;) alert tcp any any -> $HOME_NET any (msg:"Acme - OUTDOOR REGULAR Malware Communication"; flow:established, to_client; content:"regular"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-02-17,updated_at 2019-02-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181934;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS TWILIGHT Malware Communication"; flow:established, to_server; content:"twilight"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-03-23,updated_at 2019-03-28,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181935;) alert tcp any any -> $HOME_NET any (msg:"Acme - CRIMINAL EARPLUG Malware Communication"; flow:established, to_client; content:"earplug"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-04-09,updated_at 2019-04-18,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181936;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROYAL VEGETATION Malware Communication"; flow:established, to_server; content:"vegetation"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2015-09-19,updated_at 2015-09-19,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181937;) alert tcp any any -> $HOME_NET any (msg:"Acme - DIFFICULT COUCH Malware Communication"; flow:established, to_client; content:"couch"; priority:3; metadata:cwe_id 657,malware malware,created_at 2019-06-23,updated_at 2019-06-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181938;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AWFUL WINNER Malware Communication"; flow:established, to_server; content:"winner"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2018-02-05,updated_at 2018-02-16,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181939;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELIBERATE RAMBLER Malware Communication"; flow:established, to_server; content:"rambler"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2018-11-14,updated_at 2018-11-21,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181940;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANAGING GOOSE Malware Communication"; flow:established, to_server; content:"goose"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2017-04-22,updated_at 2017-04-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181941;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEALTHY INJUSTICE Exploitation Attempt Seen"; flow:established, to_client; content:"injustice"; priority:4; metadata:cwe_id 122,created_at 2016-06-23,updated_at 2016-06-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.3,cve 2016-3027589,cvss_v2_temporal 1.7,protocols http,protocols tcp; rev:3; sid:80181942;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARACTERISTIC THEME Malware Communication"; flow:established, to_server; content:"theme"; priority:3; metadata:cwe_id 657,malware malware,hostile src_ip,created_at 2019-05-25,updated_at 2019-05-27,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181943;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - BLIND OPPORTUNITY Malware Communication"; flow:established,to_server; content:"opportunity"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-04,updated_at 2017-08-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80181944;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RADICAL WELFARE Traffic Detected"; flow:established, to_server; content:"welfare"; priority:3; metadata:hostile src_ip,created_at 2019-07-02,capec_id 116,updated_at 2019-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181945;) #alert http any any -> $HOME_NET any (msg:"Acme - CORPORATE STEP-MOTHER Traffic Detected"; flow:established, to_server; content:"step-mother"; priority:3; metadata:hostile src_ip,created_at 2017-06-22,capec_id 116,updated_at 2017-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181946;) #alert http any any -> $HOME_NET any (msg:"Acme - DULL CYMBAL Traffic Detected"; flow:established, to_server; content:"cymbal"; priority:3; metadata:hostile src_ip,created_at 2019-04-14,capec_id 116,updated_at 2019-04-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181947;) #alert http any any -> $HOME_NET any (msg:"Acme - ADEQUATE OIL Traffic Detected"; flow:established, to_server; content:"oil"; priority:3; metadata:hostile src_ip,created_at 2019-01-20,capec_id 116,updated_at 2019-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181948;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INC INTENTION Traffic Detected"; flow:established, to_server; content:"intention"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2017-06-17,capec_id 66,updated_at 2017-06-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181949;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEVELOPED PROPANE Traffic Detected"; flow:established, to_server; content:"propane"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-10-12,capec_id 66,updated_at 2019-10-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181950;) #alert http any any -> $HOME_NET any (msg:"Acme - EXTRA EYE Traffic Detected"; flow:established, to_server; content:"eye"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-02-12,capec_id 66,updated_at 2019-02-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181951;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AWARE MEETING Traffic Detected"; flow:established, to_server; content:"meeting"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-03-05,capec_id 66,updated_at 2019-03-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181952;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REGISTERED SPREAD Traffic Detected"; flow:established, to_server; content:"spread"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-06-08,capec_id 66,updated_at 2019-06-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181953;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AESTHETIC UNKNOWNWARE Traffic Detected"; flow:established, to_server; content:"UNKNOWNware"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2016-07-07,capec_id 66,updated_at 2016-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181954;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REGIONAL AARDVARK Traffic Detected"; flow:established, to_server; content:"aardvark"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-08-09,capec_id 66,updated_at 2019-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181955;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFECTIVE STATION-WAGON Traffic Detected"; flow:established, to_server; content:"station-wagon"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2018-08-03,capec_id 66,updated_at 2018-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181956;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ZEALOUS QUADRANT Traffic Detected"; flow:established,to_server; content:"quadrant"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-09-03,capec_id 66,updated_at 2019-09-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181957;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINGUISTIC RECORDING Traffic Detected"; flow:established, to_server; content:"recording"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-06-21,capec_id 66,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181958;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRATEFUL BOATYARD Traffic Detected"; flow:established, to_server; content:"boatyard"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-05-24,capec_id 66,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181959;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SACK Traffic Detected"; flow:established, to_server; content:"sack"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2018-01-08,capec_id 66,updated_at 2018-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181960;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GUARD Traffic Detected"; flow:established, to_server; content:"guard"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-10-16,capec_id 66,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181961;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - LEADING STUFF Traffic Detected"; flow:established, to_server; content:"stuff"; priority:3; metadata:hostile src_ip,created_at 2018-09-05,capec_id 66,updated_at 2018-09-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181962;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STATISTICAL UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-10-17,capec_id 66,updated_at 2019-10-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181963;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACTIVE WOOD Traffic Detected"; flow:established, to_server; content:"wood"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2018-10-09,capec_id 248,updated_at 2018-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181964;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DAMAGED WORKLIFE Traffic Detected"; flow:established, to_server; content:"worklife"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-07-11,capec_id 66,updated_at 2019-07-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181965;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD WARLOCK Traffic Detected"; flow:established, to_server; content:"warlock"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-08-11,capec_id 66,updated_at 2019-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181966;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MARRIED DEALER Traffic Detected"; flow:established, to_server; content:"dealer"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2017-03-23,capec_id 66,updated_at 2017-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80181967;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTENT CUPBOARD Traffic Detected"; flow:established, to_server; content:"cupboard"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2017-07-10,capec_id 212,updated_at 2017-07-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181968;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCLUSIVE FIRE Malware Communication"; flow:established, to_server; content:"fire"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-03-10,updated_at 2019-03-22,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181969;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AESTHETIC INJURY Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"injury"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-01-18,updated_at 2019-01-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80181970;) #alert http any any -> $HOME_NET any (msg:"Acme - FRESH RAFT Traffic Detected"; flow:established, to_server; content:"raft"; priority:3; metadata:hostile src_ip,created_at 2019-07-06,capec_id 116,updated_at 2019-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181971;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MEAL Traffic Detected"; flow:established, to_server; content:"meal"; priority:3; metadata:hostile src_ip,created_at 2019-01-10,capec_id 115,updated_at 2019-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181972;) alert tcp any any -> any any (msg:"Acme - RELIABLE LAND Malware Communication"; flow:established, to_server; content:"land"; priority:3; metadata:cwe_id 657,malware malware,created_at 2017-01-25,updated_at 2017-01-25,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80181973;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSCIOUS SURVEY Malware Communication"; flow:established, to_client; content:"survey"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-01-01,updated_at 2019-01-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target imap-client,attack_target client,protocols imap,protocols tcp; rev:1; sid:80181974;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTENDED UNKNOWNWARE Malware Communication"; flow:established, to_client; content:"UNKNOWNware"; priority:3; metadata:cwe_id 657,malware malware,hostile src_ip,created_at 2018-08-12,updated_at 2018-08-19,filename email.rules,priority low,rule_source acme-rule-factory,attack_target client,attack_target pop-client,protocols pop,protocols tcp; rev:1; sid:80181975;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2016-03-08,updated_at 2016-03-13,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181976;) #alert http any any -> $HOME_NET any (msg:"Acme - ENDLESS ROUTE Traffic Detected"; flow:established, to_server; content:"route"; priority:3; metadata:hostile src_ip,created_at 2019-07-01,capec_id 116,updated_at 2019-07-03,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181977;) #alert http any any -> $HOME_NET any (msg:"Acme - RASPY RECTANGLE Traffic Detected"; flow:established, to_server; content:"rectangle"; priority:3; metadata:hostile src_ip,created_at 2016-05-25,capec_id 116,updated_at 2016-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181978;) alert tcp any any -> $HOME_NET any (msg:"Acme - PRECISE MAYOR Traffic Detected"; flow:established, to_server; content:"mayor"; priority:3; metadata:hostile dest_ip,created_at 2016-06-06,capec_id 116,updated_at 2016-06-09,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80181979;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARTICULAR MISSILE Traffic Detected"; flow:established, to_server; content:"missile"; priority:3; metadata:hostile src_ip,created_at 2017-05-05,capec_id 310,updated_at 2017-05-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181980;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EVENT Exploitation Attempt Seen"; flow:established,to_server; content:"event"; priority:3; metadata:hostile src_ip,created_at 2019-01-08,capec_id 118,updated_at 2019-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-3145845,protocols http,protocols tcp; rev:2; sid:80181981;) alert tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:hostile src_ip,created_at 2018-08-15,capec_id 118,updated_at 2018-08-18,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80181982;) alert tcp $HOME_NET any -> any any (msg:"Acme - ALIVE SHAWL Traffic Detected"; flow:established,to_server; content:"shawl"; priority:1; metadata:hostile src_ip,created_at 2017-01-18,capec_id 118,updated_at 2017-01-24,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80181983;) alert tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-01-24,capec_id 116,updated_at 2018-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80181984;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FLAT TABLECLOTH Traffic Detected"; flow:established,to_client; content:"tablecloth"; priority:2; metadata:hostile src_ip,created_at 2018-09-27,updated_at 2018-09-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80181985;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOSED POLYESTER Traffic Detected"; flow:established, to_server; content:"polyester"; priority:3; metadata:hostile src_ip,created_at 2019-02-24,updated_at 2019-02-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80181986;) #alert tcp any any -> any any (msg:"Acme - UNWILLING DIMPLE Traffic Detected"; flow:established, to_client; content:"dimple"; priority:3; metadata:created_at 2019-10-19,updated_at 2019-10-20,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80181987;) #alert tcp any any -> $HOME_NET any (msg:"Acme - IDEAL ANAUNKNOWNY Traffic Detected"; flow:established, to_client; content:"anaUNKNOWNy"; priority:3; metadata:created_at 2019-04-23,updated_at 2019-04-24,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80181988;) alert tcp any any -> any any (msg:"Acme - REMARKABLE MODEM Traffic Detected"; flow:established, to_server; content:"modem"; priority:3; metadata:hostile src_ip,created_at 2017-09-02,capec_id 255,updated_at 2017-09-23,filename email.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80181989;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIT BABOON Traffic Detected"; flow:established,to_server; content:"baboon"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-03-18,capec_id 118,updated_at 2018-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80181990;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - LIGHT AGLET Traffic Detected"; flow:established, to_server; content:"aglet"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-07-23,capec_id 310,updated_at 2016-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181991;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - HORIZONTAL APPLEWOOD Traffic Detected"; flow:established, to_server; content:"applewood"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2015-05-12,capec_id 310,updated_at 2015-05-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80181992;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BIRTH Traffic Detected"; flow:established, to_server; content:"birth"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-10-20,capec_id 70,updated_at 2019-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181993;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CENTRAL SHARE Traffic Detected"; flow:established, to_server; content:"share"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-07-14,capec_id 70,updated_at 2019-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181994;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELIGHTED PILLOW Traffic Detected"; flow:established, to_server; content:"pillow"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-05-03,capec_id 70,updated_at 2018-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181995;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNNY RESOURCE Traffic Detected"; flow:established, to_server; content:"resource"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-03-07,capec_id 70,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181996;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NINEUNKNOWNTH-CENTURY STORM Traffic Detected"; flow:established, to_server; content:"storm"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-10-15,capec_id 70,updated_at 2018-10-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181997;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLD SPIRAL Traffic Detected"; flow:established, to_server; content:"spiral"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-11-04,capec_id 16,updated_at 2016-11-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80181998;) #alert smb $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE MACADAMIA Exploitation Attempt Seen"; flow:established,to_server; content:"macadamia"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2018-11-08,capec_id 310,updated_at 2018-11-15,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2018-7559182,protocols smb,protocols tcp; rev:2; sid:80181999;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OK TUBE Malware Communication"; flow:established,to_server; content:"tube"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-23,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182000;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LENGTHY WRIST Traffic Detected"; flow:established,to_server; content:"wrist"; priority:1; metadata:cwe_id 506,cwe_id 507,hostile dest_ip,created_at 2015-03-25,updated_at 2015-03-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182001;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURIOUS SHOW-STOPPER Exploitation Attempt Seen"; flow:established,to_client; file_data; file_data; content:"show-stopper"; priority:2; metadata:cwe_id 824,cvss_v3_base 5.1,hostile src_ip,created_at 2017-03-11,capec_id 100,updated_at 2017-03-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target http-client,attack_target client,cvss_v3_temporal 5.2,cve 2017-104455,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80182002;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PEACEFUL POP Traffic Detected"; flow:established, to_server; content:"pop"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-04-27,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182003;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EQUAL CARRY Traffic Detected"; flow:established, to_server; content:"carry"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-09-16,updated_at 2019-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182004;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHALLOW BREAKPOINT Traffic Detected"; flow:established,to_server; content:"breakpoint"; priority:3; metadata:cwe_id 657,created_at 2019-03-26,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182005;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUDDY DOOR Traffic Detected"; flow:established, to_server; content:"door"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-11-10,updated_at 2019-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182006;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURROUNDING BROOCH Traffic Detected"; flow:established,to_server; content:"brooch"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2018-09-22,updated_at 2018-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182007;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSTRACT GALE Traffic Detected"; flow:established,to_server; content:"gale"; priority:3; metadata:cwe_id 657,created_at 2017-11-03,updated_at 2017-11-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182008;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRIGHT SORROW Traffic Detected"; flow:established,to_server; content:"sorrow"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-06-04,updated_at 2019-06-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182009;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEALTHY REVENANT Traffic Detected"; flow:established,to_server; content:"revenant"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2018-06-06,updated_at 2018-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182010;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOLLY TODAY Traffic Detected"; flow:established,to_server; content:"today"; priority:3; metadata:hostile src_ip,created_at 2019-03-15,capec_id 118,updated_at 2019-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182011;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPREHENSIVE UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-10-27,capec_id 310,updated_at 2017-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182012;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INQUISITIVE SPRUCE Traffic Detected"; flow:established, to_server; content:"spruce"; priority:3; metadata:hostile src_ip,created_at 2017-01-04,capec_id 118,updated_at 2017-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182013;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURPRISING LEISURE Traffic Detected"; flow:established, to_server; content:"leisure"; priority:3; metadata:hostile src_ip,created_at 2019-11-23,capec_id 310,updated_at 2019-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182014;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ENTERTAINMENT Traffic Detected"; flow:established,to_server; content:"entertainment"; priority:3; metadata:hostile src_ip,created_at 2018-04-20,capec_id 310,updated_at 2018-04-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182015;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REMAINING GAUGE Traffic Detected"; flow:established,to_server; content:"gauge"; priority:3; metadata:hostile src_ip,created_at 2019-05-07,capec_id 310,updated_at 2019-05-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182016;) #alert http $EXTERNAL_NET any -> any any (msg:"Acme - UNKNOWN DIVER Traffic Detected"; flow:established,to_server; content:"diver"; priority:3; metadata:hostile src_ip,created_at 2017-03-05,capec_id 310,updated_at 2017-03-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80182017;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGNETIC SCRAPER Traffic Detected"; flow:established,to_server; content:"scraper"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-05-19,capec_id 310,updated_at 2019-05-25,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182018;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LITERATURE Traffic Detected"; flow:established,to_server; content:"literature"; priority:3; metadata:hostile src_ip,created_at 2017-08-02,capec_id 310,updated_at 2017-08-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182019;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABOVE SECURITY Malware Communication"; flow:established,to_server; content:"security"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-02-12,updated_at 2018-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182020;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRIMINAL UNKNOWNWATCH Malware Communication"; flow:established,to_server; content:"UNKNOWNwatch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-16,updated_at 2019-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182021;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPERIMENTAL TIMELINE Malware Communication"; flow:established,to_server; content:"timeline"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-01,updated_at 2019-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182022;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFINITE PROMISE Traffic Detected"; flow:established,to_server; content:"promise"; priority:1; metadata:hostile dest_ip,created_at 2016-11-05,updated_at 2016-11-07,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182023;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENEROUS CURSOR Exploitation Attempt Seen"; flow:established, to_server; content:"cursor"; priority:3; metadata:cwe_id 284,hostile src_ip,created_at 2019-11-13,capec_id 119,updated_at 2019-11-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,cve 2015-3920161,cvss_v2_temporal 7.9,protocols tcp; rev:1; sid:80182024;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRIVING DRESSER Exploitation Attempt Seen"; flow:established, to_server; content:"dresser"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-04-24,capec_id 119,updated_at 2019-04-24,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,cve 2017-4595088,cvss_v2_temporal 4.5,protocols tcp; rev:1; sid:80182025;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BARE CASE Exploitation Attempt Seen"; flow:established, to_server; content:"case"; priority:3; metadata:cwe_id 284,hostile src_ip,created_at 2019-10-21,capec_id 119,updated_at 2019-10-24,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,cve 2019-8344211,cvss_v2_temporal 3.8,protocols tcp; rev:1; sid:80182026;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURPLE CURRENCY Exploitation Attempt Seen"; flow:established, to_server; content:"currency"; priority:3; metadata:cwe_id 200,cwe_id 284,hostile src_ip,created_at 2017-02-16,capec_id 36,updated_at 2017-02-18,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,cve 2017-9752756,cvss_v2_temporal 1.6,protocols tcp; rev:1; sid:80182027;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAUSAL USE Exploitation Attempt Seen"; flow:established, to_server; content:"use"; priority:3; metadata:cwe_id 284,hostile src_ip,created_at 2019-05-08,updated_at 2019-05-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,cve 2019-8767093,cvss_v2_temporal 7.7,protocols tcp; rev:1; sid:80182028;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORIGINAL LETTUCE Exploitation Attempt Seen"; flow:established, to_server; content:"lettuce"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2016-06-07,capec_id 119,updated_at 2016-06-17,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target server,cve 2015-6935438,cvss_v2_temporal 6.3,protocols tcp; rev:1; sid:80182029;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUSPICIOUS SMOKE Malware Communication"; flow:established, to_server; content:"smoke"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-18,updated_at 2018-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182030;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAR LOYALTY Malware Communication"; flow:established,to_server; content:"loyalty"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-09,updated_at 2019-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182031;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HAPPY BLINKER Exploitation Attempt Seen"; flow:established,to_server; content:"blinker"; priority:2; metadata:cwe_id 264,cvss_v3_base 2.9,hostile dest_ip,created_at 2016-10-15,capec_id 210,updated_at 2016-10-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target http-client,attack_target client,cvss_v3_temporal 3.1,cve 2015-8346444,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80182032;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIG PUNISHMENT Malware Communication"; flow:established,to_server; content:"punishment"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-03-14,updated_at 2017-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80182033;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FULL-TIME RELATION Exploitation Attempt Seen"; flow:established, to_server; content:"relation"; priority:3; metadata:hostile src_ip,created_at 2019-07-08,capec_id 100,updated_at 2019-07-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-383238,protocols ftp,protocols tcp; rev:1; sid:80182034;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPLESS JUMP Exploitation Attempt Seen"; flow:established, to_server; content:"jump"; priority:3; metadata:hostile src_ip,created_at 2019-10-05,capec_id 100,updated_at 2019-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-7182154,protocols ftp,protocols tcp; rev:1; sid:80182035;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL UNKNOWNRMACOPOEIA Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNrmacopoeia"; priority:3; metadata:hostile src_ip,created_at 2019-02-12,capec_id 100,updated_at 2019-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-1443188,protocols ftp,protocols tcp; rev:1; sid:80182036;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PUNY BARRACKS Exploitation Attempt Seen"; flow:established, to_server; content:"barracks"; priority:3; metadata:hostile src_ip,created_at 2019-10-10,capec_id 100,updated_at 2019-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2017-3927286,protocols ftp,protocols tcp; rev:1; sid:80182037;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTURBED BAROMETER Exploitation Attempt Seen"; flow:established, to_server; content:"barometer"; priority:3; metadata:hostile src_ip,created_at 2018-08-24,capec_id 100,updated_at 2018-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-2276181,protocols ftp,protocols tcp; rev:1; sid:80182038;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TECHNOLOGICAL ONE Exploitation Attempt Seen"; flow:established, to_server; content:"one"; priority:3; metadata:hostile src_ip,created_at 2019-05-05,capec_id 100,updated_at 2019-05-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-4641345,protocols ftp,protocols tcp; rev:1; sid:80182039;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HISTORICAL GLOCKENSPIEL Exploitation Attempt Seen"; flow:established, to_server; content:"glockenspiel"; priority:3; metadata:hostile src_ip,created_at 2019-03-12,capec_id 213,updated_at 2019-03-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-5535167,protocols http,protocols tcp; rev:2; sid:80182040;) drop tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNHAPPY REGISTER Malware Communication"; flow:established,to_server; ssl_state:client_hello; content:"register"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2017-10-18,updated_at 2017-10-20,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80182041;) #alert tcp any any -> any any (msg:"Acme - LIVE YEAR Exploitation Attempt Seen"; flow:established,to_server; content:"year"; priority:3; metadata:hostile src_ip,created_at 2019-11-09,capec_id 123,updated_at 2019-11-14,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-9356271,protocols imap,protocols tcp; rev:1; sid:80182042;) alert http any any -> $HOME_NET any (msg:"Acme - EMPIRICAL GRANDFATHER Traffic Detected"; flow:established, to_client; content:"grandfather"; priority:3; metadata:hostile src_ip,created_at 2018-11-03,updated_at 2018-11-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182043;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HISTORICAL CALCULATOR Traffic Detected"; flow:established, to_client; content:"calculator"; priority:3; metadata:hostile src_ip,created_at 2018-07-10,updated_at 2018-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182044;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-02-22,updated_at 2017-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182045;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD EGGPLANT Traffic Detected"; flow:established, to_client; content:"eggplant"; priority:3; metadata:hostile src_ip,created_at 2017-04-20,updated_at 2017-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182046;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELEGANT TRUCKIT Exploitation Attempt Seen"; flow:established, to_server; content:"truckit"; priority:3; metadata:hostile src_ip,created_at 2016-03-19,capec_id 100,updated_at 2016-03-27,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,cve 2015-3921589,protocols rpc,protocols tcp; rev:1; sid:80182047;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORING BATTLESHIP Malware Communication"; flow:established,to_server; content:"battleship"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-27,updated_at 2018-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182048;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCORNFUL UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-03-24,capec_id 100,updated_at 2019-03-26,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,cve 2015-8904237,protocols rpc,protocols tcp; rev:1; sid:80182049;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOINT FILTH Malware Communication"; flow:established, to_client; file_data; content:"filth"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-02-11,updated_at 2018-02-14,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182050;) alert tcp any any -> $HOME_NET any (msg:"Acme - CLOSED KEEP Malware Communication"; flow:established, to_client; content:"keep"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2018-11-03,updated_at 2018-11-13,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182051;) alert tcp any any -> $HOME_NET any (msg:"Acme - SUBSEQUENT TURBAN Malware Communication"; flow:established, to_client; content:"turban"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2018-02-17,updated_at 2018-02-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182052;) alert tcp any any -> $HOME_NET any (msg:"Acme - COMMON PRINCE Malware Communication"; flow:established, to_client; content:"prince"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-08-27,updated_at 2019-08-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182053;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPRESSIVE LETTER Traffic Detected"; flow:established, to_server; content:"letter"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2015-05-17,capec_id 148,updated_at 2015-05-21,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80182054;) alert tcp any any -> $HOME_NET any (msg:"Acme - MULTIPLE UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2017-04-10,updated_at 2017-04-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182055;) alert tcp any any -> $HOME_NET any (msg:"Acme - TOUGH HELO Malware Communication"; flow:established, to_client; content:"helo"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-06-08,updated_at 2019-06-19,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182056;) alert tcp any any -> $HOME_NET any (msg:"Acme - PRETTY SPRAY Malware Communication"; flow:established, to_client; content:"spray"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-03-15,updated_at 2019-03-19,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182057;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GUNKNOWNPY UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-05,updated_at 2019-03-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182058;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MULTIPLE UNKNOWNWARE Malware Communication"; flow:established,to_client; file_data; content:"UNKNOWNware"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2018-09-05,updated_at 2018-09-14,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80182059;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVANCED GENETICS Malware Communication"; flow:established, to_server; content:"genetics"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-04-13,updated_at 2016-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182060;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN KINDNESS Traffic Detected"; flow:established, to_server; content:"kindness"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2015-10-17,capec_id 148,updated_at 2015-10-18,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80182061;) alert tcp any any -> $HOME_NET any (msg:"Acme - TALL CHORD Malware Communication"; flow:established, to_client; content:"chord"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-09-18,updated_at 2019-09-20,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182062;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NINEUNKNOWNTH-CENTURY PROGRAM Malware Communication"; flow:established,to_server; content:"program"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-11,updated_at 2019-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182063;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOUGH CROWD Malware Communication"; flow:established, to_client; file_data; content:"crowd"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-08-27,updated_at 2019-08-27,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182064;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DYNAMIC PUPPY Malware Communication"; flow:established,to_client; file_data; content:"puppy"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-07-07,updated_at 2017-07-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182065;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN OSPREY Malware Communication"; flow:established,to_server; content:"osprey"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-08,updated_at 2019-10-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80182066;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPROVED TENEMENT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"tenement"; priority:3; metadata:hostile src_ip,created_at 2018-05-02,capec_id 253,updated_at 2018-05-04,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-6560062,protocols http,protocols tcp; rev:2; sid:80182067;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RECEIPT Traffic Detected"; flow:established, to_server; content:"receipt"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-08-04,capec_id 213,updated_at 2019-08-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182068;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUAINT PUPIL Traffic Detected"; flow:established, to_server; content:"pupil"; priority:3; metadata:hostile src_ip,created_at 2018-01-06,capec_id 225,updated_at 2018-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182069;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOP CHAUFFEUR Exploitation Attempt Seen"; flow:established, to_server; content:"chauffeur"; priority:3; metadata:hostile src_ip,created_at 2019-04-23,capec_id 310,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-6168286,protocols http,protocols tcp; rev:2; sid:80182070;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN PARK Traffic Detected"; flow:established, to_server; content:"park"; priority:3; metadata:hostile src_ip,created_at 2019-11-06,capec_id 135,updated_at 2019-11-16,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80182071;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CROOKED EDITORIAL Traffic Detected"; flow:established, to_server; content:"editorial"; priority:3; metadata:hostile src_ip,created_at 2016-11-15,capec_id 100,updated_at 2016-11-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182072;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOUGH ATTENTION Traffic Detected"; flow:established, to_server; content:"attention"; priority:3; metadata:hostile src_ip,created_at 2017-11-18,capec_id 100,updated_at 2017-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182073;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLIPPERY NUT Traffic Detected"; flow:established,to_server; content:"nut"; priority:3; metadata:hostile src_ip,created_at 2019-08-15,capec_id 63,updated_at 2019-08-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182074;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PINK CONSUL Exploitation Attempt Seen"; flow:established, to_server; content:"consul"; priority:3; metadata:hostile src_ip,created_at 2019-02-10,capec_id 118,updated_at 2019-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-7648331,protocols http,protocols tcp; rev:2; sid:80182075;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTENSE SHORTAGE Exploitation Attempt Seen"; flow:established, to_server; content:"shortage"; priority:3; metadata:cwe_id 507,hostile src_ip,created_at 2019-08-18,capec_id 248,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cve 2019-106588,cvss_v2_temporal 8.5,protocols http,protocols tcp; rev:2; sid:80182076;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELECTUNKNOWN SHOESTRING Exploitation Attempt Seen"; flow:established,to_server; content:"shoestring"; priority:2; metadata:cwe_id 78,cvss_v3_base 6.7,hostile src_ip,created_at 2019-07-03,capec_id 248,updated_at 2019-07-10,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cvss_v3_temporal 6.8,cve 2016-4975514,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80182077;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INVISIBLE TOTAL Traffic Detected"; flow:established,to_server; content:"total"; priority:3; metadata:hostile src_ip,created_at 2019-07-25,capec_id 116,updated_at 2019-07-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182078;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - WELL-KNOWN PRACTICE Traffic Detected"; flow:established, to_server; content:"practice"; priority:3; metadata:hostile src_ip,created_at 2019-04-22,capec_id 116,updated_at 2019-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182079;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRETTY WALNUT Malware Communication"; flow:established,to_server; content:"walnut"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-16,updated_at 2019-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182080;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - BRAVE PHYSICAL Traffic Detected"; flow:established, to_server; content:"physical"; priority:4; metadata:hostile src_ip,created_at 2016-04-14,capec_id 66,updated_at 2016-04-21,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182081;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FINAL INCANDESCENCE Traffic Detected"; flow:established, to_server; content:"incandescence"; priority:3; metadata:hostile src_ip,created_at 2019-05-08,capec_id 66,updated_at 2019-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182082;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CONVERSATION Exploitation Attempt Seen"; flow:established, to_server; content:"conversation"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-01-08,capec_id 286,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target server,attack_target http-server,cve 2018-6372645,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80182083;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MINIMUM PATINA Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"patina"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-11-20,capec_id 156,updated_at 2018-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cve 2016-3084087,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80182084;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACUTE BANDOLIER Traffic Detected"; flow:established, to_server; content:"bandolier"; priority:4; metadata:created_at 2016-04-04,updated_at 2016-04-26,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182085;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARALLEL CHAIRPERSON Traffic Detected"; flow:established,to_server; content:"chairperson"; priority:3; metadata:hostile src_ip,created_at 2019-06-23,updated_at 2019-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target server,attack_target http-server,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:3; sid:80182086;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG ANTUNKNOWNY Traffic Detected"; flow:established,to_server; content:"antUNKNOWNy"; priority:3; metadata:hostile src_ip,created_at 2019-01-17,capec_id 248,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182087;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTER POCKET Traffic Detected"; flow:established, to_server; content:"pocket"; priority:3; metadata:hostile src_ip,created_at 2018-11-22,capec_id 100,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target telnet-server,attack_target server,protocols telnet,protocols tcp; rev:1; sid:80182088;) #alert http any any -> $HOME_NET any (msg:"Acme - RIPE COURT Traffic Detected"; flow:established, to_server; content:"court"; priority:3; metadata:hostile src_ip,created_at 2019-08-17,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182089;) #alert http any any -> $HOME_NET any (msg:"Acme - TALL INTERVIEW Traffic Detected"; flow:established, to_server; content:"interview"; priority:3; metadata:hostile src_ip,created_at 2016-02-01,capec_id 116,updated_at 2016-02-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182090;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MATHEMATICAL HIRE Traffic Detected"; flow:established,to_server; content:"hire"; priority:3; metadata:hostile src_ip,created_at 2017-02-14,capec_id 310,updated_at 2017-02-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182091;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SENSITIVE SHEET Traffic Detected"; flow:established,to_server; content:"sheet"; priority:3; metadata:hostile src_ip,created_at 2018-07-10,capec_id 310,updated_at 2018-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182092;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SICK TABLECLOTH Traffic Detected"; flow:established,to_server; content:"tablecloth"; priority:3; metadata:hostile src_ip,created_at 2018-01-24,capec_id 286,updated_at 2018-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182093;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THEORETICAL HEAT Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"heat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-08-06,updated_at 2019-08-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80182094;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CHANNEL Malware Communication"; flow:established, to_client; file_data; content:"channel"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-03-21,updated_at 2019-03-28,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182095;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPOSSIBLE LYE Malware Communication"; flow:established,to_server; content:"lye"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-26,updated_at 2017-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182096;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOTABLE VANITY Traffic Detected"; flow:established, to_client; file_data; content:"vanity"; priority:3; metadata:created_at 2017-04-01,capec_id 63,updated_at 2017-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182097;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPPOSED TURN Malware Communication"; flow:established,to_server; content:"turn"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182098;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIATURE TOWN Malware Communication"; flow:established,to_server; content:"town"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-26,updated_at 2019-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182099;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DYNAMIC GEM Exploitation Attempt Seen"; flow:established,to_client; content:"gem"; priority:2; metadata:cwe_id 434,cvss_v3_base 6.3,hostile src_ip,created_at 2017-08-17,capec_id 126,updated_at 2017-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target client,cvss_v3_temporal 6.3,cve 2017-3547660,cvss_v2_temporal 6.3,protocols tcp; rev:2; sid:80182100;) drop tcp $HOME_NET any -> any any (msg:"Acme - INTENSE NUTRITION Malware Communication"; flow:established,to_server; content:"nutrition"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-14,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182101;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OVERSEAS OWNER Malware Communication"; flow:established,to_server; content:"owner"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-04,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182102;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FASCINATING UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-23,updated_at 2017-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182103;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN RIVER Malware Communication"; flow:established,to_server; content:"river"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-07-17,updated_at 2015-07-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182104;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HORIZONTAL SHAWL Traffic Detected"; flow:established,to_server; content:"shawl"; priority:2; metadata:hostile dest_ip,created_at 2019-02-16,capec_id 118,updated_at 2019-02-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182105;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SIGNIFICANT DIVIDE Malware Communication"; flow:established, to_client; content:"divide"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-02,updated_at 2018-05-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182106;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEVER RADAR Malware Communication"; flow:established,to_server; content:"radar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-03,updated_at 2017-09-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182107;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN YOU Malware Communication"; flow:established,to_server; content:"you"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-16,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182108;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGIC PROW Malware Communication"; flow:established,to_server; content:"prow"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-10-10,updated_at 2016-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80182109;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEANINGFUL BLIZZARD Malware Communication"; flow:established, to_server; content:"blizzard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-02-17,updated_at 2016-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80182110;) drop tcp $HOME_NET any -> any any (msg:"Acme - LINEAR ZONE Malware Communication"; flow:established,to_server; content:"zone"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-03,updated_at 2018-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182111;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SOUTH Malware Communication"; flow:established, to_server; content:"south"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-04,updated_at 2019-03-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182112;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL LICENSE Malware Communication"; flow:established, to_client; file_data; content:"license"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-08-16,updated_at 2019-08-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182113;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED PRIDE Traffic Detected"; flow:established, to_server; content:"pride"; priority:3; metadata:hostile src_ip,created_at 2017-10-11,capec_id 310,updated_at 2017-10-17,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182114;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SINGLE POINT Malware Communication"; flow:established,to_server; content:"point"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-09-20,updated_at 2015-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182115;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE CHIN Traffic Detected"; flow:established,to_server; content:"chin"; priority:4; metadata:hostile src_ip,created_at 2017-11-09,updated_at 2017-11-17,filename scan.rules,priority info,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182116;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPER PANTOLOGIST Malware Communication"; flow:established,to_server; content:"pantologist"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-26,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182117;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEAR EGG Malware Communication"; flow:established,to_server; content:"egg"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-27,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182118;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INCREDIBLE SHINE Malware Communication"; flow:established, to_client; file_data; content:"shine"; priority:2; metadata:cwe_id 680,malware pre-infection,hostile src_ip,created_at 2015-02-26,updated_at 2015-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cve 2015-4164394,cvss_v2_temporal 1.7,protocols http,protocols tcp; rev:2; sid:80182119;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OPEN VOYAGE Malware Communication"; flow:established,to_server; content:"voyage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-01,updated_at 2018-02-05,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182120;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OPERATIONAL PRIORITY Malware Communication"; flow:established,to_server; content:"priority"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-11,updated_at 2017-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182121;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN KID Traffic Detected"; flow:established, to_server; content:"kid"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-05-17,capec_id 310,updated_at 2019-05-19,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182122;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEALTHY DUNKNOWN Traffic Detected"; flow:established, to_server; content:"dUNKNOWN"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-10-21,capec_id 213,updated_at 2018-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182123;) #alert tcp any any -> $HOME_NET any (msg:"Acme - AGREED MOAT Traffic Detected"; flow:established, to_server; content:"moat"; priority:3; metadata:cwe_id 509,hostile src_ip,created_at 2019-07-07,updated_at 2019-07-18,filename encrypted.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80182124;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN RELIABILITY Traffic Detected"; flow:established, to_server; content:"reliability"; priority:3; metadata:cwe_id 509,created_at 2019-03-26,updated_at 2019-03-28,filename encrypted.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80182125;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RED IDEA Traffic Detected"; flow:established, to_server; content:"idea"; priority:3; metadata:cwe_id 509,created_at 2019-04-26,updated_at 2019-04-26,filename encrypted.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:2; sid:80182126;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROFITABLE DERRICK Traffic Detected"; flow:established, to_server; content:"derrick"; priority:3; metadata:cwe_id 509,created_at 2019-03-26,updated_at 2019-03-27,filename encrypted.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80182127;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRIPED CONCRETE Traffic Detected"; flow:established, to_client; content:"concrete"; priority:3; metadata:cwe_id 509,created_at 2017-03-12,updated_at 2017-03-27,filename encrypted.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80182128;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISGUSTED GRAM Traffic Detected"; flow:established, to_client; content:"gram"; priority:3; metadata:cwe_id 509,hostile src_ip,created_at 2018-02-07,updated_at 2018-02-16,filename encrypted.rules,priority low,rule_source acme-rule-factory,attack_target imap-client,attack_target client,protocols imap,protocols tcp; rev:1; sid:80182129;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTACT BIRDBATH Traffic Detected"; flow:established, to_server; content:"birdbath"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2019-04-12,capec_id 310,updated_at 2019-04-16,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182130;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT WORLD Traffic Detected"; flow:established, to_server; content:"world"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2016-09-06,capec_id 310,updated_at 2016-09-14,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182131;) #alert http any any -> $HOME_NET any (msg:"Acme - IMPERIAL MANHUNT Traffic Detected"; flow:established, to_server; content:"manhunt"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2017-06-23,capec_id 310,updated_at 2017-06-27,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182132;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMERICAN BUNCH Malware Communication"; flow:established,to_client; content:"bunch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-05-01,updated_at 2019-05-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182133;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPECTACULAR COUNCIL Malware Communication"; flow:established,to_client; content:"council"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-03-19,updated_at 2018-03-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182134;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INSTANT SEGMENT Exploitation Attempt Seen"; flow:established, to_server; content:"segment"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-08-10,capec_id 253,updated_at 2017-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cve 2015-7475517,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:1; sid:80182135;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OUTPUT Traffic Detected"; flow:established,to_server; content:"output"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-09-16,capec_id 310,updated_at 2017-09-27,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182136;) drop tcp $HOME_NET any -> any any (msg:"Acme - UNHAPPY BATTER Malware Communication"; flow:established,to_server; content:"batter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-06,updated_at 2018-02-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182137;) drop tcp $HOME_NET any -> any any (msg:"Acme - FAT CHOCOLATE Malware Communication"; flow:established,to_server; content:"chocolate"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182138;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND TELESCREEN Malware Communication"; flow:established,to_client; file_data; content:"telescreen"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-02-08,updated_at 2019-02-13,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182139;) reject smtp any any -> $HOME_NET any (msg:"Acme - UNKNOWN FAHRENHEIT Traffic Detected"; flow:established,to_server; content:"fahrenheit"; priority:2; metadata:hostile src_ip,created_at 2019-02-07,capec_id 165,updated_at 2019-02-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80182140;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AUUNKNOWNATIC SIDE Traffic Detected"; flow:established,to_server; content:"side"; priority:3; metadata:hostile src_ip,created_at 2016-02-05,capec_id 248,updated_at 2016-02-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182141;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SUBSIDENCE Exploitation Attempt Seen"; flow:established, to_client; content:"subsidence"; priority:4; metadata:created_at 2018-05-08,updated_at 2018-05-08,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.6,cve 2017-3840792,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:3; sid:80182142;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FISCAL BOAT-BUILDING Malware Communication"; flow:established,to_server; content:"boat-building"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2017-08-11,updated_at 2017-08-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182143;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDIRECT JAM Malware Communication"; flow:established,to_server; content:"jam"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-14,updated_at 2019-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182144;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WARM MAMBO Exploitation Attempt Seen"; flow:established, to_server; content:"mambo"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-15,capec_id 100,updated_at 2019-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-9356062,protocols tcp; rev:1; sid:80182145;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURVIVING TUBE Exploitation Attempt Seen"; flow:established,to_server; content:"tube"; priority:2; metadata:cwe_id 20,cvss_v3_base 4.8,hostile src_ip,created_at 2018-08-14,capec_id 248,updated_at 2018-08-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,attack_target http-server,cvss_v3_temporal 3.9,cve 2015-9837944,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80182146;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURROUNDING CHARM Exploitation Attempt Seen"; flow:established,to_server; content:"charm"; priority:3; metadata:cwe_id 326,cvss_v3_base 5.8,hostile dest_ip,created_at 2018-10-04,capec_id 253,updated_at 2018-10-08,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,cvss_v3_temporal 6.1,cve 2015-9574878,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80182147;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FOND MANAGEMENT Exploitation Attempt Seen"; flow:established, to_server; content:"management"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-17,capec_id 100,updated_at 2019-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,cve 2018-8751052,protocols tcp; rev:1; sid:80182148;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRAIGHTFORWARD DECISION Traffic Detected"; flow:established, to_client; file_data; content:"decision"; priority:2; metadata:cwe_id 827,cwe_id 611,hostile src_ip,created_at 2015-11-16,capec_id 118,updated_at 2015-11-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182149;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ICY NOSE Malware Communication"; flow:established,to_server; content:"nose"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-25,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182150;) drop http any any -> $HOME_NET any (msg:"Acme - COMING ATHLETICS Traffic Detected"; flow:established,to_server; content:"athletics"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-07-06,capec_id 286,updated_at 2018-07-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182151;) alert tcp any any -> any any (msg:"Acme - UNKNOWN SURFBOARD Exploitation Attempt Seen"; flow:established,to_client; content:"surfboard"; priority:3; metadata:hostile dest_ip,created_at 2019-11-10,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,cve 2019-9946045,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:1; sid:80182152;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTINUING COPY Malware Communication"; flow:established,to_server; content:"copy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-19,updated_at 2017-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182153;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-18,updated_at 2017-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182154;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLOSSAL AFFECT Malware Communication"; flow:established, to_server; content:"affect"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-23,updated_at 2019-03-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80182155;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXUBERANT CULTURE Exploitation Attempt Seen"; flow:established, to_server; content:"culture"; priority:2; metadata:cwe_id 502,cvss_v3_base 2.0,hostile src_ip,created_at 2019-01-10,capec_id 253,updated_at 2019-01-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 2.0,cve 2019-2597150,cvss_v2_temporal 2.0,protocols tcp; rev:3; sid:80182156;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CRUDE SUNKNOWNT Traffic Detected"; flow:established, to_server; content:"sUNKNOWNt"; priority:3; metadata:hostile src_ip,created_at 2019-06-11,capec_id 100,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182157;) drop tcp $HOME_NET any -> any any (msg:"Acme - DISTINCT BUTTER Malware Communication"; flow:established,to_server; content:"butter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-14,updated_at 2018-03-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182158;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMATEUR GYMNAST Malware Communication"; flow:established,to_server; content:"gymnast"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-20,updated_at 2019-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182159;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RESULTING WRAPAROUND Malware Communication"; flow:established,to_server; content:"wraparound"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-16,updated_at 2017-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182160;) #alert http any any -> $HOME_NET any (msg:"Acme - GRACEFUL TURRET Traffic Detected"; flow:established, to_server; content:"turret"; priority:3; metadata:hostile src_ip,created_at 2016-07-15,capec_id 100,updated_at 2016-07-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182161;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ABLE PUBLISHER Traffic Detected"; flow:established, to_server; content:"publisher"; priority:3; metadata:hostile src_ip,created_at 2018-10-06,capec_id 100,updated_at 2018-10-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182162;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RETIRED OLDIE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"oldie"; priority:4; metadata:cwe_id 119,hostile src_ip,created_at 2019-01-03,capec_id 253,updated_at 2019-01-22,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2019-8461230,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80182163;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPARE LOCOMOTIVE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"locomotive"; priority:4; metadata:cwe_id 119,hostile src_ip,created_at 2017-04-27,capec_id 253,updated_at 2017-04-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target http-client,attack_target client,cve 2016-1049281,cvss_v2_temporal 2.7,protocols http,protocols tcp; rev:2; sid:80182164;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SPARKLING MARGIN Traffic Detected"; flow:established, to_server; content:"margin"; priority:3; metadata:hostile src_ip,created_at 2016-01-01,capec_id 100,updated_at 2016-01-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182165;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LIFT Traffic Detected"; flow:established, to_client; file_data; content:"lift"; priority:3; metadata:hostile src_ip,created_at 2019-10-27,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182166;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CHROME Exploitation Attempt Seen"; flow:established,to_server; content:"chrome"; priority:3; metadata:cwe_id 94,cvss_v3_base 8.4,hostile src_ip,created_at 2018-01-13,capec_id 255,updated_at 2018-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cvss_v3_temporal 8.6,cve 2018-5267444,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:2; sid:80182167;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADVERSE PILE Traffic Detected"; flow:established,to_server; content:"pile"; priority:3; metadata:hostile src_ip,created_at 2019-01-25,capec_id 255,updated_at 2019-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80182168;) #alert http any any -> $HOME_NET any (msg:"Acme - FASCINATING BALLPARK Traffic Detected"; flow:established, to_server; content:"ballpark"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-06-01,capec_id 310,updated_at 2018-06-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182169;) #alert http any any -> $HOME_NET any (msg:"Acme - INCREDIBLE ANXIETY Traffic Detected"; flow:established, to_server; content:"anxiety"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-11-26,capec_id 310,updated_at 2018-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182170;) #alert http any any -> $HOME_NET any (msg:"Acme - INTERESTING VIRUS Traffic Detected"; flow:established, to_server; content:"virus"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-08-19,capec_id 310,updated_at 2019-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182171;) #alert http any any -> $HOME_NET any (msg:"Acme - PLEASANT SHOE Traffic Detected"; flow:established, to_server; content:"shoe"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-04-02,capec_id 116,updated_at 2019-04-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182172;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISTY USE Exploitation Attempt Seen"; flow:established,to_server; content:"use"; priority:4; metadata:cwe_id 120,hostile src_ip,created_at 2017-08-18,capec_id 310,updated_at 2017-08-22,filename scan.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-8878768,cve 2016-8878768,cve 2016-8878768,cve 2016-8878768,protocols http,protocols tcp; rev:2; sid:80182173;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEVELOPING UNKNOWNATO Malware Communication"; flow:established, to_server; content:"UNKNOWNato"; priority:3; metadata:cwe_id 120,malware malware,hostile src_ip,created_at 2018-09-02,updated_at 2018-09-23,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-3228315,cve 2018-3228315,cve 2018-3228315,cve 2018-3228315,protocols tcp; rev:1; sid:80182174;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ETHICAL LILAC Traffic Detected"; flow:established,to_server; content:"lilac"; priority:3; metadata:hostile src_ip,created_at 2018-10-20,capec_id 118,updated_at 2018-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182175;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHAKY VERVE Traffic Detected"; flow:established,to_server; content:"verve"; priority:3; metadata:hostile src_ip,created_at 2019-04-05,updated_at 2019-04-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182176;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - TART LEADER Traffic Detected"; flow:established,to_server; content:"leader"; priority:3; metadata:hostile src_ip,created_at 2019-08-18,capec_id 255,updated_at 2019-08-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182177;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - DEFEATED LEPROSY Traffic Detected"; flow:established,to_server; content:"leprosy"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-05-18,capec_id 213,updated_at 2019-05-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182178;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPRESSIVE CAT Malware Communication"; flow:established, to_server; content:"cat"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-15,updated_at 2019-09-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182179;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEGATIVE VISOR Traffic Detected"; flow:established, to_client; file_data; content:"visor"; priority:3; metadata:hostile src_ip,created_at 2019-03-23,capec_id 100,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182180;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANTASTIC FIR Malware Communication"; flow:established, to_client; file_data; content:"fir"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-03-27,updated_at 2019-03-28,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182181;) alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SPICY HALIBUT Traffic Detected"; flow:established, to_server; content:"halibut"; priority:3; metadata:cwe_id 657,hostile dest_ip,created_at 2019-08-02,capec_id 255,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182182;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ACCUSED MAYBE Traffic Detected"; flow:established, to_server; content:"maybe"; priority:3; metadata:hostile src_ip,created_at 2016-06-09,capec_id 255,updated_at 2016-06-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182183;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SOIL Exploitation Attempt Seen"; flow:established,to_client; content:"soil"; priority:3; metadata:cwe_id 200,cvss_v3_base 8.0,hostile src_ip,created_at 2016-01-17,capec_id 210,updated_at 2016-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cvss_v3_temporal 7.0,cve 2016-1776926,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80182184;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELIABLE PLEASURE Malware Communication"; flow:established,to_server; content:"pleasure"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-11,updated_at 2017-10-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80182185;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK NEWSSTAND Traffic Detected"; flow:established,to_server; content:"newsstand"; priority:4; metadata:hostile dest_ip,created_at 2016-06-06,updated_at 2016-06-19,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182186;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AWFUL FORAY Traffic Detected"; flow:established, to_server; content:"foray"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-05-23,capec_id 116,updated_at 2019-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182187;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TAME LIE Traffic Detected"; flow:established, to_server; content:"lie"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-11-01,capec_id 116,updated_at 2019-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182188;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL HEAT Traffic Detected"; flow:established, to_server; content:"heat"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2015-08-21,capec_id 66,updated_at 2015-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182189;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT GARLIC Traffic Detected"; flow:established, to_server; content:"garlic"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-05-07,capec_id 66,updated_at 2019-05-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182190;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUEL UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-01-22,capec_id 116,updated_at 2019-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182191;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAVOURITE CORRAL Traffic Detected"; flow:established, to_server; content:"corral"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-03-25,capec_id 253,updated_at 2016-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182192;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRIGHT MAJOR-LEAGUE Traffic Detected"; flow:established, to_server; content:"major-league"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-10-04,capec_id 116,updated_at 2019-10-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182193;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY HEART Traffic Detected"; flow:established, to_server; content:"heart"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-09-23,capec_id 116,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182194;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIDDLE SWAMP Traffic Detected"; flow:established, to_server; content:"swamp"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-11-03,capec_id 116,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182195;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STANDARD RETURN Malware Communication"; flow:established,to_client; content:"return"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-02-24,updated_at 2017-02-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80182196;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUAL MEASUREMENT Traffic Detected"; flow:established, to_server; content:"measurement"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-09-07,capec_id 116,updated_at 2017-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182197;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCARY TRANSPORTATION Traffic Detected"; flow:established, to_server; content:"transportation"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-08-25,capec_id 116,updated_at 2017-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182198;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KNOWN TITLE Malware Communication"; flow:established,to_server; content:"title"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-05,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182199;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ARCHITECTURAL UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-02-11,capec_id 116,updated_at 2018-02-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182200;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOLLY CAPPUCCINO Traffic Detected"; flow:established, to_server; content:"cappuccino"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-03-18,capec_id 116,updated_at 2017-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182201;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TROUBLE Traffic Detected"; flow:established, to_server; content:"trouble"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-02-09,capec_id 116,updated_at 2019-02-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182202;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPATIAL IRIDESCENCE Traffic Detected"; flow:established, to_server; content:"iridescence"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-08-04,capec_id 116,updated_at 2017-08-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182203;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CASUAL NEED Traffic Detected"; flow:established, to_server; content:"need"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-11-02,capec_id 310,updated_at 2019-11-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182204;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUSICAL VEAL Traffic Detected"; flow:established, to_server; content:"veal"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-08-07,capec_id 310,updated_at 2019-08-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182205;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMALL UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-09-08,capec_id 248,updated_at 2018-09-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182206;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - GIGANTIC DETECTIVE Malware Communication"; flow:established, to_client; content:"detective"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-04-16,updated_at 2018-04-25,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182207;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOLUNTARY TIMELINE Traffic Detected"; flow:established, to_client; file_data; content:"timeline"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-04-09,capec_id 63,updated_at 2019-04-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182208;) #alert tcp any any -> $HOME_NET any (msg:"Acme - AWAKE VISUAL Traffic Detected"; flow:established, to_server; content:"visual"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-23,capec_id 100,updated_at 2019-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182209;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DIPLOMATIC UNKNOWNSHOP Traffic Detected"; flow:established, to_server; content:"UNKNOWNshop"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-11-19,capec_id 100,updated_at 2017-11-22,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182210;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ELECTRICAL PROMPT Traffic Detected"; flow:established, to_server; content:"prompt"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-08-03,capec_id 100,updated_at 2019-08-27,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182211;) drop http $HOME_NET any -> any any (msg:"Acme - AFRAID EQUIVALENT Malware Communication"; flow:established,to_client; file_data; content:"equivalent"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-05,updated_at 2018-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182212;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN GRANDFATHER Traffic Detected"; flow:established, to_server; content:"grandfather"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2016-06-05,capec_id 100,updated_at 2016-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182213;) #alert tcp any any -> $HOME_NET any (msg:"Acme - PRICKLY RAILWAY Traffic Detected"; flow:established, to_server; content:"railway"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-06-14,capec_id 100,updated_at 2017-06-20,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182214;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ROCKET Traffic Detected"; flow:established, to_server; content:"rocket"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-03-22,capec_id 255,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182215;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAVOURABLE BOWLER Traffic Detected"; flow:established, to_server; content:"bowler"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-09-07,capec_id 255,updated_at 2019-09-12,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182216;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DANGEROUS SMUGGLING Traffic Detected"; flow:established, to_server; content:"smuggling"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-06-25,capec_id 255,updated_at 2019-06-28,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182217;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAD ASSIST Traffic Detected"; flow:established, to_server; content:"assist"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-08-22,capec_id 255,updated_at 2019-08-26,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182218;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNTIC CEILING Malware Communication"; flow:established,to_server; content:"ceiling"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-14,updated_at 2019-02-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182219;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPETITIVE BRIBERY Traffic Detected"; flow:established, to_server; content:"bribery"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-04-10,capec_id 255,updated_at 2019-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182220;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JOINT WORTH Traffic Detected"; flow:established, to_server; content:"worth"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-06-21,capec_id 255,updated_at 2019-06-26,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182221;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SAD SLICE Traffic Detected"; flow:established, to_server; content:"slice"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-09-17,updated_at 2018-09-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182222;) #alert tcp any any -> $HOME_NET any (msg:"Acme - HILARIOUS WONDER Malware Communication"; flow:established, to_server; content:"wonder"; priority:3; metadata:cwe_id 120,malware malware,hostile src_ip,created_at 2018-11-19,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80182223;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL BOWER Malware Communication"; flow:established,to_server; content:"bower"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-24,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182224;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LIGHT CODON Traffic Detected"; flow:established, to_server; content:"codon"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-10-14,updated_at 2018-10-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182225;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LOAN Traffic Detected"; flow:established, to_server; content:"loan"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-10-19,updated_at 2019-10-20,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182226;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCESSIBLE CASH Traffic Detected"; flow:established, to_server; content:"cash"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-03-17,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tftp,protocols tcp; rev:1; sid:80182227;) drop http any any -> $HOME_NET any (msg:"Acme - ALONE STREET Exploitation Attempt Seen"; flow:established, to_server; content:"street"; priority:3; metadata:cwe_id 843,cvss_v3_base 8.2,hostile src_ip,created_at 2019-09-02,capec_id 118,updated_at 2019-09-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cvss_v3_temporal 7.7,cve 2017-570190,cvss_v2_temporal 7.7,protocols http,protocols tcp; rev:4; sid:80182228;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SILKWORM Exploitation Attempt Seen"; flow:established, to_server; content:"silkworm"; priority:3; metadata:cwe_id 300,hostile src_ip,created_at 2017-05-14,capec_id 116,updated_at 2017-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target database-server,attack_target http-server,cve 2016-7089048,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:1; sid:80182229;) drop tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN DENIM Malware Communication"; flow:established,to_server; content:"denim"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-04-25,updated_at 2015-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182230;) drop tcp $HOME_NET any -> any any (msg:"Acme - NORMAL FLOCK Malware Communication"; flow:established,to_server; content:"flock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-18,updated_at 2018-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182231;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAD UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-07-03,capec_id 248,updated_at 2018-07-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-7662521,protocols http,protocols tcp; rev:2; sid:80182232;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NUMEROUS PUBLIC Exploitation Attempt Seen"; flow:established, to_client; content:"public"; priority:4; metadata:cwe_id 261,cwe_id 798,hostile dest_ip,created_at 2019-03-06,updated_at 2019-03-28,filename scada.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target dns-server,attack_target server,cve 2019-5862993,cvss_v2_temporal 4.3,protocols dns,protocols tcp; rev:1; sid:80182233;) drop http any any -> $HOME_NET any (msg:"Acme - POISED UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:hostile src_ip,created_at 2019-08-18,capec_id 253,updated_at 2019-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cve 2019-7754546,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:2; sid:80182234;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUNDAMENTAL MANNER Traffic Detected"; flow:established, to_server; content:"manner"; priority:4; metadata:created_at 2018-05-18,updated_at 2018-05-25,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80182235;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CUTE CUPBOARD Exploitation Attempt Seen"; flow:established, to_server; content:"cupboard"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-05-06,capec_id 116,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,attack_target http-server,cve 2018-6412032,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80182236;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SIMPLE TUNNEL Exploitation Attempt Seen"; flow:established, to_server; content:"tunnel"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-08-20,capec_id 116,updated_at 2018-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target server,attack_target http-server,cve 2018-2724953,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80182237;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EYEBROWS Exploitation Attempt Seen"; flow:established, to_server; content:"eyebrows"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-10-15,capec_id 116,updated_at 2018-10-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target server,attack_target http-server,cve 2016-5740991,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80182238;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SINGLE CHURN Exploitation Attempt Seen"; flow:established,to_server; content:"churn"; priority:4; metadata:created_at 2017-05-01,updated_at 2017-05-21,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.3,cve 2016-9416538,cvss_v2_temporal 5.6,protocols tls,protocols tcp; rev:1; sid:80182239;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EFFECTIVE UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-12,updated_at 2019-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182240;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORED ACOUSTICS Exploitation Attempt Seen"; flow:established,to_server; content:"acoustics"; priority:4; metadata:created_at 2015-10-12,updated_at 2015-10-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.1,cve 2015-1379730,cvss_v2_temporal 5.3,protocols dns,protocols tcp; rev:1; sid:80182241;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL TUBE Traffic Detected"; flow:established, to_server; content:"tube"; priority:4; metadata:created_at 2018-01-22,updated_at 2018-01-23,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182242;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPULSORY ANETHESIOLOGIST Traffic Detected"; flow:established, to_server; content:"anethesiologist"; priority:4; metadata:created_at 2019-11-27,updated_at 2019-11-27,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182243;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPOTLESS SITAR Exploitation Attempt Seen"; flow:established, to_server; content:"sitar"; priority:4; metadata:cwe_id 261,cwe_id 798,hostile src_ip,created_at 2019-06-07,capec_id 115,updated_at 2019-06-25,filename scada.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target dns-server,attack_target server,cve 2018-2390210,cvss_v2_temporal 5.7,protocols dns,protocols tcp; rev:1; sid:80182244;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLIMY UNKNOWNHPASTE Exploitation Attempt Seen"; flow:established,to_client; content:"UNKNOWNhpaste"; priority:3; metadata:cwe_id 119,created_at 2019-09-08,capec_id 255,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,cve 2019-9843139,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80182245;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPOTLESS THRILL Exploitation Attempt Seen"; flow:established, to_server; content:"thrill"; priority:3; metadata:cwe_id 601,hostile src_ip,created_at 2019-09-03,updated_at 2019-09-06,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,attack_target http-server,cve 2019-8899077,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80182246;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DETERMINED CRAYON Traffic Detected"; flow:established,to_client; content:"crayon"; priority:4; metadata:created_at 2017-11-22,capec_id 118,updated_at 2017-11-25,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182247;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MOLECULAR SCRIPT Exploitation Attempt Seen"; flow:established,to_server; content:"script"; priority:4; metadata:created_at 2019-02-26,updated_at 2019-02-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.0,cve 2017-3101928,cvss_v2_temporal 1.5,protocols http,protocols tcp; rev:2; sid:80182248;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEVELOPED MACADAMIA Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"macadamia"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-02,capec_id 253,updated_at 2019-07-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target http-client,attack_target client,cve 2015-4358225,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:3; sid:80182249;) drop tcp $HOME_NET any -> any any (msg:"Acme - MODERATE CRITERION Malware Communication"; flow:established,to_server; content:"criterion"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-22,updated_at 2017-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182250;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HOSTILE CODE Malware Communication"; flow:established,to_server; content:"code"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-25,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182251;) drop tcp $HOME_NET any -> any any (msg:"Acme - RICH UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-03,updated_at 2017-11-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80182252;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WEASEL Malware Communication"; flow:established,to_client; content:"weasel"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-01-09,updated_at 2019-01-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182253;) drop http any any -> $HOME_NET any (msg:"Acme - FRIGHTENED REAMER Exploitation Attempt Seen"; flow:established, to_server; content:"reamer"; priority:2; metadata:cwe_id 121,hostile src_ip,created_at 2018-09-17,capec_id 100,updated_at 2018-09-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target server,attack_target http-server,cve 2018-3043960,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80182254;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPETITIVE COLLEGE Malware Communication"; flow:established,to_server; content:"college"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-11,updated_at 2018-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182255;) #alert tcp any any -> $HOME_NET any (msg:"Acme - TRAGIC PHYSICS Traffic Detected"; flow:established, to_server; content:"physics"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-14,capec_id 100,updated_at 2019-11-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182256;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ABLE SERVER Traffic Detected"; flow:established, to_server; content:"server"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-07-20,capec_id 100,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182257;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ARROGANT POOL Traffic Detected"; flow:established, to_server; content:"pool"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-11-05,capec_id 100,updated_at 2017-11-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:1; sid:80182258;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - HIGH RESPOND Traffic Detected"; flow:established, to_server; content:"respond"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-02-20,capec_id 100,updated_at 2019-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182259;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ONLY KETTLEDUNKNOWN Traffic Detected"; flow:established, to_server; content:"kettledUNKNOWN"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2016-07-22,capec_id 255,updated_at 2016-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80182260;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-05-16,capec_id 255,updated_at 2018-05-22,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182261;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE MIME Traffic Detected"; flow:established, to_server; content:"mime"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-03-11,capec_id 255,updated_at 2019-03-16,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182262;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AUTONOMOUS LIPSTICK Traffic Detected"; flow:established, to_server; content:"lipstick"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-08-10,capec_id 255,updated_at 2019-08-17,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182263;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - TECHNOLOGICAL CHOCOLATE Traffic Detected"; flow:established, to_server; content:"chocolate"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-01-26,capec_id 255,updated_at 2018-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182264;) #alert tcp any any -> any any (msg:"Acme - LESSER MARBLE Traffic Detected"; flow:established, to_server; content:"marble"; priority:3; metadata:cwe_id 122,hostile dest_ip,created_at 2018-06-04,capec_id 100,updated_at 2018-06-14,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182265;) alert tcp any any -> $HOME_NET any (msg:"Acme - CLEVER COTTAGE Traffic Detected"; flow:established, to_server; content:"cottage"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2016-10-06,capec_id 49,updated_at 2016-10-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,protocols tcp; rev:1; sid:80182266;) alert tcp any any -> $HOME_NET any (msg:"Acme - FOND FUEL Traffic Detected"; flow:established, to_server; content:"fuel"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2018-07-17,capec_id 49,updated_at 2018-07-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,protocols tcp; rev:1; sid:80182267;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - BENEFICIAL UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-05-27,capec_id 213,updated_at 2018-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-6126829,protocols http,protocols tcp; rev:1; sid:80182268;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELUCTANT CHOCOLATE Exploitation Attempt Seen"; flow:established,to_server; content:"chocolate"; priority:2; metadata:cwe_id 287,hostile src_ip,created_at 2017-07-26,capec_id 115,updated_at 2017-07-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target server,attack_target http-server,cve 2015-3626972,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80182269;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSIDE FORMER Exploitation Attempt Seen"; flow:established,to_client; content:"former"; priority:1; metadata:hostile src_ip,created_at 2019-03-09,updated_at 2019-03-26,filename acme.rules,priority high,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cve 2018-9010875,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80182270;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEGAL BATH Malware Communication"; flow:established,to_server; content:"bath"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-01,updated_at 2018-07-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182271;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOVEL UNKNOWNEN Traffic Detected"; flow:established,to_server; content:"UNKNOWNen"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-03-11,capec_id 253,updated_at 2019-03-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182272;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT REVEAL Traffic Detected"; flow:established,to_server; content:"reveal"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-06-10,updated_at 2018-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182273;) alert tcp any any -> any any (msg:"Acme - ROUND MIDDLEMAN Traffic Detected"; flow:established, to_server; content:"middleman"; priority:3; metadata:created_at 2019-10-06,updated_at 2019-10-13,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols dns,protocols tcp; rev:1; sid:80182274;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INJURED GANDER Malware Communication"; flow:established,to_client; content:"gander"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-09-15,updated_at 2019-09-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182275;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIG MANOR Malware Communication"; flow:established,to_client; file_data; content:"manor"; priority:3; metadata:cwe_id 657,malware download-attempt,hostile src_ip,created_at 2019-02-20,updated_at 2019-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182276;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED NOSE Exploitation Attempt Seen"; flow:established,to_server; content:"nose"; priority:3; metadata:hostile src_ip,created_at 2017-03-04,capec_id 175,updated_at 2017-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-6958300,protocols http,protocols tcp; rev:2; sid:80182277;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSTRACT UNKNOWN Traffic Detected"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-06-06,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182278;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASSISTANT BEAM Traffic Detected"; flow:established, to_server; content:"beam"; priority:3; metadata:hostile src_ip,created_at 2018-06-09,capec_id 253,updated_at 2018-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182279;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOUD CANON Traffic Detected"; flow:established, to_server; content:"canon"; priority:3; metadata:hostile src_ip,created_at 2019-03-19,capec_id 253,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182280;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WANDERING ENGINEER Traffic Detected"; flow:established, to_server; content:"engineer"; priority:3; metadata:hostile src_ip,created_at 2017-03-12,capec_id 175,updated_at 2017-03-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182281;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DANGEROUS CREATOR Traffic Detected"; flow:established,to_server; content:"creator"; priority:3; metadata:hostile src_ip,created_at 2017-07-26,capec_id 253,updated_at 2017-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182282;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID GROUSE Malware Communication"; flow:established,to_server; content:"grouse"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-12,updated_at 2017-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182283;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BOTUNKNOWN FLOOR Traffic Detected"; flow:established; content:"floor"; priority:3; metadata:created_at 2019-02-01,capec_id 248,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182284;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PARTRIDGE Traffic Detected"; flow:established, to_server; content:"partridge"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-09-25,capec_id 310,updated_at 2016-09-26,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182285;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAXIMUM PARENT Traffic Detected"; flow:established, to_server; content:"parent"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-11-27,capec_id 213,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182286;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT ORIGINAL Exploitation Attempt Seen"; flow:established, to_server; content:"original"; priority:3; metadata:hostile src_ip,created_at 2019-10-03,capec_id 310,updated_at 2019-10-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-6737861,protocols http,protocols tcp; rev:2; sid:80182287;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESIDENT TRUTH Traffic Detected"; flow:established,to_server; content:"truth"; priority:3; metadata:hostile src_ip,created_at 2019-04-01,capec_id 118,updated_at 2019-04-17,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182288;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURVED EXAMINATION Malware Communication"; flow:established, to_server; content:"examination"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-23,updated_at 2016-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182289;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SECONDARY RECEPTION Traffic Detected"; flow:established, to_server; content:"reception"; priority:2; metadata:hostile dest_ip,created_at 2015-11-01,updated_at 2015-11-01,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182290;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FASCINATING NOTEBOOK Malware Communication"; flow:established,to_server; content:"notebook"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-09,updated_at 2018-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182291;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG DEPARTURE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"departure"; priority:3; metadata:cwe_id 121,cwe_id 618,hostile src_ip,created_at 2017-07-08,capec_id 253,updated_at 2017-07-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cve 2017-3895721,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80182292;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUND CALM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"calm"; priority:3; metadata:cwe_id 121,cwe_id 618,hostile src_ip,created_at 2019-10-14,capec_id 253,updated_at 2019-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target http-client,attack_target client,cve 2019-9572519,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80182293;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFUSED PUMP Exploitation Attempt Seen"; flow:established, to_server; content:"pump"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-10-04,capec_id 63,updated_at 2018-10-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target server,attack_target http-server,cve 2018-5535376,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:3; sid:80182294;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEVERE UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2015-03-24,capec_id 248,updated_at 2015-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-5382994,protocols http,protocols tcp; rev:2; sid:80182295;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMMON HARBOR Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"harbor"; priority:3; metadata:hostile src_ip,created_at 2019-04-26,capec_id 253,updated_at 2019-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-3541779,protocols http,protocols tcp; rev:2; sid:80182296;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANTASTIC ARITHMETIC Traffic Detected"; flow:established, to_server; content:"arithmetic"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-02-26,capec_id 213,updated_at 2017-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182297;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEIRD LAUGH Traffic Detected"; flow:established, to_server; content:"laugh"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-04-01,capec_id 213,updated_at 2017-04-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182298;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TALL CHARGE Traffic Detected"; flow:established,to_server; content:"charge"; priority:3; metadata:hostile src_ip,created_at 2019-10-20,capec_id 310,updated_at 2019-10-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182299;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPONTANEOUS POSSESSION Traffic Detected"; flow:established,to_server; content:"possession"; priority:3; metadata:hostile src_ip,created_at 2019-01-12,capec_id 310,updated_at 2019-01-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182300;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BENEFICIAL SAUCE Traffic Detected"; flow:established,to_server; content:"sauce"; priority:3; metadata:hostile src_ip,created_at 2017-04-24,capec_id 310,updated_at 2017-04-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182301;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLASSIC HEDGEHOG Malware Communication"; flow:established,to_server; content:"hedgehog"; priority:4; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-25,updated_at 2019-06-25,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182302;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENDER SHORTAGE Malware Communication"; flow:established,to_server; content:"shortage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182303;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNHAPPY WILDERNESS Traffic Detected"; flow:established,to_server; content:"wilderness"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-10-25,capec_id 135,updated_at 2017-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182304;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN HISTORY Malware Communication"; flow:established, to_server; content:"history"; priority:3; metadata:cwe_id 120,malware post-infection,created_at 2017-06-03,updated_at 2017-06-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182305;) #alert http any any -> $HOME_NET any (msg:"Acme - LONG TRAIL Traffic Detected"; flow:established, to_server; content:"trail"; priority:3; metadata:hostile src_ip,created_at 2019-09-17,capec_id 310,updated_at 2019-09-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182306;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPERIAL SPEAKER Exploitation Attempt Seen"; flow:established,to_server; content:"speaker"; priority:3; metadata:hostile src_ip,created_at 2017-07-04,capec_id 253,updated_at 2017-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-8409680,protocols http,protocols tcp; rev:2; sid:80182307;) #alert http any any -> $HOME_NET any (msg:"Acme - MATHEMATICAL CASHIER Traffic Detected"; flow:established,to_server; content:"cashier"; priority:3; metadata:hostile src_ip,created_at 2017-06-14,capec_id 310,updated_at 2017-06-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182308;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - WRONG DATE Traffic Detected"; flow:established,to_server; content:"date"; priority:3; metadata:hostile src_ip,created_at 2017-05-26,capec_id 66,updated_at 2017-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182309;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ESSENTIAL BUSINESS Traffic Detected"; flow:established, to_server; content:"business"; priority:3; metadata:hostile src_ip,created_at 2017-01-25,capec_id 310,updated_at 2017-01-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182310;) alert http any any -> $HOME_NET any (msg:"Acme - MANUAL ROOF Traffic Detected"; flow:established, to_server; content:"roof"; priority:3; metadata:hostile src_ip,created_at 2019-03-12,capec_id 165,updated_at 2019-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182311;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLIND GASOLINE Malware Communication"; flow:established, to_server; content:"gasoline"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-08,updated_at 2018-02-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182312;) #alert http any any -> $HOME_NET any (msg:"Acme - FINE GATHER Traffic Detected"; flow:established, to_server; content:"gather"; priority:3; metadata:hostile src_ip,created_at 2018-08-22,capec_id 248,updated_at 2018-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182313;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SATISFACTORY UNKNOWNDKILLER Malware Communication"; flow:established,to_server; content:"UNKNOWNdkiller"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-09-06,updated_at 2017-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182314;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UGLY ALCOVE Traffic Detected"; flow:established, to_server; content:"alcove"; priority:3; metadata:hostile src_ip,created_at 2019-10-11,capec_id 248,updated_at 2019-10-27,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182315;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FEW IN-JOKE Malware Communication"; flow:established, to_server; content:"in-joke"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2017-01-10,updated_at 2017-01-22,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182316;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YELLOW GARDEN Exploitation Attempt Seen"; flow:established,to_server; content:"garden"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2018-03-04,capec_id 165,updated_at 2018-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target server,attack_target http-server,cve 2018-9936588,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80182317;) #alert http any any -> $HOME_NET any (msg:"Acme - GENETIC DANCING Exploitation Attempt Seen"; flow:established, to_server; content:"dancing"; priority:3; metadata:hostile src_ip,created_at 2017-10-21,capec_id 310,updated_at 2017-10-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-4576247,protocols http,protocols tcp; rev:2; sid:80182318;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT TROLLEY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"trolley"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-06-09,capec_id 248,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-660418,protocols http,protocols tcp; rev:2; sid:80182319;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEMANTIC CLASSROOM Exploitation Attempt Seen"; flow:established, to_server; content:"classroom"; priority:3; metadata:hostile src_ip,created_at 2019-02-19,capec_id 119,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-3042936,protocols http,protocols tcp; rev:2; sid:80182320;) #alert http any any -> $HOME_NET any (msg:"Acme - SKINNY SIDECAR Exploitation Attempt Seen"; flow:established, to_server; content:"sidecar"; priority:3; metadata:hostile src_ip,created_at 2019-07-12,capec_id 310,updated_at 2019-07-18,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-1478343,protocols http,protocols tcp; rev:2; sid:80182321;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MARRIED UNKNOWNKEND Traffic Detected"; flow:established, to_server; content:"UNKNOWNkend"; priority:3; metadata:hostile src_ip,created_at 2019-01-23,capec_id 310,updated_at 2019-01-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182322;) #alert http any any -> $HOME_NET any (msg:"Acme - TAN MAP Exploitation Attempt Seen"; flow:established, to_server; content:"map"; priority:3; metadata:hostile src_ip,created_at 2018-05-18,capec_id 310,updated_at 2018-05-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-4096564,protocols http,protocols tcp; rev:2; sid:80182323;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLONDE GOOD-BYE Traffic Detected"; flow:established, to_server; content:"good-bye"; priority:3; metadata:hostile src_ip,created_at 2018-08-14,capec_id 310,updated_at 2018-08-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182324;) #alert http any any -> $HOME_NET any (msg:"Acme - IMPORTANT ATELIER Exploitation Attempt Seen"; flow:established, to_server; content:"atelier"; priority:3; metadata:hostile src_ip,created_at 2019-11-14,capec_id 310,updated_at 2019-11-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-7567462,protocols http,protocols tcp; rev:2; sid:80182325;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WIRE Traffic Detected"; flow:established, to_server; content:"wire"; priority:3; metadata:hostile src_ip,created_at 2017-02-24,capec_id 310,updated_at 2017-02-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182326;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POWERFUL UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-10-23,capec_id 310,updated_at 2018-10-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182327;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNFORTUNATE ABOLISHMENT Traffic Detected"; flow:established, to_server; content:"abolishment"; priority:3; metadata:hostile src_ip,created_at 2019-09-15,capec_id 310,updated_at 2019-09-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182328;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR UNKNOWN-TOM Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN-tom"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-11-04,capec_id 248,updated_at 2019-11-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cve 2016-7233989,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80182329;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARYING HACKSAW Exploitation Attempt Seen"; flow:established,to_server; content:"hacksaw"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-02-01,capec_id 248,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,attack_target http-server,cve 2016-4222960,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80182330;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIN WANNABE Malware Communication"; flow:established,to_server; content:"wannabe"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-10,updated_at 2018-01-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80182331;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACTIVE LEVER Malware Communication"; flow:established,to_server; content:"lever"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-23,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182332;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENEROUS TRANSPORT Exploitation Attempt Seen"; flow:established, to_server; content:"transport"; priority:3; metadata:hostile src_ip,created_at 2019-08-14,capec_id 100,updated_at 2019-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2019-5009968,protocols smtp,protocols tcp; rev:1; sid:80182333;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMBINED CELSIUS Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"celsius"; priority:3; metadata:hostile src_ip,created_at 2018-02-16,capec_id 248,updated_at 2018-02-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-9768348,protocols http,protocols tcp; rev:2; sid:80182334;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INFORMAL BOWLING Malware Communication"; flow:established,to_server; content:"bowling"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-08-21,updated_at 2017-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182335;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TASTELESS PROJECT Exploitation Attempt Seen"; flow:established, to_server; content:"project"; priority:3; metadata:cwe_id 98,hostile src_ip,created_at 2019-01-17,capec_id 248,updated_at 2019-01-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target server,attack_target http-server,cve 2018-5773722,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80182336;) alert tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN TAX Exploitation Attempt Seen"; flow:established, to_client; content:"tax"; priority:3; metadata:cwe_id 704,cwe_id 330,hostile dest_ip,created_at 2018-01-23,capec_id 49,updated_at 2018-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target database-server,attack_target server,cve 2015-2342680,cvss_v2_temporal 2.9,protocols tcp; rev:1; sid:80182337;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MACHINERY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"machinery"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-11-10,capec_id 248,updated_at 2016-11-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target http-client,attack_target client,cve 2016-8620308,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80182338;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAINT DOWNGRADE Exploitation Attempt Seen"; flow:established,to_server; content:"downgrade"; priority:2; metadata:cwe_id 78,cvss_v3_base 7.2,hostile src_ip,created_at 2015-03-09,capec_id 152,updated_at 2015-03-09,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target server,attack_target http-server,cvss_v3_temporal 7.3,cve 2015-9258701,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80182339;) #alert http any any -> $HOME_NET any (msg:"Acme - MISLEADING HARM Exploitation Attempt Seen"; flow:established, to_server; content:"harm"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-02-15,capec_id 310,updated_at 2019-02-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-1043536,cve 2019-1043536,protocols http,protocols tcp; rev:2; sid:80182340;) #alert http any any -> $HOME_NET any (msg:"Acme - WRONG TRIAL Traffic Detected"; flow:established, to_server; content:"trial"; priority:3; metadata:hostile src_ip,created_at 2018-10-03,capec_id 310,updated_at 2018-10-19,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182341;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIDDEN ROCKER Malware Communication"; flow:established, to_server; content:"rocker"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182342;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIGHT STEPSON Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"stepson"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-11-09,updated_at 2019-11-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cve 2015-4665445,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80182343;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAVOURITE AIR Traffic Detected"; flow:established, to_server; content:"air"; priority:3; metadata:hostile src_ip,created_at 2019-11-01,capec_id 66,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182344;) drop tcp $HOME_NET any -> any any (msg:"Acme - UGLY REPUTATION Malware Communication"; flow:established,to_server; content:"reputation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-14,updated_at 2019-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182345;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRIEVING ALB Malware Communication"; flow:established, to_server; content:"alb"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-24,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182346;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORANGE UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80182347;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CUNKNOWNAU Traffic Detected"; flow:established, to_server; content:"cUNKNOWNau"; priority:3; metadata:hostile src_ip,created_at 2019-02-08,capec_id 255,updated_at 2019-02-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target sip-server,attack_target server,protocols sip,protocols tcp; rev:1; sid:80182348;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIGH RANDOMISATION Traffic Detected"; flow:established,to_server; content:"randomisation"; priority:3; metadata:hostile src_ip,created_at 2018-10-03,capec_id 116,updated_at 2018-10-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182349;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RELATIONSHIP Traffic Detected"; flow:established, to_server; content:"relationship"; priority:3; metadata:hostile src_ip,created_at 2018-09-26,capec_id 118,updated_at 2018-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182350;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAIR SIGNAL Traffic Detected"; flow:established, to_server; content:"signal"; priority:3; metadata:hostile src_ip,created_at 2019-11-12,capec_id 118,updated_at 2019-11-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182351;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIGHT REWARD Malware Communication"; flow:established,to_client; content:"reward"; priority:1; metadata:cwe_id 507,malware malware,hostile src_ip,created_at 2019-07-10,updated_at 2019-07-10,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182352;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BOTUNKNOWN RESOLUTION Traffic Detected"; flow:established, to_server; content:"resolution"; priority:3; metadata:hostile src_ip,created_at 2019-10-12,capec_id 116,updated_at 2019-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182353;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VIVID SUNGLASSES Traffic Detected"; flow:established, to_server; content:"sunglasses"; priority:3; metadata:hostile src_ip,created_at 2019-05-24,capec_id 310,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182354;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTENSIVE CACAO Traffic Detected"; flow:established, to_server; content:"cacao"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2018-10-24,capec_id 253,updated_at 2018-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target server,attack_target http-server,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80182355;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLOUDY SENTENCE Traffic Detected"; flow:established,to_server; content:"sentence"; priority:1; metadata:hostile dest_ip,created_at 2019-03-07,updated_at 2019-03-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182356;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERMANENT HELICOPTER Exploitation Attempt Seen"; flow:established, to_server; content:"helicopter"; priority:3; metadata:hostile src_ip,created_at 2018-10-24,updated_at 2018-10-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2018-910912,protocols smtp,protocols tcp; rev:1; sid:80182357;) #alert http any any -> $HOME_NET any (msg:"Acme - DRY CHILDHOOD Traffic Detected"; flow:established, to_server; content:"childhood"; priority:3; metadata:hostile src_ip,created_at 2017-11-13,capec_id 213,updated_at 2017-11-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182358;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BUSY SHELL Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"shell"; priority:4; metadata:cwe_id 20,hostile src_ip,created_at 2017-06-24,capec_id 248,updated_at 2017-06-25,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target http-client,attack_target client,cve 2017-8221436,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80182359;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNKNOWN STEP-DAUGHTER Malware Communication"; flow:established,to_server; content:"step-daughter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-22,updated_at 2019-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182360;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN RISE Exploitation Attempt Seen"; flow:established, to_server; content:"rise"; priority:3; metadata:hostile src_ip,created_at 2019-05-08,updated_at 2019-05-23,filename email.rules,priority low,rule_source acme-rule-factory,cve 2019-4007989,protocols smtp,protocols tcp; rev:1; sid:80182361;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENDED TELEPUNKNOWNE Exploitation Attempt Seen"; flow:established, to_server; content:"telepUNKNOWNe"; priority:3; metadata:hostile src_ip,created_at 2019-09-24,updated_at 2019-09-27,filename email.rules,priority low,rule_source acme-rule-factory,cve 2016-6532478,protocols smtp,protocols tcp; rev:1; sid:80182362;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAVOURITE FACULTY Exploitation Attempt Seen"; flow:established, to_server; content:"faculty"; priority:3; metadata:hostile src_ip,created_at 2019-04-27,updated_at 2019-04-27,filename email.rules,priority low,rule_source acme-rule-factory,cve 2017-2604174,protocols smtp,protocols tcp; rev:1; sid:80182363;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRIEF REPRESENTATIVE Traffic Detected"; flow:established,to_server; content:"representative"; priority:3; metadata:hostile src_ip,created_at 2018-10-07,capec_id 310,updated_at 2018-10-14,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182364;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RARE PURPLE Traffic Detected"; flow:established,to_server; content:"purple"; priority:3; metadata:hostile src_ip,created_at 2018-09-25,capec_id 310,updated_at 2018-09-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182365;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PECULIAR UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2016-05-03,capec_id 310,updated_at 2016-05-09,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182366;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNOVATIVE WHISKEY Traffic Detected"; flow:established,to_server; content:"whiskey"; priority:3; metadata:hostile src_ip,created_at 2019-04-25,capec_id 310,updated_at 2019-04-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182367;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIT APE Traffic Detected"; flow:established,to_server; content:"ape"; priority:3; metadata:hostile src_ip,created_at 2017-03-17,capec_id 310,updated_at 2017-03-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182368;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MYSTERIOUS PUNKNOWNLE Traffic Detected"; flow:established, to_server; content:"pUNKNOWNle"; priority:3; metadata:hostile src_ip,created_at 2019-03-07,capec_id 310,updated_at 2019-03-14,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182369;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MYSTERIOUS INJURY Traffic Detected"; flow:established,to_server; content:"injury"; priority:3; metadata:hostile src_ip,created_at 2016-10-10,capec_id 310,updated_at 2016-10-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182370;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG CITIZENSHIP Traffic Detected"; flow:established,to_server; content:"citizenship"; priority:3; metadata:hostile src_ip,created_at 2019-09-20,capec_id 310,updated_at 2019-09-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182371;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINEAR JEALOUSY Traffic Detected"; flow:established,to_server; content:"jealousy"; priority:3; metadata:hostile src_ip,created_at 2019-10-16,capec_id 310,updated_at 2019-10-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182372;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNUSUAL JUNKER Traffic Detected"; flow:established,to_server; content:"junker"; priority:3; metadata:hostile src_ip,created_at 2019-03-16,capec_id 310,updated_at 2019-03-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182373;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HORRIBLE HARPSICHORD Traffic Detected"; flow:established,to_server; content:"harpsichord"; priority:3; metadata:hostile src_ip,created_at 2018-04-25,capec_id 310,updated_at 2018-04-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182374;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELATED POCKET-WATCH Traffic Detected"; flow:established,to_server; content:"pocket-watch"; priority:3; metadata:hostile src_ip,created_at 2016-08-08,capec_id 310,updated_at 2016-08-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182375;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACTIVE HELL Traffic Detected"; flow:established,to_server; content:"hell"; priority:3; metadata:hostile src_ip,created_at 2018-04-21,capec_id 310,updated_at 2018-04-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182376;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIME BRACKET Traffic Detected"; flow:established,to_server; content:"bracket"; priority:3; metadata:hostile src_ip,created_at 2017-05-25,capec_id 310,updated_at 2017-05-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182377;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VISITING CHURN Traffic Detected"; flow:established,to_server; content:"churn"; priority:3; metadata:hostile src_ip,created_at 2015-04-20,capec_id 310,updated_at 2015-04-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182378;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOUD PANIC Traffic Detected"; flow:established,to_server; content:"panic"; priority:3; metadata:hostile src_ip,created_at 2019-11-13,capec_id 310,updated_at 2019-11-13,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182379;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YOUNG FUR Traffic Detected"; flow:established,to_server; content:"fur"; priority:3; metadata:hostile src_ip,created_at 2017-03-09,capec_id 310,updated_at 2017-03-20,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182380;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESIDENT SHAME Traffic Detected"; flow:established,to_server; content:"shame"; priority:3; metadata:hostile src_ip,created_at 2018-10-17,capec_id 310,updated_at 2018-10-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182381;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAIN AUTHORITY Traffic Detected"; flow:established,to_server; content:"authority"; priority:3; metadata:hostile src_ip,created_at 2019-07-03,capec_id 310,updated_at 2019-07-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182382;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DETAILED STAFF Traffic Detected"; flow:established,to_server; content:"staff"; priority:3; metadata:hostile src_ip,created_at 2019-07-07,capec_id 310,updated_at 2019-07-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182383;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREAT SECTION Traffic Detected"; flow:established,to_server; content:"section"; priority:3; metadata:hostile src_ip,created_at 2018-06-21,capec_id 310,updated_at 2018-06-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182384;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOW ELECTION Traffic Detected"; flow:established,to_server; content:"election"; priority:3; metadata:hostile src_ip,created_at 2019-01-04,capec_id 310,updated_at 2019-01-04,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182385;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCESSIBLE ISLAND Traffic Detected"; flow:established,to_server; content:"island"; priority:3; metadata:hostile src_ip,created_at 2019-10-06,capec_id 310,updated_at 2019-10-15,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182386;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIOR COMMISSION Traffic Detected"; flow:established,to_server; content:"commission"; priority:3; metadata:hostile src_ip,created_at 2017-08-12,capec_id 310,updated_at 2017-08-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182387;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR SPOTLIGHT Traffic Detected"; flow:established,to_server; content:"spotlight"; priority:3; metadata:hostile src_ip,created_at 2019-04-22,capec_id 310,updated_at 2019-04-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182388;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EVENT Exploitation Attempt Seen"; flow:established,to_server; content:"event"; priority:3; metadata:hostile src_ip,created_at 2019-06-22,updated_at 2019-06-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-2460429,protocols http,protocols tcp; rev:2; sid:80182389;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRIMINAL UNDERPASS Traffic Detected"; flow:established,to_server; content:"underpass"; priority:3; metadata:hostile src_ip,created_at 2019-04-14,capec_id 310,updated_at 2019-04-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182390;) #alert tcp any any -> $HOME_NET any (msg:"Acme - BORED UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-03-20,updated_at 2018-03-25,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80182391;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ARROGANT SARONG Malware Communication"; flow:established, to_server; content:"sarong"; priority:3; metadata:cwe_id 657,malware pre-infection,hostile src_ip,created_at 2019-10-24,updated_at 2019-10-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80182392;) #alert tcp any any -> $HOME_NET any (msg:"Acme - EXISTING GARAGE Malware Communication"; flow:established, to_client; content:"garage"; priority:3; metadata:cwe_id 657,malware malware,created_at 2018-07-06,updated_at 2018-07-13,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182393;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FIERCE STONEWORK Malware Communication"; flow:established, to_server; content:"stonework"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2019-04-19,updated_at 2019-04-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80182394;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRACEFUL HEARTH Exploitation Attempt Seen"; flow:established,to_server; content:"hearth"; priority:3; metadata:hostile src_ip,created_at 2019-03-13,capec_id 210,updated_at 2019-03-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2018-6355428,protocols ftp,protocols tcp; rev:2; sid:80182395;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEANINGFUL THAW Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"thaw"; priority:3; metadata:cwe_id 345,hostile src_ip,created_at 2019-11-20,capec_id 253,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2019-5429197,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80182396;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DIVING Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"diving"; priority:3; metadata:cwe_id 345,hostile src_ip,created_at 2017-08-03,capec_id 253,updated_at 2017-08-04,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target http-client,attack_target client,cve 2017-419324,cvss_v2_temporal 1.6,protocols http,protocols tcp; rev:2; sid:80182397;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUOUS UNIFORM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"uniform"; priority:3; metadata:cwe_id 345,hostile src_ip,created_at 2019-02-04,capec_id 253,updated_at 2019-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2015-3140408,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80182398;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTREME SHERRY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"sherry"; priority:3; metadata:cwe_id 345,hostile src_ip,created_at 2019-11-22,capec_id 253,updated_at 2019-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cve 2016-8639864,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80182399;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POLITICAL JELLY Malware Communication"; flow:established, to_server; content:"jelly"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-15,updated_at 2019-04-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80182400;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORANGE PERIPHERAL Malware Communication"; flow:established, to_client; content:"peripheral"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-08-13,updated_at 2016-08-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80182401;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACADEMIC JUGGERNAUT Traffic Detected"; flow:established, to_server; content:"juggernaut"; priority:3; metadata:created_at 2019-05-27,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182402;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIVACIOUS GUARD Traffic Detected"; flow:established, to_server; content:"guard"; priority:3; metadata:created_at 2018-04-06,updated_at 2018-04-08,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182403;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG TRADITIONALISM Exploitation Attempt Seen"; flow:established,to_server; content:"traditionalism"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2018-07-10,capec_id 115,updated_at 2018-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target server,attack_target http-server,cve 2018-5098255,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80182404;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EASTERN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-06-15,updated_at 2019-06-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182405;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXACT UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-11-17,capec_id 100,updated_at 2018-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2015-2770253,protocols http,protocols tcp; rev:2; sid:80182406;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVINCING YURT Traffic Detected"; flow:established, to_server; content:"yurt"; priority:3; metadata:hostile src_ip,created_at 2018-06-27,capec_id 248,updated_at 2018-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182407;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLOW MIDDLE Malware Communication"; flow:established,to_server; content:"middle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-01,updated_at 2017-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182408;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREVIOUS DECIMAL Malware Communication"; flow:established, to_server; content:"decimal"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-08-09,updated_at 2017-08-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80182409;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STEADY MUKLUK Malware Communication"; flow:established, to_server; content:"mukluk"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-07,updated_at 2019-09-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182410;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHY ROCKET Malware Communication"; flow:established,to_server; content:"rocket"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-03-26,updated_at 2017-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182411;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HUT Traffic Detected"; flow:established, to_server; content:"hut"; priority:3; metadata:cwe_id 203,hostile src_ip,created_at 2018-09-07,capec_id 118,updated_at 2018-09-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target server,attack_target http-server,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80182412;) alert tcp any any -> any any (msg:"Acme - GUNKNOWNPY ENTHUSIASM Malware Communication"; flow:established; content:"enthusiasm"; priority:3; metadata:cwe_id 506,malware malware,created_at 2019-02-03,updated_at 2019-02-21,filename virus.rules,priority low,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80182413;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BORED PURCHASE Exploitation Attempt Seen"; flow:established,to_server; content:"purchase"; priority:3; metadata:hostile src_ip,created_at 2016-01-27,capec_id 248,updated_at 2016-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-2041791,protocols http,protocols tcp; rev:2; sid:80182414;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAVY PUSHER Malware Communication"; flow:established,to_server; content:"pusher"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-14,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182415;) alert tcp any any -> $HOME_NET any (msg:"Acme - COOPERATIVE PROOF Exploitation Attempt Seen"; flow:established, to_client; content:"proof"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2017-01-27,capec_id 248,updated_at 2017-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target smb-client,attack_target client,cve 2015-6674511,cvss_v2_temporal 3.4,protocols smb,protocols tcp; rev:1; sid:80182416;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANTASTIC ROUND Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"round"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2017-10-15,updated_at 2017-10-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target http-client,attack_target client,cve 2015-2761150,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80182417;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INFLUENTIAL UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-11-05,updated_at 2017-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cve 2017-2556522,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:3; sid:80182418;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FORTHCOMING KINGFISH Exploitation Attempt Seen"; flow:established, to_server; content:"kingfish"; priority:3; metadata:hostile src_ip,created_at 2019-06-21,capec_id 100,updated_at 2019-06-23,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,cve 2018-9331350,protocols rpc,protocols tcp; rev:1; sid:80182419;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENVIRONMENTAL SEAL Exploitation Attempt Seen"; flow:established, to_server; content:"seal"; priority:3; metadata:hostile src_ip,created_at 2019-04-01,capec_id 100,updated_at 2019-04-08,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,cve 2015-2305265,protocols rpc,protocols tcp; rev:1; sid:80182420;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOUGH STUDIO Malware Communication"; flow:established, to_server; content:"studio"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-06-05,updated_at 2018-06-20,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2018-6720267,protocols smb,protocols tcp; rev:1; sid:80182421;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEAR SIGNUP Malware Communication"; flow:established, to_server; content:"signup"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2019-10-20,updated_at 2019-10-24,filename netbios.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target smb-client,attack_target client,cve 2019-55194,protocols smb,protocols tcp; rev:1; sid:80182422;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VERTICAL MEASLES Malware Communication"; flow:established,to_server; content:"measles"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-23,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182423;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCESSIBLE MORTISE Exploitation Attempt Seen"; flow:established; content:"mortise"; priority:3; metadata:created_at 2015-04-24,capec_id 255,updated_at 2015-04-26,filename netbios.rules,priority low,rule_source acme-rule-factory,cve 2015-6449803,protocols tcp; rev:1; sid:80182424;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPPOSITE GARMENT Malware Communication"; flow:established, to_server; content:"garment"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-07-26,updated_at 2016-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182425;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN DIGITAL Exploitation Attempt Seen"; flow:established,to_server; content:"digital"; priority:3; metadata:hostile src_ip,created_at 2019-04-20,capec_id 100,updated_at 2019-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2017-5046290,protocols tcp; rev:1; sid:80182426;) #alert tcp any any -> $HOME_NET any (msg:"Acme - TECHNOLOGICAL DRIVER Exploitation Attempt Seen"; flow:established, to_server; content:"driver"; priority:3; metadata:hostile src_ip,created_at 2018-11-12,capec_id 100,updated_at 2018-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,cve 2016-9019143,protocols dns,protocols tcp; rev:1; sid:80182427;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - READY MODE Malware Communication"; flow:established, to_server; content:"mode"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-08-22,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182428;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ULTIMATE CHILDHOOD Malware Communication"; flow:established, to_server; content:"childhood"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-03,updated_at 2019-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182429;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FINE SNOWPLOW Exploitation Attempt Seen"; flow:established,to_server; content:"snowplow"; priority:3; metadata:hostile src_ip,created_at 2016-09-13,capec_id 135,updated_at 2016-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-8927752,protocols ftp,protocols tcp; rev:1; sid:80182430;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIGANTIC STARTER Malware Communication"; flow:established, to_server; content:"starter"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-09-01,updated_at 2019-09-11,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182431;) #alert tcp any any -> any any (msg:"Acme - SENIOR DESIGNER Traffic Detected"; flow:established, to_server; content:"designer"; priority:3; metadata:cwe_id 657,created_at 2018-01-23,updated_at 2018-01-25,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182432;) #alert tcp any any -> any any (msg:"Acme - CONTROLLED OSPREY Traffic Detected"; flow:established; content:"osprey"; priority:3; metadata:created_at 2017-01-10,updated_at 2017-01-24,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182433;) #alert tcp any any -> any any (msg:"Acme - EXISTING STEPDAUGHTER Traffic Detected"; flow:established; content:"stepdaughter"; priority:3; metadata:created_at 2019-03-23,updated_at 2019-03-27,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182434;) #alert tcp any any -> any any (msg:"Acme - EDUCATIONAL TATTLER Traffic Detected"; flow:established; content:"tattler"; priority:3; metadata:created_at 2019-06-15,updated_at 2019-06-16,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182435;) #alert tcp any any -> any any (msg:"Acme - MIDDLE STEAMROLLER Traffic Detected"; flow:established; content:"steamroller"; priority:3; metadata:created_at 2019-01-11,updated_at 2019-01-26,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182436;) drop tcp any any -> any any (msg:"Acme - KIND WRAP Traffic Detected"; flow:established; content:"wrap"; priority:3; metadata:cwe_id 657,created_at 2019-04-17,updated_at 2019-04-28,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182437;) drop tcp any any -> any any (msg:"Acme - REALISTIC UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,created_at 2019-05-16,updated_at 2019-05-21,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182438;) drop tcp any any -> any any (msg:"Acme - UNKNOWN HIGH-RISE Traffic Detected"; flow:established; content:"high-rise"; priority:3; metadata:cwe_id 657,created_at 2019-03-24,updated_at 2019-03-28,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182439;) drop tcp any any -> any any (msg:"Acme - COMPULSORY CACAO Traffic Detected"; flow:established; content:"cacao"; priority:3; metadata:created_at 2019-02-08,updated_at 2019-02-17,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182440;) drop tcp any any -> any any (msg:"Acme - SQUARE FORGERY Traffic Detected"; flow:established; content:"forgery"; priority:3; metadata:created_at 2019-02-07,updated_at 2019-02-21,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182441;) drop tcp any any -> any any (msg:"Acme - BACK TELETYPE Traffic Detected"; flow:established; content:"teletype"; priority:3; metadata:created_at 2018-03-27,updated_at 2018-03-27,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182442;) alert tcp any any -> any any (msg:"Acme - MELTED MIDLINE Traffic Detected"; flow:established, to_server; content:"midline"; priority:3; metadata:cwe_id 506,created_at 2019-01-10,updated_at 2019-01-10,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182443;) alert tcp any any -> any any (msg:"Acme - UGLIEST AUUNKNOWNATON Traffic Detected"; flow:established, to_server; content:"auUNKNOWNaton"; priority:3; metadata:cwe_id 506,created_at 2019-06-11,updated_at 2019-06-27,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182444;) alert tcp any any -> any any (msg:"Acme - INCREASED BROME Traffic Detected"; flow:established, to_server; content:"brome"; priority:3; metadata:cwe_id 506,created_at 2019-05-14,updated_at 2019-05-27,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182445;) alert tcp any any -> any any (msg:"Acme - SHOCKED CREDIT Traffic Detected"; flow:established, to_server; content:"credit"; priority:3; metadata:cwe_id 657,created_at 2019-11-08,updated_at 2019-11-09,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182446;) drop tcp any any -> any any (msg:"Acme - ROASTED PAVILION Traffic Detected"; flow:established; content:"pavilion"; priority:3; metadata:cwe_id 657,created_at 2019-08-12,updated_at 2019-08-26,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182447;) drop tcp any any -> any any (msg:"Acme - PEACEFUL RELATIVE Traffic Detected"; flow:established; content:"relative"; priority:3; metadata:cwe_id 657,created_at 2019-03-02,updated_at 2019-03-19,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182448;) drop tcp any any -> any any (msg:"Acme - RULING RESERVE Traffic Detected"; flow:established; content:"reserve"; priority:3; metadata:cwe_id 657,created_at 2016-09-27,updated_at 2016-09-28,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182449;) drop tcp any any -> any any (msg:"Acme - MODERN UNKNOWN Traffic Detected"; flow:established; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,created_at 2016-11-07,updated_at 2016-11-16,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182450;) drop http any any -> $HOME_NET any (msg:"Acme - DYING PENICILLIN Exploitation Attempt Seen"; flow:established, to_server; content:"penicillin"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-06-13,capec_id 248,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target server,attack_target http-server,cve 2019-3102287,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:3; sid:80182451;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOTAL UNKNOWNESTY Malware Communication"; flow:established,to_server; content:"UNKNOWNesty"; priority:4; metadata:cwe_id 507,malware malware,created_at 2018-11-14,updated_at 2018-11-14,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182452;) drop http any any -> $HOME_NET any (msg:"Acme - POSITIVE INTERPRETER Exploitation Attempt Seen"; flow:established, to_server; content:"interpreter"; priority:2; metadata:cwe_id 265,hostile src_ip,created_at 2015-01-20,capec_id 248,updated_at 2015-01-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cve 2015-5177315,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80182453;) drop http any any -> $HOME_NET any (msg:"Acme - PERFECT CLOSET Exploitation Attempt Seen"; flow:established, to_server; content:"closet"; priority:2; metadata:cwe_id 265,hostile src_ip,created_at 2016-10-18,updated_at 2016-10-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cve 2015-9724912,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80182454;) drop tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - CAUTIOUS PHILOSOPHER Malware Communication"; flow:established; content:"philosopher"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-06-03,updated_at 2018-06-28,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:1; sid:80182455;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TERRIBLE TADPOLE Traffic Detected"; flow:established,to_server; content:"tadpole"; priority:3; metadata:hostile src_ip,created_at 2016-03-16,capec_id 310,updated_at 2016-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182456;) drop http any any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - DELIGHTFUL GUARD Malware Communication"; flow:established, to_server; content:"guard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-17,updated_at 2018-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182457;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LITTLE RIVER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"river"; priority:4; metadata:cwe_id 264,created_at 2017-09-23,updated_at 2017-09-28,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.9,cve 2015-4043575,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:3; sid:80182458;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENSE DUNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"dUNKNOWN"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-07-10,capec_id 119,updated_at 2016-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cve 2016-9894972,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80182459;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIVATE TYPHOON Malware Communication"; flow:established, to_server; content:"typhoon"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-17,updated_at 2019-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182460;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MINE Malware Communication"; flow:established,to_server; content:"mine"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-11-25,updated_at 2019-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182461;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIATURE CALF Malware Communication"; flow:established, to_server; content:"calf"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2017-09-11,updated_at 2017-09-21,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182462;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARALLEL SUBCONSCIOUS Malware Communication"; flow:established,to_server; content:"subconscious"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-03-13,updated_at 2017-03-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182463;) #alert http any any -> $HOME_NET any (msg:"Acme - BLUE PARTICULAR Traffic Detected"; flow:established, to_client; file_data; content:"particular"; priority:3; metadata:hostile src_ip,created_at 2019-10-06,capec_id 175,updated_at 2019-10-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182464;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIMITIVE FUTURE Traffic Detected"; flow:established, to_client; content:"future"; priority:3; metadata:hostile src_ip,created_at 2018-09-10,capec_id 248,updated_at 2018-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80182465;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTURBING BED Exploitation Attempt Seen"; flow:established, to_server; content:"bed"; priority:3; metadata:hostile src_ip,created_at 2018-07-21,capec_id 100,updated_at 2018-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-7534549,protocols tcp; rev:1; sid:80182466;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUDE GIVE Malware Communication"; flow:established, to_server; content:"give"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-27,updated_at 2018-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182467;) #alert http any any -> $HOME_NET any (msg:"Acme - BLOODY LEGAL Traffic Detected"; flow:established, to_client; file_data; content:"legal"; priority:3; metadata:hostile src_ip,created_at 2019-01-08,capec_id 253,updated_at 2019-01-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182468;) #alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OUTSIDE ORDINARY Traffic Detected"; flow:established, to_client; content:"ordinary"; priority:3; metadata:created_at 2019-04-02,capec_id 253,updated_at 2019-04-05,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182469;) drop http any any -> $HOME_NET any (msg:"Acme - MISTY ASH Exploitation Attempt Seen"; flow:established,to_server; content:"ash"; priority:2; metadata:cwe_id 911,hostile src_ip,created_at 2019-06-10,capec_id 255,updated_at 2019-06-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target server,attack_target http-server,cve 2017-8040781,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80182470;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANGRY STEP-SISTER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"step-sister"; priority:3; metadata:hostile src_ip,created_at 2018-01-04,capec_id 242,updated_at 2018-01-04,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-5912054,protocols http,protocols tcp; rev:2; sid:80182471;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIZARRE SCARECROW Traffic Detected"; flow:established, to_server; content:"scarecrow"; priority:3; metadata:hostile src_ip,created_at 2016-07-08,capec_id 175,updated_at 2016-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182472;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RED GRAIN Malware Communication"; flow:established,to_server; content:"grain"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-02-11,updated_at 2017-02-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182473;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIGHT CONTEXT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"context"; priority:3; metadata:hostile src_ip,created_at 2019-02-15,capec_id 248,updated_at 2019-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-6321134,protocols http,protocols tcp; rev:2; sid:80182474;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NECESSARY PRODUCT Malware Communication"; flow:established,to_server; content:"product"; priority:2; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2017-02-05,updated_at 2017-02-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182475;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ISOLATED HORSE Malware Communication"; flow:established,to_server; content:"horse"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-08,updated_at 2018-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182476;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLASSIC LOCOMOTIVE Exploitation Attempt Seen"; flow:established,to_server; content:"locomotive"; priority:3; metadata:hostile src_ip,created_at 2019-02-11,capec_id 115,updated_at 2019-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,cve 2019-6605511,protocols tcp; rev:1; sid:80182477;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIFFICULT SELL Exploitation Attempt Seen"; flow:established,to_server; content:"sell"; priority:3; metadata:hostile src_ip,created_at 2017-03-16,capec_id 115,updated_at 2017-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,cve 2016-6765520,protocols tcp; rev:1; sid:80182478;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLIPPERY TITANIUM Exploitation Attempt Seen"; flow:established,to_server; content:"titanium"; priority:3; metadata:hostile src_ip,created_at 2018-10-03,capec_id 115,updated_at 2018-10-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,cve 2018-1571815,protocols tcp; rev:1; sid:80182479;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOUD NUDGE Exploitation Attempt Seen"; flow:established,to_server; content:"nudge"; priority:3; metadata:hostile src_ip,created_at 2019-08-17,capec_id 115,updated_at 2019-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,cve 2015-4597031,protocols tcp; rev:1; sid:80182480;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUNNING BOTTLE Malware Communication"; flow:established,to_server; content:"bottle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-19,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182481;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INEVITABLE IRIS Exploitation Attempt Seen"; flow:established, to_server; content:"iris"; priority:3; metadata:hostile src_ip,created_at 2017-09-15,capec_id 213,updated_at 2017-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2275003,protocols http,protocols tcp; rev:2; sid:80182482;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MISTAKE Traffic Detected"; flow:established, to_server; content:"mistake"; priority:3; metadata:hostile src_ip,created_at 2018-05-01,capec_id 213,updated_at 2018-05-01,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182483;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALONE PROW Traffic Detected"; flow:established, to_server; content:"prow"; priority:3; metadata:hostile src_ip,created_at 2018-01-14,capec_id 213,updated_at 2018-01-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182484;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARMING HARMONY Malware Communication"; flow:established, to_server; content:"harmony"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2017-07-21,updated_at 2017-07-25,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80182485;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PANDA Malware Communication"; flow:established, to_server; content:"panda"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2018-07-01,updated_at 2018-07-13,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80182486;) #alert tcp any any -> $HOME_NET any (msg:"Acme - MANUAL NECK Malware Communication"; flow:established, to_client; content:"neck"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2016-11-23,updated_at 2016-11-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80182487;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURIOUS KNITTING Malware Communication"; flow:established,to_server; content:"knitting"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2016-03-18,updated_at 2016-03-26,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80182488;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOXIC JAILHOUSE Malware Communication"; flow:established,to_server; content:"jailhouse"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2019-11-24,updated_at 2019-11-27,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80182489;) #drop tcp any any -> any any (msg:"Acme - TAN TRUST Malware Communication"; flow:established,to_client; content:"trust"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2019-04-17,updated_at 2019-04-28,filename email.rules,priority low,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80182490;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CREATIVE PITCH Malware Communication"; flow:established, to_server; content:"pitch"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-10-21,updated_at 2018-10-24,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182491;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFIDENT MESS Traffic Detected"; flow:established, to_server; content:"mess"; priority:3; metadata:hostile src_ip,created_at 2015-11-18,capec_id 253,updated_at 2015-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182492;) #drop tcp any any -> any any (msg:"Acme - UNKNOWN BRUSHFIRE Traffic Detected"; flow:established, to_server; content:"brushfire"; priority:3; metadata:created_at 2017-11-21,updated_at 2017-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182493;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID LOSS Traffic Detected"; flow:established, to_server; content:"loss"; priority:3; metadata:created_at 2019-10-23,updated_at 2019-10-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182494;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTINGUISHED COPYRIGHT Traffic Detected"; flow:established, to_server; content:"copyright"; priority:3; metadata:created_at 2015-11-13,updated_at 2015-11-13,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182495;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLORIOUS VIBE Traffic Detected"; flow:established, to_server; content:"vibe"; priority:3; metadata:created_at 2019-01-03,updated_at 2019-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182496;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESULTING PENDULUM Traffic Detected"; flow:established, to_client; content:"pendulum"; priority:3; metadata:created_at 2015-06-18,updated_at 2015-06-19,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182497;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIPLOMATIC METHANE Traffic Detected"; flow:established, to_client; content:"methane"; priority:3; metadata:created_at 2019-03-06,updated_at 2019-03-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182498;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUDICIAL PENDANT Malware Communication"; flow:established,to_client; file_data; content:"pendant"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-05-03,updated_at 2019-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182499;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EARLY ECLIPSE Malware Communication"; flow:established,to_client; file_data; content:"eclipse"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-07-01,updated_at 2018-07-04,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182500;) #alert tcp any any -> any any (msg:"Acme - CHARACTERISTIC LUNGE Traffic Detected"; flow:established, to_server; content:"lunge"; priority:3; metadata:hostile dest_ip,created_at 2019-06-21,capec_id 213,updated_at 2019-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80182501;) drop tcp $HOME_NET any -> any any (msg:"Acme - TERRIBLE DIRECTOR Malware Communication"; flow:established,to_server; content:"director"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-19,updated_at 2018-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182502;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INEVITABLE RESPONSE Traffic Detected"; flow:established, to_server; content:"response"; priority:3; metadata:hostile src_ip,created_at 2018-02-13,capec_id 213,updated_at 2018-02-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182503;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCRETE HOUSE Traffic Detected"; flow:established, to_server; content:"house"; priority:3; metadata:hostile src_ip,created_at 2018-10-11,capec_id 213,updated_at 2018-10-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182504;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INITIAL ENEMY Traffic Detected"; flow:established, to_server; content:"enemy"; priority:3; metadata:hostile src_ip,created_at 2018-09-11,capec_id 213,updated_at 2018-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182505;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCARY EQUINOX Exploitation Attempt Seen"; flow:established,to_server; content:"equinox"; priority:3; metadata:cwe_id 824,hostile src_ip,created_at 2019-04-27,capec_id 129,updated_at 2019-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target server,cve 2019-5648772,cvss_v2_temporal 4.2,protocols tcp; rev:1; sid:80182506;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANXIOUS PUMP Traffic Detected"; flow:established, to_server; content:"pump"; priority:3; metadata:hostile src_ip,created_at 2019-02-12,capec_id 213,updated_at 2019-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182507;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL PORCUPINE Traffic Detected"; flow:established,from_server; file_data; content:"porcupine"; priority:3; metadata:cwe_id 120,cwe_id 618,hostile src_ip,created_at 2016-09-15,capec_id 100,updated_at 2016-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80182508;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SPONTANEOUS SAMPAN Exploitation Attempt Seen"; flow:established,to_server; content:"sampan"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2016-02-24,capec_id 100,updated_at 2016-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2016-8717248,cvss_v2_temporal 4.6,protocols tcp; rev:1; sid:80182509;) #alert tcp any any -> $HOME_NET any (msg:"Acme - PLAIN SPANK Traffic Detected"; flow:established,to_server; content:"spank"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-01-07,capec_id 100,updated_at 2019-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target server,cvss_v2_temporal 5.4,protocols tcp; rev:2; sid:80182510;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SECONDARY SPHERE Exploitation Attempt Seen"; flow:established,to_server; content:"sphere"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2016-01-02,capec_id 100,updated_at 2016-01-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2015-929423,cvss_v2_temporal 4.4,protocols tcp; rev:1; sid:80182511;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERMANENT BELIEVE Traffic Detected"; flow:established,to_server; content:"believe"; priority:3; metadata:hostile src_ip,created_at 2019-07-11,capec_id 310,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182512;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALLIED EASEL Traffic Detected"; flow:established,to_server; content:"easel"; priority:3; metadata:hostile src_ip,created_at 2018-01-08,capec_id 310,updated_at 2018-01-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182513;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ODD PROCEDURE Traffic Detected"; flow:established,to_server; content:"procedure"; priority:3; metadata:hostile src_ip,created_at 2019-02-10,capec_id 310,updated_at 2019-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182514;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREEN MAYONNAISE Traffic Detected"; flow:established,to_server; content:"mayonnaise"; priority:3; metadata:hostile src_ip,created_at 2018-11-10,capec_id 310,updated_at 2018-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182515;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PERSONALITY Traffic Detected"; flow:established,to_server; content:"personality"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2016-05-13,capec_id 100,updated_at 2016-05-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,cvss_v2_temporal 1.9,protocols tcp; rev:1; sid:80182516;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VULNERABLE VERSION Exploitation Attempt Seen"; flow:established,to_server; content:"version"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2016-08-25,capec_id 248,updated_at 2016-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,attack_target http-server,cve 2015-9839132,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80182517;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REMARKABLE UNKNOWNHOOD Malware Communication"; flow:established, to_server; content:"UNKNOWNhood"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-10-10,updated_at 2019-10-16,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182518;) #alert http any any -> $HOME_NET any (msg:"Acme - ACCEPTED HURDLER Traffic Detected"; flow:established,to_server; content:"hurdler"; priority:3; metadata:hostile src_ip,created_at 2019-07-19,capec_id 310,updated_at 2019-07-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182519;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWNIAL BREEZE Exploitation Attempt Seen"; flow:established,to_client; content:"breeze"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-07-21,capec_id 100,updated_at 2019-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cve 2016-5183877,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:1; sid:80182520;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SPLENDID BURST Malware Communication"; flow:established, to_client; content:"burst"; priority:3; metadata:cwe_id 120,malware pre-infection,hostile src_ip,created_at 2019-11-25,updated_at 2019-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cve 2017-945313,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:1; sid:80182521;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASSOCIATED BUCKLE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"buckle"; priority:3; metadata:cwe_id 618,cwe_id 119,hostile src_ip,created_at 2019-05-15,capec_id 253,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2018-2098435,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80182522;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - REGULAR UNKNOWNMOTHER Exploitation Attempt Seen"; flow:established, to_client; content:"UNKNOWNmother"; priority:3; metadata:hostile src_ip,created_at 2018-05-01,capec_id 100,updated_at 2018-05-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-2581070,protocols http,protocols tcp; rev:1; sid:80182523;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE DISCUSSION Malware Communication"; flow:established,to_server; content:"discussion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-01-07,updated_at 2015-01-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80182524;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDIVIDUAL DIFFERENCE Malware Communication"; flow:established,to_server; content:"difference"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-27,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182525;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANXIOUS UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-08-14,updated_at 2018-08-14,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182526;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VALUABLE RECOGNITION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"recognition"; priority:3; metadata:cwe_id 424,cwe_id 618,hostile src_ip,created_at 2018-02-05,capec_id 253,updated_at 2018-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cve 2015-8422276,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80182527;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CALM SLAPSTICK Malware Communication"; flow:established, to_client; content:"slapstick"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-09-08,updated_at 2018-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2018-1299207,cve 2018-1299207,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:1; sid:80182528;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WILD FEUNKNOWN Malware Communication"; flow:established, to_client; content:"feUNKNOWN"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2016-01-23,updated_at 2016-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2016-3117661,cve 2016-3117661,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80182529;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIVING SALOON Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"saloon"; priority:3; metadata:cwe_id 618,hostile src_ip,created_at 2017-02-12,capec_id 253,updated_at 2017-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target http-client,attack_target client,cve 2015-8840029,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80182530;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE BLADDER Malware Communication"; flow:established,to_client; content:"bladder"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-03-07,updated_at 2019-03-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2016-572785,cve 2016-572785,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:3; sid:80182531;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORTHWHILE RAINMAKER Malware Communication"; flow:established,to_client; content:"rainmaker"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2017-01-13,updated_at 2017-01-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2017-6886209,cve 2017-6886209,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:3; sid:80182532;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEFENSIVE ALLOY Exploitation Attempt Seen"; flow:established, to_server; content:"alloy"; priority:3; metadata:hostile src_ip,created_at 2015-02-09,capec_id 248,updated_at 2015-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-1357808,protocols http,protocols tcp; rev:2; sid:80182533;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STALE ANYWHERE Exploitation Attempt Seen"; flow:established,to_client; content:"anywhere"; priority:3; metadata:hostile src_ip,created_at 2017-06-08,capec_id 100,updated_at 2017-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ssh-client,attack_target client,cve 2016-7153049,protocols ssh,protocols tcp; rev:1; sid:80182534;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG QUINCE Exploitation Attempt Seen"; flow:established,to_client; content:"quince"; priority:3; metadata:hostile src_ip,created_at 2017-02-22,capec_id 100,updated_at 2017-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ssh-client,attack_target client,cve 2015-5035672,protocols ssh,protocols tcp; rev:1; sid:80182535;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - STRANGE CIVILISATION Malware Communication"; flow:established,to_client; content:"civilisation"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-02-25,updated_at 2016-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182536;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIGHTY CREEK Malware Communication"; flow:established,to_server; content:"creek"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-20,updated_at 2019-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182537;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LOW LIST Exploitation Attempt Seen"; flow:established, to_server; content:"list"; priority:3; metadata:hostile dest_ip,created_at 2017-10-08,capec_id 100,updated_at 2017-10-18,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-9041811,protocols http,protocols tcp; rev:1; sid:80182538;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - TERRIBLE EXTENSION Exploitation Attempt Seen"; flow:established, to_client; content:"extension"; priority:3; metadata:hostile src_ip,created_at 2018-02-01,capec_id 100,updated_at 2018-02-03,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6787093,protocols http,protocols tcp; rev:1; sid:80182539;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ENCHANTING ALLIGATOR Exploitation Attempt Seen"; flow:established, to_client; content:"alligator"; priority:3; metadata:hostile src_ip,created_at 2019-04-01,capec_id 100,updated_at 2019-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-1219688,protocols http,protocols tcp; rev:1; sid:80182540;) #alert http any any -> $HOME_NET any (msg:"Acme - COMPARATIVE UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-08-17,capec_id 248,updated_at 2017-08-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-166858,protocols http,protocols tcp; rev:2; sid:80182541;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNPY COWBOY Exploitation Attempt Seen"; flow:established, to_server; content:"cowboy"; priority:3; metadata:hostile src_ip,created_at 2019-02-26,capec_id 100,updated_at 2019-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-403530,protocols tcp; rev:1; sid:80182542;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOUD GEORGE Traffic Detected"; flow:established,to_server; content:"george"; priority:3; metadata:hostile src_ip,created_at 2017-06-01,capec_id 248,updated_at 2017-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182543;) drop tcp $HOME_NET any -> any any (msg:"Acme - GLORIOUS RACCOON Malware Communication"; flow:established,to_server; content:"raccoon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-10,updated_at 2018-03-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182544;) drop tcp $HOME_NET any -> any any (msg:"Acme - ALTERUNKNOWN GINSENG Malware Communication"; flow:established,to_server; content:"ginseng"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182545;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CONCEPTUAL BOWTIE Exploitation Attempt Seen"; flow:established,to_client; content:"bowtie"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2019-10-09,capec_id 100,updated_at 2019-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target http-client,attack_target client,cve 2019-6704311,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:1; sid:80182546;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GUNKNOWNPY NEAT Malware Communication"; flow:established,from_server; content:"neat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-10-05,updated_at 2017-10-09,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182547;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WITTY RETURN Malware Communication"; flow:established,to_server; content:"return"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-07,updated_at 2018-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182548;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNNY GLEN Traffic Detected"; flow:established, to_server; content:"glen"; priority:3; metadata:hostile src_ip,created_at 2018-06-13,capec_id 63,updated_at 2018-06-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182549;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPROPRIATE POT Malware Communication"; flow:established,to_server; content:"pot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-01,updated_at 2016-04-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182550;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELEGANT SCRIP Malware Communication"; flow:established, to_server; content:"scrip"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-09,updated_at 2018-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182551;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DAILY UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 680,hostile src_ip,created_at 2017-10-15,capec_id 100,updated_at 2017-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target dns-server,attack_target server,cve 2017-61546,cvss_v2_temporal 6.7,protocols dns,protocols tcp; rev:1; sid:80182552;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ULTIMATE GASTROPOD Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"gastropod"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-04-15,capec_id 29,updated_at 2018-04-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target http-client,attack_target client,cve 2016-4395817,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80182553;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIG LEADERSHIP Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"leadership"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-04-13,capec_id 29,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cve 2017-1700564,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80182554;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HARSH UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2017-09-23,capec_id 253,updated_at 2017-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cve 2017-8079539,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80182555;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLUTTERING PUMPKIN Malware Communication"; flow:established,to_server; content:"pumpkin"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-06-17,updated_at 2018-06-17,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182556;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LARGE-SCALE POINT Malware Communication"; flow:established, to_server; content:"point"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-02,updated_at 2018-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182557;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT CARDBOARD Malware Communication"; flow:established, to_server; content:"cardboard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-08-26,updated_at 2018-08-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182558;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEERFUL YOKE Malware Communication"; flow:established, to_server; content:"yoke"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-11-08,updated_at 2016-11-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182559;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAVOURABLE BIG Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"big"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-08-12,capec_id 253,updated_at 2019-08-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target http-client,attack_target client,cve 2017-5520188,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80182560;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STEADY UNKNOWN Traffic Detected"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 512,hostile src_ip,created_at 2017-02-10,capec_id 253,updated_at 2017-02-27,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182561;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - TENDER FINE Malware Communication"; flow:established, to_client; content:"fine"; priority:3; metadata:cwe_id 512,malware download-attempt,hostile src_ip,created_at 2018-05-27,updated_at 2018-05-28,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182562;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIGANTIC CARROT Malware Communication"; flow:established, to_server; content:"carrot"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-06-22,updated_at 2018-06-28,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182563;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINE EXTREME Malware Communication"; flow:established,to_server; content:"extreme"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-24,updated_at 2019-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182564;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ILL FLAX Malware Communication"; flow:established, to_client; content:"flax"; priority:3; metadata:cwe_id 512,malware download-attempt,created_at 2019-02-27,updated_at 2019-02-27,filename spyware.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182565;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - MIDDLE-CLASS GRIP Malware Communication"; flow:established, to_client; content:"grip"; priority:3; metadata:cwe_id 512,malware download-attempt,hostile src_ip,created_at 2018-07-20,updated_at 2018-07-26,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182566;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RESONANT GELDING Malware Communication"; flow:established,to_server; content:"gelding"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-05,updated_at 2019-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182567;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SACRED PRINCESS Malware Communication"; flow:established,to_client; file_data; content:"princess"; priority:1; metadata:cwe_id 20,malware post-infection,hostile src_ip,created_at 2015-08-21,updated_at 2015-08-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target http-client,attack_target client,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80182568;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 512,malware download-attempt,hostile src_ip,created_at 2018-03-27,updated_at 2018-03-27,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182569;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PSYCHIATRIC CHOCOLATE Malware Communication"; flow:established,to_client; content:"chocolate"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2016-11-20,updated_at 2016-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182570;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN YARD Malware Communication"; flow:established, to_server; content:"yard"; priority:3; metadata:cwe_id 512,malware malware,hostile dest_ip,created_at 2018-09-09,updated_at 2018-09-26,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182571;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROASTED POEM Malware Communication"; flow:established,to_server; content:"poem"; priority:3; metadata:cwe_id 512,malware malware,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-26,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182572;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLOSED SWAN Malware Communication"; flow:established, to_server; content:"swan"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-08-18,updated_at 2019-08-27,filename spyware.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182573;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWKWARD UNKNOWNDRINK Malware Communication"; flow:established,to_server; content:"UNKNOWNdrink"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-09-15,updated_at 2016-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182574;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INLAND RASPBERRY Traffic Detected"; flow:established,to_server; content:"raspberry"; priority:1; metadata:hostile dest_ip,created_at 2019-09-06,updated_at 2019-09-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182575;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHRONIC BIRD-WATCHER Exploitation Attempt Seen"; flow:established, to_server; content:"bird-watcher"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-06-07,capec_id 26,updated_at 2018-06-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target server,cve 2018-9279666,cvss_v2_temporal 4.2,protocols tcp; rev:1; sid:80182576;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DARK BILL Exploitation Attempt Seen"; flow:established,to_server; content:"bill"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-05-10,capec_id 63,updated_at 2018-05-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cve 2015-7830282,cvss_v2_temporal 8.5,protocols http,protocols tcp; rev:2; sid:80182577;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EXIT Traffic Detected"; flow:established, to_server; content:"exit"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2019-07-20,capec_id 165,updated_at 2019-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target server,attack_target http-server,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80182578;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRY LEAVER Malware Communication"; flow:established,to_server; content:"leaver"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-06,updated_at 2019-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182579;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUND BIG-RIG Exploitation Attempt Seen"; flow:established, to_server; content:"big-rig"; priority:4; metadata:cwe_id 601,hostile src_ip,created_at 2019-05-24,capec_id 194,updated_at 2019-05-28,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target server,attack_target http-server,cve 2019-1711073,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80182580;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REVOLUTIONARY JOY Malware Communication"; flow:established,to_client; file_data; content:"joy"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-06-05,updated_at 2019-06-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182581;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCOURAGING UNKNOWNDY Malware Communication"; flow:established,to_server; content:"UNKNOWNdy"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-17,updated_at 2019-10-26,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182582;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENDER POPPY Malware Communication"; flow:established, to_server; content:"poppy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-08,updated_at 2017-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182583;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENTLE CUSHION Malware Communication"; flow:established,to_server; urilen:>137; content:"cushion"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-01-17,updated_at 2019-01-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182584;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUEL BENEFIT Malware Communication"; flow:established,to_server; content:"benefit"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2016-08-27,updated_at 2016-08-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182585;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRIGHT UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-09-06,capec_id 63,updated_at 2018-09-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182586;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREAT MAKEUP Traffic Detected"; flow:established,to_server; content:"makeup"; priority:3; metadata:hostile src_ip,created_at 2016-06-01,capec_id 248,updated_at 2016-06-03,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182587;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MECHANICAL MEGALIAC Malware Communication"; flow:established,to_server; content:"megaliac"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-05-13,updated_at 2018-05-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182588;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRIED INSPECTION Exploitation Attempt Seen"; flow:established; content:"inspection"; priority:1; metadata:cwe_id 191,created_at 2018-03-19,capec_id 255,updated_at 2018-03-27,filename acme.rules,priority high,rule_source acme-rule-factory,cvss_v2_base 6.1,cve 2017-9129809,cvss_v2_temporal 5.3,protocols tcp; rev:1; sid:80182589;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - LONG JAW Exploitation Attempt Seen"; flow:established, to_client; content:"jaw"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-04-01,capec_id 255,updated_at 2019-04-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2018-613176,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:1; sid:80182590;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWAKE GUARANTEE Malware Communication"; flow:established,to_server; content:"guarantee"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-10,updated_at 2019-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182591;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT PLEATED Malware Communication"; flow:established, to_server; content:"pleated"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-09,updated_at 2019-06-23,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182592;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN THANKS Traffic Detected"; flow:established,to_server; content:"thanks"; priority:3; metadata:hostile src_ip,created_at 2015-07-05,capec_id 125,updated_at 2015-07-24,filename ddos.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182593;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSTRACT CODPIECE Exploitation Attempt Seen"; flow:established; content:"codpiece"; priority:3; metadata:cwe_id 190,created_at 2019-07-17,capec_id 92,updated_at 2019-07-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,cve 2018-8359685,cvss_v2_temporal 3.3,protocols smtp,protocols tcp; rev:1; sid:80182594;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SWAN Malware Communication"; flow:established,to_server; content:"swan"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182595;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEVER PERMIT Malware Communication"; flow:established; content:"permit"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-03-22,updated_at 2017-03-26,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80182596;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSOLUTE LYMPHOCYTE Exploitation Attempt Seen"; flow:established, to_server; content:"lymphocyte"; priority:3; metadata:cwe_id 835,hostile src_ip,created_at 2019-10-16,capec_id 228,updated_at 2019-10-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,attack_target http-server,cve 2016-5988984,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:2; sid:80182597;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INCREASED TRANSLATION Malware Communication"; flow:established, to_server; content:"translation"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-01-14,updated_at 2019-01-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182598;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENDLESS CLAVICLE Malware Communication"; flow:established, to_server; content:"clavicle"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-06-25,updated_at 2019-06-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182599;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SOUTH Malware Communication"; flow:established, to_server; content:"south"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-22,updated_at 2018-09-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182600;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISLEADING CONTINENT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"continent"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-04-24,capec_id 128,updated_at 2017-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target http-client,attack_target client,cve 2017-4471459,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80182601;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - FINE FUNCTION Exploitation Attempt Seen"; flow:established, to_client; content:"function"; priority:4; metadata:cwe_id 119,created_at 2017-04-26,updated_at 2017-04-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.2,cve 2015-9651350,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80182602;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCLUSIVE EXECUTOR Malware Communication"; flow:established, to_server; content:"executor"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-11-05,updated_at 2018-11-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182603;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLORFUL CONTINENT Malware Communication"; flow:established, to_server; content:"continent"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2017-04-15,updated_at 2017-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182604;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NARROW TELEPUNKNOWNE Malware Communication"; flow:established,to_server; content:"telepUNKNOWNe"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-07-20,updated_at 2019-07-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182605;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STANDARD BANANA Malware Communication"; flow:established, to_server; content:"banana"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-26,updated_at 2017-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182606;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KNOWN HARBOR Malware Communication"; flow:established, to_server; content:"harbor"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-18,updated_at 2018-02-19,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182607;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADDITIONAL DEPRESSIVE Malware Communication"; flow:established, to_server; content:"depressive"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-05-26,updated_at 2015-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182608;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FELLOW HEIGHT Traffic Detected"; flow:established, to_server; content:"height"; priority:4; metadata:hostile dest_ip,created_at 2016-06-17,updated_at 2016-06-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182609;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROVINCIAL DATABASE Malware Communication"; flow:established, to_server; content:"database"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-13,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182610;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEW CONFIRMATION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"confirmation"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-11-20,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target http-client,attack_target client,cve 2016-9503521,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80182611;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - PRACTICAL SACK Exploitation Attempt Seen"; flow:established, to_client; content:"sack"; priority:3; metadata:hostile src_ip,created_at 2017-02-02,updated_at 2017-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-8907196,protocols http,protocols tcp; rev:1; sid:80182612;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILKY HACKWORK Traffic Detected"; flow:established, to_server; content:"hackwork"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-07-03,capec_id 310,updated_at 2017-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182613;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEGATIVE SPROUT Malware Communication"; flow:established,to_server; content:"sprout"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-11-01,updated_at 2015-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182614;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIVID RADIO Malware Communication"; flow:established,to_server; content:"radio"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-14,updated_at 2019-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182615;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED CORN Exploitation Attempt Seen"; flow:established, to_server; content:"corn"; priority:4; metadata:cwe_id 287,hostile src_ip,created_at 2017-04-27,capec_id 115,updated_at 2017-04-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cve 2016-1301849,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80182616;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WASTEFUL GUESTBOOK Traffic Detected"; flow:established, to_server; content:"guestbook"; priority:2; metadata:hostile src_ip,created_at 2019-10-13,capec_id 125,updated_at 2019-10-26,filename ddos.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182617;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - HOMELY OASIS Exploitation Attempt Seen"; flow:established,to_server; content:"oasis"; priority:4; metadata:cwe_id 704,hostile src_ip,created_at 2017-07-26,updated_at 2017-07-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cve 2016-1916733,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:1; sid:80182618;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROLLING CHEQUE Traffic Detected"; flow:established,to_server; content:"cheque"; priority:3; metadata:hostile dest_ip,created_at 2019-01-20,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182619;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIGHT CHROME Malware Communication"; flow:established,to_server; content:"chrome"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-04,updated_at 2018-02-22,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182620;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TICKET Traffic Detected"; flow:established,to_server; content:"ticket"; priority:2; metadata:hostile dest_ip,created_at 2017-01-18,updated_at 2017-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80182621;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MID BALLET Exploitation Attempt Seen"; flow:established,to_server; content:"ballet"; priority:3; metadata:cwe_id 565,hostile src_ip,created_at 2016-11-10,updated_at 2016-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2015-9220152,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80182622;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CASUAL LEG Exploitation Attempt Seen"; flow:established,to_server; content:"leg"; priority:3; metadata:cwe_id 565,hostile src_ip,created_at 2019-06-06,updated_at 2019-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target server,attack_target http-server,cve 2018-7579624,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80182623;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRECIOUS SAVE Malware Communication"; flow:established,to_server; content:"save"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-27,updated_at 2018-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182624;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPRESSIVE NUDGE Malware Communication"; flow:established,to_server; content:"nudge"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-19,updated_at 2017-09-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182625;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LUCKY MENTION Exploitation Attempt Seen"; flow:established, to_server; content:"mention"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2019-11-16,capec_id 253,updated_at 2019-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target server,attack_target http-server,cve 2017-9856517,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80182626;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROUD SLIPPER Traffic Detected"; flow:established, to_server; content:"slipper"; priority:3; metadata:cwe_id 284,hostile src_ip,created_at 2018-10-05,capec_id 118,updated_at 2018-10-08,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,attack_target http-server,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80182627;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIANT STRUCTURE Malware Communication"; flow:established, to_server; content:"structure"; priority:2; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182628;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFECTIVE CUCUMBER Traffic Detected"; flow:established, to_server; content:"cucumber"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-01-12,capec_id 286,updated_at 2019-01-27,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80182629;) #alert http any any -> $HOME_NET any (msg:"Acme - ABSOLUTE ORATOR Traffic Detected"; flow:established, to_server; content:"orator"; priority:3; metadata:hostile src_ip,created_at 2017-09-15,updated_at 2017-09-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182630;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TENT Exploitation Attempt Seen"; flow:established, to_server; content:"tent"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-06-09,updated_at 2019-06-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cve 2019-1373417,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80182631;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOCIAL EX-UNKNOWN Traffic Detected"; flow:established, to_server; content:"ex-UNKNOWN"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2018-06-18,capec_id 286,updated_at 2018-06-18,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182632;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TENNIS Malware Communication"; flow:established,to_server; content:"tennis"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-11-05,updated_at 2016-11-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182633;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPATIBLE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-06,updated_at 2019-06-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182634;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIGHTENED FEUNKNOWN Malware Communication"; flow:established,to_server; content:"feUNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-03,updated_at 2019-06-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182635;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RURAL INVOICE Malware Communication"; flow:established,to_server; content:"invoice"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-03,updated_at 2018-04-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182636;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL PERMIT Traffic Detected"; flow:established, to_server; content:"permit"; priority:2; metadata:cwe_id 200,hostile dest_ip,created_at 2019-09-21,capec_id 286,updated_at 2019-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182637;) #alert http any any -> any any (msg:"Acme - PLEASED MANY Traffic Detected"; flow:established, to_server; content:"many"; priority:3; metadata:hostile src_ip,created_at 2018-11-06,capec_id 153,updated_at 2018-11-17,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182638;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KEY TALK Malware Communication"; flow:established,to_server; content:"talk"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-09-11,updated_at 2019-09-12,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182639;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK VALLEY Malware Communication"; flow:established,to_server; content:"valley"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182640;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIVELY JUTE Exploitation Attempt Seen"; flow:established,to_server; content:"jute"; priority:1; metadata:cwe_id 20,hostile src_ip,created_at 2019-06-16,capec_id 152,updated_at 2019-06-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-5335254,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80182641;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ITCHY WEB Malware Communication"; flow:established,to_server; content:"web"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-04-25,updated_at 2018-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182642;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DECENT SUNLAMP Exploitation Attempt Seen"; flow:established, to_server; content:"sunlamp"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-01-21,updated_at 2017-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target server,attack_target http-server,cve 2016-2996544,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80182643;) #alert http any any -> $HOME_NET any (msg:"Acme - DEVOTED POLO Exploitation Attempt Seen"; flow:established, to_server; content:"polo"; priority:3; metadata:cwe_id 502,hostile src_ip,created_at 2019-03-04,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target server,attack_target http-server,cve 2019-5368837,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80182644;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN NEST Exploitation Attempt Seen"; flow:established, to_server; content:"nest"; priority:3; metadata:cwe_id 502,hostile src_ip,created_at 2015-08-12,capec_id 152,updated_at 2015-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target server,attack_target http-server,cve 2015-4671869,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80182645;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SLIGHT WHISKER Traffic Detected"; flow:established,to_server; content:"whisker"; priority:3; metadata:hostile src_ip,created_at 2019-10-03,capec_id 100,updated_at 2019-10-12,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182646;) #alert tcp any any -> $HOME_NET any (msg:"Acme - EXCLUSIVE MODEM Traffic Detected"; flow:established,to_server; content:"modem"; priority:3; metadata:hostile src_ip,created_at 2019-04-10,capec_id 100,updated_at 2019-04-11,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182647;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LAZY GRASS Exploitation Attempt Seen"; flow:established,to_server; content:"grass"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2018-07-21,capec_id 100,updated_at 2018-07-22,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,cve 2017-7358142,cve 2017-7358142,cvss_v2_temporal 2.7,protocols tcp; rev:1; sid:80182648;) #alert tcp any any -> $HOME_NET any (msg:"Acme - HELPLESS JOB Exploitation Attempt Seen"; flow:established,to_server; content:"job"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2017-05-09,capec_id 100,updated_at 2017-05-20,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,cve 2015-3114359,cve 2015-3114359,cvss_v2_temporal 7.0,protocols tcp; rev:1; sid:80182649;) #alert tcp any any -> $HOME_NET any (msg:"Acme - TENDER DIVISION Exploitation Attempt Seen"; flow:established,to_server; content:"division"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2018-01-06,capec_id 100,updated_at 2018-01-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,cve 2017-5010726,cve 2017-5010726,cvss_v2_temporal 4.3,protocols tcp; rev:1; sid:80182650;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LITTLE BOW Exploitation Attempt Seen"; flow:established,to_server; content:"bow"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2018-09-07,capec_id 213,updated_at 2018-09-21,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,cve 2017-7844791,cvss_v2_temporal 4.7,protocols tcp; rev:1; sid:80182651;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ASSISTANT THUNDERSTORM Exploitation Attempt Seen"; flow:established,to_server; content:"thunderstorm"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2018-04-25,capec_id 213,updated_at 2018-04-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,cve 2015-3741130,cvss_v2_temporal 4.8,protocols tcp; rev:1; sid:80182652;) #alert tcp any any -> $HOME_NET any (msg:"Acme - CHEAP MEASURE Exploitation Attempt Seen"; flow:established,to_server; content:"measure"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2018-07-06,capec_id 100,updated_at 2018-07-25,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,cve 2016-4933423,cve 2016-4933423,cvss_v2_temporal 2.3,protocols tcp; rev:1; sid:80182654;) #alert tcp any any -> $HOME_NET any (msg:"Acme - OLD PATTERN Exploitation Attempt Seen"; flow:established,to_server; content:"pattern"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2018-02-26,capec_id 100,updated_at 2018-02-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target server,cve 2016-8159741,cve 2016-8159741,cvss_v2_temporal 4.2,protocols tcp; rev:1; sid:80182655;) #alert tcp any any -> $HOME_NET any (msg:"Acme - FURIOUS SYNDICATE Exploitation Attempt Seen"; flow:established,to_server; content:"syndicate"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-07-05,capec_id 100,updated_at 2019-07-16,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,cve 2016-6954501,cve 2016-6954501,cvss_v2_temporal 3.7,protocols tcp; rev:1; sid:80182656;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ELECTRICAL PUMA Exploitation Attempt Seen"; flow:established,to_server; content:"puma"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-04-23,capec_id 100,updated_at 2019-04-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,cve 2019-4521641,cve 2019-4521641,cvss_v2_temporal 3.0,protocols tcp; rev:1; sid:80182657;) #alert tcp any any -> $HOME_NET any (msg:"Acme - KNOWN WAD Exploitation Attempt Seen"; flow:established,to_server; content:"wad"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-04-16,capec_id 100,updated_at 2019-04-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target server,cve 2017-6585075,cve 2017-6585075,cvss_v2_temporal 3.0,protocols tcp; rev:1; sid:80182658;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DEAFENING EXCUSE Exploitation Attempt Seen"; flow:established,to_server; content:"excuse"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-08-04,capec_id 100,updated_at 2019-08-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,cve 2019-8136789,cve 2019-8136789,cvss_v2_temporal 2.6,protocols tcp; rev:1; sid:80182659;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LIABLE BULB Exploitation Attempt Seen"; flow:established,to_server; content:"bulb"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2017-05-08,capec_id 100,updated_at 2017-05-23,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target server,cve 2017-9017399,cve 2017-9017399,cvss_v2_temporal 3.5,protocols tcp; rev:1; sid:80182660;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ENTITLED INVENTION Exploitation Attempt Seen"; flow:established,to_server; content:"invention"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2017-01-21,capec_id 100,updated_at 2017-01-23,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target server,cve 2015-9770260,cve 2015-9770260,cvss_v2_temporal 3.4,protocols tcp; rev:1; sid:80182661;) #alert tcp any any -> $HOME_NET any (msg:"Acme - LOUD UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-06-15,capec_id 100,updated_at 2019-06-16,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,cvss_v2_temporal 6.2,protocols tcp; rev:1; sid:80182662;) #alert tcp any any -> $HOME_NET any (msg:"Acme - RATTY FORECAST Traffic Detected"; flow:established,to_server; content:"forecast"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-07-24,capec_id 100,updated_at 2018-07-24,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,cvss_v2_temporal 5.2,protocols tcp; rev:1; sid:80182663;) #alert tcp any any -> $HOME_NET any (msg:"Acme - RELATIVE SPADE Traffic Detected"; flow:established,to_server; content:"spade"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-01-07,capec_id 100,updated_at 2019-01-17,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,cvss_v2_temporal 4.7,protocols tcp; rev:1; sid:80182664;) #alert tcp any any -> $HOME_NET any (msg:"Acme - EMPTY WASHER Traffic Detected"; flow:established,to_server; content:"washer"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-08-20,capec_id 100,updated_at 2018-08-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,cvss_v2_temporal 5.3,protocols tcp; rev:1; sid:80182665;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN TOOL Malware Communication"; flow:established,to_server; content:"tool"; priority:3; metadata:cwe_id 20,malware pre-infection,hostile src_ip,created_at 2018-02-25,updated_at 2018-02-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,cvss_v2_temporal 1.7,protocols tcp; rev:1; sid:80182666;) #alert tcp any any -> $HOME_NET any (msg:"Acme - MARVELLOUS TENSION Traffic Detected"; flow:established,to_server; content:"tension"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-06-14,updated_at 2019-06-23,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target server,cvss_v2_temporal 2.4,protocols tcp; rev:1; sid:80182667;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SPECIFIC SUFFOCATION Traffic Detected"; flow:established,to_server; content:"suffocation"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-08-25,updated_at 2019-08-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target server,cvss_v2_temporal 3.7,protocols tcp; rev:1; sid:80182668;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNCERTAIN CHOWDER Traffic Detected"; flow:established,to_server; content:"chowder"; priority:3; metadata:hostile src_ip,created_at 2018-10-22,updated_at 2018-10-23,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182669;) #alert tcp any any -> $HOME_NET any (msg:"Acme - PSYCHIATRIC SHORE Traffic Detected"; flow:established,to_server; content:"shore"; priority:3; metadata:hostile src_ip,created_at 2019-09-11,updated_at 2019-09-15,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182670;) #alert tcp any any -> $HOME_NET any (msg:"Acme - INTENSIVE KICK Traffic Detected"; flow:established,to_server; content:"kick"; priority:3; metadata:hostile src_ip,created_at 2018-10-25,updated_at 2018-10-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80182671;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIMY MISTAKE Malware Communication"; flow:established,to_server; content:"mistake"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-02-09,updated_at 2018-02-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182672;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SERIES Traffic Detected"; flow:established,to_server; content:"series"; priority:4; metadata:hostile dest_ip,created_at 2017-11-16,capec_id 286,updated_at 2017-11-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80182673;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CUDDLY UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 507,malware malware,created_at 2018-11-09,updated_at 2018-11-26,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182674;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RICH LACQUERWARE Malware Communication"; flow:established, to_server; content:"lacquerware"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-03-12,updated_at 2018-03-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182675;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSIDERABLE FATHER Exploitation Attempt Seen"; flow:established, to_server; content:"father"; priority:3; metadata:cwe_id 704,hostile src_ip,created_at 2017-04-10,updated_at 2017-04-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target server,attack_target http-server,cve 2015-7708953,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80182676;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFUSED PROPERTY Malware Communication"; flow:established,from_server; file_data; content:"property"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-10-07,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182677;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - LESSER PRIORITY Exploitation Attempt Seen"; flow:established, to_client; content:"priority"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2016-04-01,capec_id 255,updated_at 2016-04-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target http-client,attack_target client,cve 2015-7119592,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:1; sid:80182678;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSTANT WORKHORSE Malware Communication"; flow:established, to_server; content:"workhorse"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-01,updated_at 2018-06-02,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182679;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTELLECTUAL ORCUNKNOWN Malware Communication"; flow:established, to_server; content:"orcUNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-01,updated_at 2019-05-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182680;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTELLIGENT UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-05-20,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182681;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TELETYPE Malware Communication"; flow:established,to_server; content:"teletype"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-25,updated_at 2017-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182682;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FREE TRADE Traffic Detected"; flow:established,to_server; content:"trade"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2017-11-22,capec_id 248,updated_at 2017-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80182683;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISITING HEARTHSIDE Malware Communication"; flow:established, to_server; content:"hearthside"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2018-01-09,updated_at 2018-01-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182684;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - METROPOLITAN PUBLICITY Malware Communication"; flow:established,to_server; content:"publicity"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-09,updated_at 2019-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182685;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUR LAB Malware Communication"; flow:established, to_server; content:"lab"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2018-04-20,updated_at 2018-04-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182686;) #alert http any any -> $HOME_NET any (msg:"Acme - INC HOG Exploitation Attempt Seen"; flow:established, to_server; content:"hog"; priority:3; metadata:cwe_id 601,hostile src_ip,created_at 2019-06-25,capec_id 194,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target server,attack_target http-server,cve 2015-5421590,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:3; sid:80182687;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPPOSED UNKNOWNKENDER Malware Communication"; flow:established,to_server; content:"UNKNOWNkender"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-05-01,updated_at 2018-05-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182688;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEAN BLAZER Malware Communication"; flow:established, to_server; content:"blazer"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-26,updated_at 2019-01-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182689;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BULLET Malware Communication"; flow:established, from_server; content:"bullet"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile src_ip,created_at 2019-11-09,updated_at 2019-11-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182690;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAINY SENSITIVE Malware Communication"; flow:established, to_server; content:"sensitive"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-09-20,updated_at 2019-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182691;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONDEMNED XYLOPUNKNOWNE Malware Communication"; flow:established, to_server; content:"xylopUNKNOWNe"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182692;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVE MOUND Malware Communication"; flow:established, to_server; content:"mound"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-04-01,updated_at 2019-04-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182693;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FIERCE CARTOON Malware Communication"; flow:established, to_server; content:"cartoon"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-04-15,updated_at 2019-04-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182694;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERATE CLIP Malware Communication"; flow:established, to_server; content:"clip"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2017-01-12,updated_at 2017-01-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182695;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUTHERN ASTROLOGY Malware Communication"; flow:established, to_server; content:"astrology"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-27,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80182696;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSCIOUS FEN Traffic Detected"; flow:established,to_server; content:"fen"; priority:3; metadata:hostile dest_ip,created_at 2019-01-15,updated_at 2019-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182697;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFIANT OVERFLIGHT Malware Communication"; flow:established, to_server; content:"overflight"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-13,updated_at 2019-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182698;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIZARRE OFFICIAL Malware Communication"; flow:established,to_server; content:"official"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-01,updated_at 2018-03-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182699;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISASTROUS DINER Malware Communication"; flow:established, to_server; content:"diner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-05,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182700;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROTTEN NUT Malware Communication"; flow:established, to_server; content:"nut"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-07,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80182701;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEPARATE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-15,updated_at 2018-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182702;) #drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SUPREME WORK Traffic Detected"; flow:established, to_server; content:"work"; priority:4; metadata:hostile src_ip,created_at 2019-03-04,capec_id 125,updated_at 2019-03-16,filename ddos.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182703;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - MARVELLOUS SPECIFIC Traffic Detected"; flow:established, to_server; content:"specific"; priority:4; metadata:hostile src_ip,created_at 2018-01-01,capec_id 125,updated_at 2018-01-09,filename ddos.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182704;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - TERRIBLE NANOPARTICLE Traffic Detected"; flow:established, to_server; content:"nanoparticle"; priority:4; metadata:hostile src_ip,created_at 2018-07-19,capec_id 125,updated_at 2018-07-24,filename ddos.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182705;) #drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SIMPLE TUSSLE Traffic Detected"; flow:established, to_server; content:"tussle"; priority:4; metadata:hostile src_ip,created_at 2019-05-18,capec_id 125,updated_at 2019-05-23,filename ddos.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182706;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELECTUNKNOWN OUTCOME Malware Communication"; flow:established,to_server; content:"outcome"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-03,updated_at 2017-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182707;) #alert http any any -> $HOME_NET any (msg:"Acme - NATURAL TRAM Exploitation Attempt Seen"; flow:established, to_server; content:"tram"; priority:2; metadata:cwe_id 611,hostile src_ip,created_at 2017-10-23,updated_at 2017-10-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cve 2015-7424410,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80182708;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY HIPPODROME Malware Communication"; flow:established, to_server; content:"hippodrome"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-13,updated_at 2017-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182709;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIGHTENED BLADDER Malware Communication"; flow:established, to_server; content:"bladder"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-10-07,updated_at 2019-10-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182710;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FEUNKNOWN ARGUMENT Malware Communication"; flow:established,to_server; content:"argument"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-20,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182711;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN INSTRUCTION Malware Communication"; flow:established, to_server; content:"instruction"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182712;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DOG Malware Communication"; flow:established,to_server; content:"dog"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-11-04,updated_at 2019-11-09,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182713;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NORMAL UNKNOWNFISH Malware Communication"; flow:established,to_server; content:"UNKNOWNfish"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-25,updated_at 2019-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIENDLY INTERNATIONAL Malware Communication"; flow:established,to_server; content:"international"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-18,updated_at 2019-04-26,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182715;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFUSED UPPER Malware Communication"; flow:established,to_server; content:"upper"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-19,updated_at 2018-11-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182716;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SELECT CRINOLINE Malware Communication"; flow:established,to_server; content:"crinoline"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2018-06-06,updated_at 2018-06-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182717;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - METROPOLITAN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-02-12,capec_id 286,updated_at 2019-02-21,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182718;) alert http any any -> $HOME_NET any (msg:"Acme - JITTERY OCTAGON Exploitation Attempt Seen"; flow:established,to_server; content:"octagon"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-08-20,updated_at 2019-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target server,attack_target http-server,cve 2018-1010067,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80182719;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VERBAL STEP-SISTER Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"step-sister"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-11-08,capec_id 255,updated_at 2019-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target http-client,attack_target client,cve 2019-1497673,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80182720;) #alert tcp any $HTTP_PORTS -> any any (msg:"Acme - ELATED HAVERSACK Traffic Detected"; flow:established, to_client; content:"haversack"; priority:3; metadata:cwe_id 425,hostile dest_ip,created_at 2019-01-25,capec_id 118,updated_at 2019-01-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:1; sid:80182721;) alert tcp any any -> $HOME_NET any (msg:"Acme - GOLDEN HOUSE Exploitation Attempt Seen"; flow:established,to_server; content:"house"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-03-02,capec_id 213,updated_at 2019-03-04,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target server,attack_target http-server,cve 2019-5353774,cvss_v2_temporal 1.2,protocols http,protocols tcp; rev:1; sid:80182722;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIFFERENT PATROL Exploitation Attempt Seen"; flow:established,to_server; content:"patrol"; priority:4; metadata:hostile src_ip,created_at 2016-02-10,updated_at 2016-02-18,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,attack_target http-server,cve 2015-3712552,cve 2015-3712552,cve 2015-3712552,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80182723;) #alert http any any -> $HOME_NET any (msg:"Acme - OLD-FASHIONED LAVA Exploitation Attempt Seen"; flow:established, to_server; content:"lava"; priority:3; metadata:cwe_id 229,hostile src_ip,created_at 2016-03-26,capec_id 118,updated_at 2016-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target server,attack_target http-server,cve 2016-2455234,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80182724;) drop http any any -> any any (msg:"Acme - TALL CENT Traffic Detected"; flow:established, to_server; content:"cent"; priority:2; metadata:cwe_id 827,cwe_id 611,hostile src_ip,created_at 2019-11-17,updated_at 2019-11-25,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:5; sid:80182725;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GUILTY ANTECHAMBER Malware Communication"; flow:established,to_server; content:"antechamber"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-10,updated_at 2019-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182726;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POSITIVE ANKLET Malware Communication"; flow:established, to_server; content:"anklet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-20,updated_at 2019-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182727;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MELTED PEANUT Malware Communication"; flow:established, to_server; content:"peanut"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-15,updated_at 2019-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182728;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOCAL ACTION Malware Communication"; flow:established, to_server; content:"action"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-05-17,updated_at 2019-05-27,filename p2p.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182729;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRICKLY TRAPEZOID Malware Communication"; flow:established, to_server; content:"trapezoid"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182730;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHIVERING CURIO Malware Communication"; flow:established, to_server; content:"curio"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-12,updated_at 2019-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182731;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURPRISING GOLF Malware Communication"; flow:established, to_server; content:"golf"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-09,updated_at 2018-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182732;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FEDERAL FIGURINE Malware Communication"; flow:established, to_server; content:"figurine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-20,updated_at 2018-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182733;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - EARLY BANANA Malware Communication"; flow:established, to_server; flags:PA; content:"banana"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2015-08-09,updated_at 2015-08-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182734;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WEST Malware Communication"; flow:established, to_server; content:"west"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-13,updated_at 2017-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182735;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVIL GRATITUDE Malware Communication"; flow:established, to_server; content:"gratitude"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-09,updated_at 2017-06-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182736;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RETAIL FREIGHTER Malware Communication"; flow:established, to_server; content:"freighter"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-05-19,updated_at 2019-05-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182737;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LINE Malware Communication"; flow:established, to_server; content:"line"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-03-01,updated_at 2019-03-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182738;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOND COUNTRY Malware Communication"; flow:established, to_server; content:"country"; priority:3; metadata:cwe_id 512,malware malware,hostile dest_ip,created_at 2019-03-07,updated_at 2019-03-07,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182739;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALUABLE BEEF Malware Communication"; flow:established, to_server; content:"beef"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-03-08,updated_at 2018-03-11,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182740;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPLICIT BUTTON Malware Communication"; flow:established, to_server; content:"button"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-12,updated_at 2019-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80182741;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VAGUE MUTT Malware Communication"; flow:established,to_server; content:"mutt"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182742;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LARGE-SCALE DOLPHIN Malware Communication"; flow:established, to_server; content:"dolphin"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-07,updated_at 2019-07-22,filename apt.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182743;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMBINED DISPOSER Malware Communication"; flow:established, to_server; content:"disposer"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2018-02-03,updated_at 2018-02-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182744;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNDERGROUND Malware Communication"; flow:established, to_server; content:"underground"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-03,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182745;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABOVE STATION-WAGON Malware Communication"; flow:established, to_server; content:"station-wagon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-27,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182746;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LOYALTY Malware Communication"; flow:established,to_server; content:"loyalty"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182747;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROKEN DRYER Malware Communication"; flow:established,to_server; content:"dryer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-11-10,updated_at 2018-11-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182748;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STEEP HEAVY Malware Communication"; flow:established, to_server; content:"heavy"; priority:1; metadata:cwe_id 203,malware post-infection,created_at 2019-03-23,updated_at 2019-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target http-client,attack_target client,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80182749;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRECIOUS WATERBED Malware Communication"; flow:established, to_server; content:"waterbed"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-08-12,updated_at 2016-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182750;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - LITERARY UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182751;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROSPECTIVE OKRA Malware Communication"; flow:established, to_server; content:"okra"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-24,updated_at 2019-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182752;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AGRICULTURAL MAYBE Malware Communication"; flow:established, to_server; content:"maybe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-17,updated_at 2018-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182753;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIFFICULT CAROTENE Malware Communication"; flow:established,to_server; content:"carotene"; priority:1; metadata:cwe_id 507,malware pre-infection,created_at 2019-01-11,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80182754;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALUABLE MINE Malware Communication"; flow:established, to_server; content:"mine"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2016-03-23,updated_at 2016-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182755;) #alert http any any -> any any (msg:"Acme - DRY FREEZE Traffic Detected"; flow:established, to_server; content:"freeze"; priority:3; metadata:cwe_id 94,hostile dest_ip,created_at 2017-01-26,capec_id 248,updated_at 2017-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80182756;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPROVED FLOOZIE Traffic Detected"; flow:established, to_client; content:"floozie"; priority:2; metadata:hostile src_ip,created_at 2019-11-01,updated_at 2019-11-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182757;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LATE CALCULUS Malware Communication"; flow:established,to_server; content:"calculus"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-13,updated_at 2017-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182758;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHIEF RACE Malware Communication"; flow:established,to_server; content:"race"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-17,updated_at 2018-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182759;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIVACIOUS GOWN Malware Communication"; flow:established,to_server; content:"gown"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-22,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182760;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCITING TUBE Traffic Detected"; flow:established, to_server; content:"tube"; priority:4; metadata:created_at 2019-10-25,capec_id 118,updated_at 2019-10-27,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182761;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SUCCESSFUL TRACHOMA Exploitation Attempt Seen"; flow:established, to_client; content:"trachoma"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2016-08-19,updated_at 2016-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target http-client,attack_target client,cve 2016-7052962,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:1; sid:80182762;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARTIAL OBSERVATORY Malware Communication"; flow:established,to_server; content:"observatory"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-01,updated_at 2017-10-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182763;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIOR UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-19,updated_at 2017-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182764;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNKNOWN FIDDLE Exploitation Attempt Seen"; flow:established, to_server; content:"fiddle"; priority:3; metadata:cwe_id 190,hostile src_ip,created_at 2018-01-12,capec_id 228,updated_at 2018-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,attack_target http-server,cve 2017-8548200,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:1; sid:80182765;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ICY SPEECH Traffic Detected"; flow:established, to_server; content:"speech"; priority:4; metadata:created_at 2018-05-05,capec_id 125,updated_at 2018-05-05,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182766;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVENIENT UNKNOWNEL Malware Communication"; flow:established,to_server; content:"UNKNOWNel"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-05-12,updated_at 2019-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182767;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPREHENSIVE MANTUA Malware Communication"; flow:established, to_server; content:"mantua"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-09,updated_at 2019-06-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80182768;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OCCUPATIONAL FALLING-OUT Malware Communication"; flow:established, to_server; content:"falling-out"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-14,updated_at 2017-05-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80182769;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURIOUS LOAN Traffic Detected"; flow:established, to_server; content:"loan"; priority:4; metadata:cwe_id 203,hostile src_ip,created_at 2017-11-17,capec_id 119,updated_at 2017-11-24,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cvss_v2_temporal 8.3,protocols http,protocols tcp; rev:2; sid:80182770;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FREQUENT MIRROR Traffic Detected"; flow:established, to_server; content:"mirror"; priority:2; metadata:cwe_id 77,hostile src_ip,created_at 2018-03-01,capec_id 248,updated_at 2018-03-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182771;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIXED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-23,updated_at 2018-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182772;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REAL MANSION Malware Communication"; flow:established,to_server; content:"mansion"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2018-05-16,updated_at 2018-05-23,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182773;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMMEDIATE DESTROYER Malware Communication"; flow:established, to_server; content:"destroyer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-15,updated_at 2018-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182774;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - WRONG FURNITURE Traffic Detected"; flow:established,to_server; content:"furniture"; priority:2; metadata:hostile src_ip,created_at 2019-03-27,capec_id 228,updated_at 2019-03-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182775;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - ABSENT TEXT Malware Communication"; flow:established,to_server; content:"text"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-06-22,updated_at 2017-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182776;) alert http any any -> any any (msg:"Acme - HORIZONTAL SPEND Traffic Detected"; flow:established, to_server; content:"spend"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2018-11-23,capec_id 248,updated_at 2018-11-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.1,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80182777;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEARBY POLITICS Malware Communication"; flow:established, to_server; content:"politics"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-19,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182778;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPERIAL PRINCESS Malware Communication"; flow:established, to_server; content:"princess"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-05,updated_at 2018-07-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182779;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SORRY LEAVE Malware Communication"; flow:established, to_server; content:"leave"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-05,updated_at 2019-01-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182780;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REPULSIVE NERVE Malware Communication"; flow:established, to_server; content:"nerve"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-06,updated_at 2018-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182781;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CHOPSTICK Malware Communication"; flow:established,to_server; content:"chopstick"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-14,updated_at 2018-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182782;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY HOSTEL Malware Communication"; flow:established,from_server; content:"hostel"; priority:1; metadata:cwe_id 507,malware malware,hostile src_ip,created_at 2019-11-23,updated_at 2019-11-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182783;) alert tcp any any -> $HOME_NET any (msg:"Acme - TIRED EMERGENCY Traffic Detected"; flow:established, to_server; content:"emergency"; priority:3; metadata:cwe_id 284,hostile src_ip,created_at 2018-02-01,capec_id 248,updated_at 2018-02-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target server,attack_target http-server,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:1; sid:80182784;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISIBLE CARNATION Malware Communication"; flow:established, to_server; content:"carnation"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-21,updated_at 2019-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182785;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NARROW FILE Traffic Detected"; flow:established, to_server; content:"file"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-02-23,capec_id 118,updated_at 2016-02-24,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target server,attack_target http-server,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80182786;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOLLY CONTACT LENS Traffic Detected"; flow:established, to_server; content:"contact"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2015-11-24,capec_id 248,updated_at 2015-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182787;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNUSUAL KIDNEYS Traffic Detected"; flow:established, to_server; content:"kidneys"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-02-24,capec_id 248,updated_at 2019-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182788;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPARKLING PRIZEFIGHT Malware Communication"; flow:established, to_server; content:"prizefight"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-01-01,updated_at 2015-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target http-client,attack_target client,cvss_v2_temporal 8.4,protocols http,protocols tcp; rev:2; sid:80182789;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TIRED EVENING Malware Communication"; flow:established, to_server; content:"evening"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-07,updated_at 2019-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182790;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELEVANT COUNTER-FORCE Malware Communication"; flow:established, to_server; content:"counter-force"; priority:1; metadata:cwe_id 506,malware malware,created_at 2017-07-09,updated_at 2017-07-15,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182791;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DOMESTIC FACT Malware Communication"; flow:established,to_server; content:"fact"; priority:4; metadata:cwe_id 506,malware pre-infection,created_at 2019-05-16,updated_at 2019-05-28,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182792;) alert http any any -> any any (msg:"Acme - INNOCENT FLOUR Exploitation Attempt Seen"; flow:established, to_server; content:"flour"; priority:3; metadata:cwe_id 94,created_at 2018-09-14,capec_id 175,updated_at 2018-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.4,cve 2017-4880086,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80182793;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCLUSIVE SOCIOLOGY Malware Communication"; flow:established, to_server; content:"sociology"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-08-26,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182794;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TOOL Malware Communication"; flow:established, to_server; content:"tool"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-12,updated_at 2016-05-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182795;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GUITAR Malware Communication"; flow:established, to_server; content:"guitar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182796;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURRING HOUR Malware Communication"; flow:established, to_server; content:"hour"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-19,updated_at 2019-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182797;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIVEN CORNER Malware Communication"; flow:established,to_server; content:"corner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-20,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182798;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN MASK Malware Communication"; flow:established,to_server; content:"mask"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-24,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182799;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SLOTH Malware Communication"; flow:established,to_server; content:"sloth"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-20,updated_at 2019-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182800;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABOVE VILLA Malware Communication"; flow:established,to_server; content:"villa"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-22,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182801;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RESPONSIBLE GRAPEFRUIT Malware Communication"; flow:established,to_server; content:"grapefruit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-05,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182802;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CORRECT CAUTION Malware Communication"; flow:established,to_server; content:"caution"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-02,updated_at 2017-06-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182803;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HANDSOME TUTU Malware Communication"; flow:established,to_server; content:"tutu"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-11,updated_at 2017-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182804;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ATTACK Malware Communication"; flow:established,to_server; content:"attack"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-06-27,updated_at 2017-06-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182805;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JUDICIAL SHAKEDOWN Malware Communication"; flow:established, to_server; content:"shakedown"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2015-02-07,updated_at 2015-02-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182806;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFIANT CHIPMUNK Malware Communication"; flow:established, to_server; content:"chipmunk"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-05-07,updated_at 2019-05-12,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182807;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPULSORY BACON Malware Communication"; flow:established, to_server; content:"bacon"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2018-11-22,updated_at 2018-11-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182808;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CIVILIAN ALUMINUM Malware Communication"; flow:established, to_server; content:"aluminum"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-15,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80182809;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HURT CONTEXT Traffic Detected"; flow:established, to_server; content:"context"; priority:4; metadata:created_at 2019-02-27,capec_id 125,updated_at 2019-02-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182810;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOVERNING SCALE Traffic Detected"; flow:established, to_server; content:"scale"; priority:4; metadata:created_at 2015-07-21,capec_id 125,updated_at 2015-07-26,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182811;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURVIVING WHISKER Traffic Detected"; flow:established, to_server; content:"whisker"; priority:4; metadata:created_at 2019-04-27,capec_id 125,updated_at 2019-04-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182812;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ESTIMATED STRIP Traffic Detected"; flow:established, to_server; content:"strip"; priority:4; metadata:created_at 2016-02-14,capec_id 125,updated_at 2016-02-19,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182813;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PANICKY UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:created_at 2018-01-21,capec_id 125,updated_at 2018-01-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182814;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBLIGED CANNON Traffic Detected"; flow:established, to_server; content:"cannon"; priority:4; metadata:created_at 2017-06-19,capec_id 125,updated_at 2017-06-20,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182815;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:created_at 2017-03-05,capec_id 125,updated_at 2017-03-18,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182816;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPARE VISION Traffic Detected"; flow:established, to_server; content:"vision"; priority:4; metadata:created_at 2018-04-25,capec_id 125,updated_at 2018-04-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182817;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ANTEATER Traffic Detected"; flow:established, to_server; content:"anteater"; priority:4; metadata:created_at 2017-06-08,capec_id 125,updated_at 2017-06-13,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182818;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DEAR Traffic Detected"; flow:established, to_server; content:"dear"; priority:4; metadata:created_at 2019-05-22,capec_id 125,updated_at 2019-05-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182819;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUICK MAP Traffic Detected"; flow:established, to_server; content:"map"; priority:4; metadata:created_at 2018-10-19,capec_id 125,updated_at 2018-10-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182820;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHOCKED YIN Traffic Detected"; flow:established, to_server; content:"yin"; priority:4; metadata:created_at 2018-03-22,capec_id 125,updated_at 2018-03-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182821;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WOODEN BRANCH Traffic Detected"; flow:established, to_server; content:"branch"; priority:4; metadata:created_at 2017-04-19,capec_id 125,updated_at 2017-04-23,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182822;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD-FASHIONED BAGGAGE Traffic Detected"; flow:established, to_server; content:"baggage"; priority:4; metadata:created_at 2019-11-11,capec_id 125,updated_at 2019-11-16,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182823;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCARED MOUTH Traffic Detected"; flow:established, to_server; content:"mouth"; priority:4; metadata:created_at 2018-05-27,capec_id 125,updated_at 2018-05-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182824;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HARSH DISASTER Traffic Detected"; flow:established, to_server; content:"disaster"; priority:4; metadata:created_at 2016-08-04,capec_id 125,updated_at 2016-08-10,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182825;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL STENCIL Traffic Detected"; flow:established, to_server; content:"stencil"; priority:4; metadata:created_at 2018-02-06,capec_id 125,updated_at 2018-02-18,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182826;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WOODEN STOOL Traffic Detected"; flow:established, to_server; content:"stool"; priority:4; metadata:created_at 2019-04-01,capec_id 125,updated_at 2019-04-03,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182827;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MODEST COURSE Traffic Detected"; flow:established, to_server; content:"course"; priority:4; metadata:created_at 2018-09-08,capec_id 125,updated_at 2018-09-10,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182828;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POSITIVE SUBJECT Traffic Detected"; flow:established, to_server; content:"subject"; priority:4; metadata:created_at 2019-10-04,capec_id 125,updated_at 2019-10-12,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182829;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RISING SHOFAR Traffic Detected"; flow:established, to_server; content:"shofar"; priority:4; metadata:created_at 2018-02-18,capec_id 125,updated_at 2018-02-19,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182830;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRYING EMPLOYMENT Traffic Detected"; flow:established, to_server; content:"employment"; priority:4; metadata:created_at 2019-06-10,capec_id 125,updated_at 2019-06-11,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182831;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASCINATING CORK Traffic Detected"; flow:established, to_server; content:"cork"; priority:4; metadata:created_at 2019-04-04,capec_id 125,updated_at 2019-04-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182832;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY CALCULATION Traffic Detected"; flow:established, to_server; content:"calculation"; priority:4; metadata:created_at 2018-11-10,capec_id 125,updated_at 2018-11-14,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182833;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCERTAIN ATTACHMENT Traffic Detected"; flow:established, to_server; content:"attachment"; priority:4; metadata:created_at 2019-01-26,capec_id 125,updated_at 2019-01-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182834;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUALIFIED SPELLING Traffic Detected"; flow:established, to_server; content:"spelling"; priority:4; metadata:created_at 2018-02-19,capec_id 125,updated_at 2018-02-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182835;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIERCE EVALUATOR Traffic Detected"; flow:established, to_server; content:"evaluator"; priority:4; metadata:created_at 2019-04-18,capec_id 125,updated_at 2019-04-23,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182836;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMBARRASSED AARDVARK Traffic Detected"; flow:established, to_server; content:"aardvark"; priority:4; metadata:created_at 2016-02-14,capec_id 125,updated_at 2016-02-15,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182837;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURVED ENVIRONMENT Traffic Detected"; flow:established, to_server; content:"environment"; priority:4; metadata:created_at 2015-07-16,capec_id 125,updated_at 2015-07-18,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182838;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTINCT RANCH Traffic Detected"; flow:established, to_server; content:"ranch"; priority:4; metadata:created_at 2019-04-13,capec_id 125,updated_at 2019-04-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182839;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERSISTENT BARITONE Traffic Detected"; flow:established, to_server; content:"baritone"; priority:4; metadata:created_at 2019-09-08,capec_id 125,updated_at 2019-09-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182840;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FLUTTERING APPOINTMENT Traffic Detected"; flow:established, to_server; content:"appointment"; priority:4; metadata:created_at 2017-07-13,capec_id 125,updated_at 2017-07-26,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182841;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCERNED MONEY Traffic Detected"; flow:established, to_server; content:"money"; priority:4; metadata:created_at 2017-11-05,capec_id 125,updated_at 2017-11-18,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182842;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENETIC BATTLESHIP Traffic Detected"; flow:established, to_server; content:"battleship"; priority:4; metadata:created_at 2016-03-21,capec_id 125,updated_at 2016-03-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182843;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLEASANT WRITER Traffic Detected"; flow:established, to_server; content:"writer"; priority:4; metadata:created_at 2019-01-22,capec_id 125,updated_at 2019-01-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182844;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TENEMENT Traffic Detected"; flow:established, to_server; content:"tenement"; priority:4; metadata:created_at 2018-02-11,capec_id 125,updated_at 2018-02-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182845;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLUE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:created_at 2019-02-05,capec_id 125,updated_at 2019-02-16,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182846;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNDERLYING HUNGER Traffic Detected"; flow:established, to_server; content:"hunger"; priority:4; metadata:created_at 2018-07-20,capec_id 125,updated_at 2018-07-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182847;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMMERCIAL GLAND Traffic Detected"; flow:established, to_server; content:"gland"; priority:4; metadata:created_at 2019-11-18,capec_id 125,updated_at 2019-11-19,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182848;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY DEFENSE Traffic Detected"; flow:established, to_server; content:"defense"; priority:4; metadata:created_at 2019-02-23,capec_id 125,updated_at 2019-02-26,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182849;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAMMOTH ESSAY Traffic Detected"; flow:established, to_server; content:"essay"; priority:4; metadata:created_at 2017-01-15,capec_id 125,updated_at 2017-01-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182850;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISLEADING DORY Traffic Detected"; flow:established, to_server; content:"dory"; priority:4; metadata:created_at 2018-09-10,capec_id 125,updated_at 2018-09-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182851;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GROSS JUICE Traffic Detected"; flow:established, to_server; content:"juice"; priority:4; metadata:created_at 2018-11-17,capec_id 125,updated_at 2018-11-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182852;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MODEST SEASIDE Traffic Detected"; flow:established, to_server; content:"seaside"; priority:4; metadata:created_at 2019-10-10,capec_id 125,updated_at 2019-10-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182853;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSISTENT SECRET Traffic Detected"; flow:established, to_server; content:"secret"; priority:4; metadata:created_at 2019-10-12,capec_id 125,updated_at 2019-10-18,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182854;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DYNAMIC GASOLINE Traffic Detected"; flow:established, to_server; content:"gasoline"; priority:4; metadata:created_at 2018-09-07,capec_id 125,updated_at 2018-09-19,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182855;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HORIZONTAL WARLOCK Traffic Detected"; flow:established, to_server; content:"warlock"; priority:4; metadata:created_at 2017-03-22,capec_id 125,updated_at 2017-03-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182856;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEARBY SOCIETY Traffic Detected"; flow:established, to_server; content:"society"; priority:4; metadata:created_at 2015-10-11,capec_id 125,updated_at 2015-10-11,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182857;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALIVE DIVIDE Traffic Detected"; flow:established, to_server; content:"divide"; priority:4; metadata:created_at 2019-08-09,capec_id 125,updated_at 2019-08-21,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182858;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSIDE PSYCHIATRIST Traffic Detected"; flow:established, to_server; content:"psychiatrist"; priority:4; metadata:created_at 2016-02-06,capec_id 125,updated_at 2016-02-13,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182859;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TECHNICAL BOTTLE Traffic Detected"; flow:established, to_server; content:"bottle"; priority:4; metadata:created_at 2019-07-21,capec_id 125,updated_at 2019-07-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182860;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTINGUISHED KNIFE-EDGE Traffic Detected"; flow:established, to_server; content:"knife-edge"; priority:4; metadata:created_at 2018-03-11,capec_id 125,updated_at 2018-03-22,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182861;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROPOSED FINDING Traffic Detected"; flow:established, to_server; content:"finding"; priority:4; metadata:created_at 2019-06-13,capec_id 125,updated_at 2019-06-19,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182862;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CHAOS Traffic Detected"; flow:established, to_server; content:"chaos"; priority:4; metadata:created_at 2019-11-19,capec_id 125,updated_at 2019-11-20,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182863;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RURAL CREAM Traffic Detected"; flow:established, to_server; content:"cream"; priority:4; metadata:created_at 2018-05-04,capec_id 125,updated_at 2018-05-12,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182864;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN METEOROLOGY Traffic Detected"; flow:established, to_server; content:"meteorology"; priority:4; metadata:created_at 2019-04-19,capec_id 125,updated_at 2019-04-21,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182865;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FAME Traffic Detected"; flow:established, to_server; content:"fame"; priority:4; metadata:created_at 2016-08-11,capec_id 125,updated_at 2016-08-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182866;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FISCAL EQUINOX Traffic Detected"; flow:established, to_server; content:"equinox"; priority:4; metadata:created_at 2019-02-18,capec_id 125,updated_at 2019-02-20,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182867;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED TIN Traffic Detected"; flow:established, to_server; content:"tin"; priority:4; metadata:created_at 2018-08-07,capec_id 125,updated_at 2018-08-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182868;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL COMMITTEE Malware Communication"; flow:established,to_server; content:"committee"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-13,updated_at 2019-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182869;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRIGHT PIN Traffic Detected"; flow:established, to_server; content:"pin"; priority:4; metadata:created_at 2018-11-07,capec_id 125,updated_at 2018-11-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182870;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TYPICAL BOG Traffic Detected"; flow:established, to_server; content:"bog"; priority:4; metadata:created_at 2017-01-08,capec_id 125,updated_at 2017-01-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182871;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEDICAL HAT Traffic Detected"; flow:established, to_server; content:"hat"; priority:4; metadata:created_at 2016-10-24,capec_id 125,updated_at 2016-10-26,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182872;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL ELEMENT Traffic Detected"; flow:established, to_server; content:"element"; priority:4; metadata:created_at 2017-11-01,capec_id 125,updated_at 2017-11-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182873;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSTITUTIONAL COUNTESS Traffic Detected"; flow:established, to_server; content:"countess"; priority:4; metadata:created_at 2019-10-04,capec_id 125,updated_at 2019-10-15,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182874;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RATIONAL FEW Traffic Detected"; flow:established, to_server; content:"few"; priority:4; metadata:created_at 2018-04-22,capec_id 125,updated_at 2018-04-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182875;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTENSIVE DEFORMATION Traffic Detected"; flow:established, to_server; content:"deformation"; priority:4; metadata:created_at 2019-03-27,capec_id 125,updated_at 2019-03-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182876;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARLIAMENTARY PAYMENT Traffic Detected"; flow:established, to_server; content:"payment"; priority:4; metadata:created_at 2018-06-16,capec_id 125,updated_at 2018-06-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182877;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SQUATTER Traffic Detected"; flow:established, to_server; content:"squatter"; priority:4; metadata:created_at 2018-07-20,capec_id 125,updated_at 2018-07-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182878;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SORRY INSTUNKNOWNENTALIST Traffic Detected"; flow:established, to_server; content:"instUNKNOWNentalist"; priority:4; metadata:created_at 2018-06-01,capec_id 125,updated_at 2018-06-09,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182879;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINENTAL RAINSTORM Traffic Detected"; flow:established, to_server; content:"rainstorm"; priority:4; metadata:created_at 2017-01-05,capec_id 125,updated_at 2017-01-11,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182880;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEAN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:created_at 2018-02-21,capec_id 125,updated_at 2018-02-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182881;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOVEL BATTING Traffic Detected"; flow:established, to_server; content:"batting"; priority:4; metadata:created_at 2019-04-08,capec_id 125,updated_at 2019-04-19,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182882;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCURATE OCTET Traffic Detected"; flow:established, to_server; content:"octet"; priority:4; metadata:created_at 2019-07-25,capec_id 125,updated_at 2019-07-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182883;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WAVE Traffic Detected"; flow:established, to_server; content:"wave"; priority:4; metadata:created_at 2019-02-12,capec_id 125,updated_at 2019-02-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182884;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONELY PINAFORE Traffic Detected"; flow:established, to_server; content:"pinafore"; priority:4; metadata:created_at 2016-08-25,capec_id 125,updated_at 2016-08-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182885;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FROZEN WORM Traffic Detected"; flow:established, to_server; content:"worm"; priority:4; metadata:created_at 2019-03-20,capec_id 125,updated_at 2019-03-23,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182886;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ITCHY PASSIVE Traffic Detected"; flow:established, to_server; content:"passive"; priority:4; metadata:created_at 2019-02-22,capec_id 125,updated_at 2019-02-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182887;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED ORCUNKNOWN Traffic Detected"; flow:established, to_server; content:"orcUNKNOWN"; priority:4; metadata:created_at 2017-11-20,capec_id 125,updated_at 2017-11-20,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182888;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FLUTTERING APPENDIX Traffic Detected"; flow:established, to_server; content:"appendix"; priority:4; metadata:created_at 2019-02-13,capec_id 125,updated_at 2019-02-15,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182889;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MANAGER Traffic Detected"; flow:established, to_server; content:"manager"; priority:4; metadata:created_at 2017-06-15,capec_id 125,updated_at 2017-06-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182890;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEAN GRANDDAUGHTER Traffic Detected"; flow:established, to_server; content:"granddaughter"; priority:4; metadata:created_at 2018-11-02,capec_id 125,updated_at 2018-11-04,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182891;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SHOVEL Traffic Detected"; flow:established, to_server; content:"shovel"; priority:4; metadata:created_at 2019-05-12,capec_id 125,updated_at 2019-05-22,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182892;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRY SEARCH Traffic Detected"; flow:established, to_server; content:"search"; priority:4; metadata:created_at 2019-08-06,capec_id 125,updated_at 2019-08-15,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182893;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BAIT Traffic Detected"; flow:established, to_server; content:"bait"; priority:4; metadata:created_at 2019-06-14,capec_id 125,updated_at 2019-06-16,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182894;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHILLY STILL Traffic Detected"; flow:established, to_server; content:"still"; priority:4; metadata:created_at 2019-06-04,capec_id 125,updated_at 2019-06-27,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182895;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMART ANALOGUE Traffic Detected"; flow:established, to_server; content:"analogue"; priority:4; metadata:created_at 2019-11-05,capec_id 125,updated_at 2019-11-16,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182896;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL METEOR Traffic Detected"; flow:established, to_server; content:"meteor"; priority:4; metadata:created_at 2018-06-17,capec_id 125,updated_at 2018-06-21,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182897;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINEAR ELECTION Traffic Detected"; flow:established, to_server; content:"election"; priority:4; metadata:created_at 2019-07-02,capec_id 125,updated_at 2019-07-26,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182898;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WORKBENCH Traffic Detected"; flow:established, to_server; content:"workbench"; priority:4; metadata:created_at 2019-01-20,capec_id 125,updated_at 2019-01-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182899;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNACCEPTABLE TURTLE Traffic Detected"; flow:established, to_server; content:"turtle"; priority:4; metadata:created_at 2017-06-01,capec_id 125,updated_at 2017-06-22,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182900;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HILARIOUS PRODUCER Traffic Detected"; flow:established, to_server; content:"producer"; priority:4; metadata:created_at 2018-07-22,capec_id 125,updated_at 2018-07-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182901;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN RAINSTORM Traffic Detected"; flow:established, to_server; content:"rainstorm"; priority:4; metadata:created_at 2018-08-26,capec_id 125,updated_at 2018-08-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182902;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DECADE Traffic Detected"; flow:established, to_server; content:"decade"; priority:4; metadata:created_at 2017-11-16,capec_id 125,updated_at 2017-11-23,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182903;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LITTLE ORCHID Traffic Detected"; flow:established, to_server; content:"orchid"; priority:4; metadata:created_at 2019-11-23,capec_id 125,updated_at 2019-11-23,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182904;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN AUDITORIUM Traffic Detected"; flow:established, to_server; content:"auditorium"; priority:4; metadata:created_at 2016-06-18,capec_id 125,updated_at 2016-06-19,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182905;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OK STRANGER Traffic Detected"; flow:established, to_server; content:"stranger"; priority:4; metadata:created_at 2017-03-05,capec_id 125,updated_at 2017-03-21,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182906;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TABLETOP Traffic Detected"; flow:established, to_server; content:"tabletop"; priority:4; metadata:created_at 2019-10-16,capec_id 125,updated_at 2019-10-24,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182907;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TEACHING Traffic Detected"; flow:established, to_server; content:"teaching"; priority:4; metadata:created_at 2017-04-11,capec_id 125,updated_at 2017-04-18,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182908;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPERIMENTAL BOWL Traffic Detected"; flow:established, to_server; content:"bowl"; priority:4; metadata:created_at 2019-07-19,capec_id 125,updated_at 2019-07-23,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182909;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOICELESS ADDITION Traffic Detected"; flow:established, to_server; content:"addition"; priority:4; metadata:created_at 2019-09-22,capec_id 125,updated_at 2019-09-22,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182910;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPLICIT KNIFE Traffic Detected"; flow:established, to_server; content:"knife"; priority:4; metadata:created_at 2019-02-08,capec_id 125,updated_at 2019-02-17,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182911;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN VEGETATION Traffic Detected"; flow:established, to_server; content:"vegetation"; priority:4; metadata:created_at 2019-11-18,capec_id 125,updated_at 2019-11-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182912;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNNECESSARY PREFERENCE Traffic Detected"; flow:established, to_server; content:"preference"; priority:4; metadata:created_at 2019-06-17,capec_id 125,updated_at 2019-06-18,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182913;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SECRET CODON Traffic Detected"; flow:established, to_server; content:"codon"; priority:4; metadata:created_at 2018-04-18,capec_id 125,updated_at 2018-04-28,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182914;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRESENT E-BOOK Traffic Detected"; flow:established, to_server; content:"e-book"; priority:4; metadata:created_at 2017-10-10,capec_id 125,updated_at 2017-10-22,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182915;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEMANTIC OFFICIAL Traffic Detected"; flow:established, to_server; content:"official"; priority:4; metadata:created_at 2019-11-14,capec_id 125,updated_at 2019-11-25,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80182916;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLD SKY Malware Communication"; flow:established,to_server; content:"sky"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2019-08-20,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182917;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINOR FRAUDSTER Malware Communication"; flow:established,to_server; content:"fraudster"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2018-03-06,updated_at 2018-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182918;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LARGE OBSERVATION Malware Communication"; flow:established,to_server; content:"observation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-23,updated_at 2019-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182919;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - IDEAL OLIVE Exploitation Attempt Seen"; flow:established,to_client; content:"olive"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-05-16,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cve 2019-4082437,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:1; sid:80182920;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN TRAILER Exploitation Attempt Seen"; flow:established, to_client; content:"trailer"; priority:4; metadata:cwe_id 416,hostile src_ip,created_at 2016-09-03,updated_at 2016-09-09,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target http-client,attack_target client,cve 2015-8660270,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80182921;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEALTHY UNKNOWNESTY Traffic Detected"; flow:established, to_server; content:"UNKNOWNesty"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2016-04-24,capec_id 248,updated_at 2016-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182922;) alert tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN TOP-HAT Traffic Detected"; flow:established, to_client; content:"top-hat"; priority:3; metadata:cwe_id 798,hostile src_ip,created_at 2018-02-02,updated_at 2018-02-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cvss_v2_temporal 5.0,protocols tcp; rev:2; sid:80182923;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SOCKS Malware Communication"; flow:established,to_server; content:"socks"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-27,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182924;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURPLE YAM Malware Communication"; flow:established,to_client; content:"yam"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-10-25,updated_at 2018-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182925;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - FEW BARBER Traffic Detected"; flow:established,to_server; content:"barber"; priority:4; metadata:cwe_id 657,hostile src_ip,created_at 2019-10-05,updated_at 2019-10-06,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80182926;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOOSE LOBOUNKNOWNY Malware Communication"; flow:established, to_server; content:"loboUNKNOWNy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-22,updated_at 2018-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182927;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELEVANT BEEF Malware Communication"; flow:established, to_server; content:"beef"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-19,updated_at 2019-04-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182928;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECIFIED LANDFORM Malware Communication"; flow:established, to_server; content:"landform"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-12,updated_at 2016-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182929;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIG GARB Malware Communication"; flow:established, to_server; content:"garb"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-09-17,updated_at 2016-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182930;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISGUSTED BOAR Malware Communication"; flow:established, to_server; content:"boar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-11,updated_at 2017-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182931;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DREADFUL RATIO Traffic Detected"; flow:established,to_server; content:"ratio"; priority:1; metadata:hostile dest_ip,created_at 2016-10-22,updated_at 2016-10-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182932;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - APPALLING SENIOR Exploitation Attempt Seen"; flow:established,to_server; content:"senior"; priority:2; metadata:cwe_id 98,hostile src_ip,created_at 2019-06-12,updated_at 2019-06-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,attack_target http-server,cve 2018-1080933,cvss_v2_temporal 7.7,protocols http,protocols tcp; rev:2; sid:80182933;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FIRM COMB Malware Communication"; flow:established, to_server; content:"comb"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2017-10-22,updated_at 2017-10-25,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182934;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNIVERSAL CARTLOAD Malware Communication"; flow:established, to_server; content:"cartload"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-24,updated_at 2017-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182935;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNNY PAW Malware Communication"; flow:established, to_server; content:"paw"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-22,updated_at 2018-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182936;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWKWARD ACTOR Malware Communication"; flow:established, to_server; content:"actor"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-07,updated_at 2019-09-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182937;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORDINARY STYLE Malware Communication"; flow:established, to_server; content:"style"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-06,updated_at 2019-03-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182938;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMALL DOWNTOWN Malware Communication"; flow:established, to_server; content:"downtown"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-24,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182939;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECTACULAR STAIRCASE Malware Communication"; flow:established, to_server; content:"staircase"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-26,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182940;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EARLY UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-25,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182941;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TAN JUNKER Exploitation Attempt Seen"; flow:established, to_client; content:"junker"; priority:3; metadata:cwe_id 611,hostile src_ip,created_at 2019-04-21,capec_id 116,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target http-client,attack_target client,cve 2019-9186071,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:2; sid:80182942;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN THAW Exploitation Attempt Seen"; flow:established, to_server; content:"thaw"; priority:3; metadata:cwe_id 400,hostile src_ip,created_at 2019-05-20,capec_id 130,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2019-9367951,cvss_v2_temporal 1.9,protocols http,protocols tcp; rev:2; sid:80182943;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COURAGEOUS TELETYPE Exploitation Attempt Seen"; flow:established, to_server; content:"teletype"; priority:3; metadata:hostile src_ip,created_at 2017-06-20,capec_id 225,updated_at 2017-06-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-4736213,protocols http,protocols tcp; rev:2; sid:80182944;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NERVOUS SOFA Malware Communication"; flow:established, to_server; content:"sofa"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-01-05,updated_at 2016-01-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182945;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MOTIONLESS COMBINE Traffic Detected"; flow:established,to_client; content:"combine"; priority:2; metadata:cwe_id 507,hostile src_ip,created_at 2019-09-15,updated_at 2019-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182946;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN STREAM Malware Communication"; flow:established, to_server; content:"stream"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-11-27,updated_at 2018-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-7276931,cve 2015-7276931,cve 2015-7276931,cve 2015-7276931,cve 2015-7276931,cve 2015-7276931,cve 2015-7276931,protocols http,protocols tcp; rev:2; sid:80182947;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NORMAL WATERSPOUT Malware Communication"; flow:established, to_server; content:"waterspout"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-08-18,updated_at 2017-08-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182948;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SAFE COWBELL Malware Communication"; flow:established, to_server; content:"cowbell"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-02-21,updated_at 2018-02-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-3854818,cve 2018-3854818,cve 2018-3854818,cve 2018-3854818,cve 2018-3854818,cve 2018-3854818,cve 2018-3854818,protocols http,protocols tcp; rev:2; sid:80182949;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELECTRONIC LEATHER Malware Communication"; flow:established,to_server; content:"leather"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2018-05-20,updated_at 2018-05-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182950;) alert tcp any any -> $HOME_NET any (msg:"Acme - CHRONIC KEEP Traffic Detected"; flow:established,to_server; content:"keep"; priority:3; metadata:cwe_id 425,hostile src_ip,created_at 2019-04-18,updated_at 2019-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cvss_v2_temporal 8.5,protocols http,protocols tcp; rev:1; sid:80182951;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPLICABLE OATMEAL Malware Communication"; flow:established,to_server; content:"oatmeal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-02,updated_at 2019-07-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182952;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONCEPTUAL COMPANY Malware Communication"; flow:established,to_server; content:"company"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2018-11-02,updated_at 2018-11-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182953;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STORMY UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-15,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182954;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PAINFUL BABY Malware Communication"; flow:established, to_server; content:"baby"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-19,updated_at 2017-09-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182955;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANCIENT PETAL Malware Communication"; flow:established, to_server; content:"petal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-11,updated_at 2019-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182956;) #drop tcp any any -> $HOME_NET any (msg:"Acme - DEAFENING UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 77,hostile src_ip,created_at 2015-01-03,capec_id 248,updated_at 2015-01-06,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target server,attack_target smtp-server,cvss_v2_temporal 3.1,protocols smtp,protocols tcp; rev:1; sid:80182957;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NATIONAL BRUSHFIRE Exploitation Attempt Seen"; flow:established, to_server; content:"brushfire"; priority:3; metadata:hostile dest_ip,created_at 2018-06-27,updated_at 2018-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-8664221,protocols http,protocols tcp; rev:2; sid:80182958;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEIRD APPARATUS Traffic Detected"; flow:established,to_client; content:"apparatus"; priority:2; metadata:hostile src_ip,created_at 2016-09-08,updated_at 2016-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182959;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-22,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182960;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXISTING FAUCET Malware Communication"; flow:established, to_server; content:"faucet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182961;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OPHTHALMOLOGIST Traffic Detected"; flow:established, to_server; content:"ophthalmologist"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-01-07,capec_id 286,updated_at 2017-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182962;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HOMELY BAG Malware Communication"; flow:established, to_client; content:"bag"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-08-16,updated_at 2016-08-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182963;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIMUM PICKLE Malware Communication"; flow:established,to_server; content:"pickle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-27,updated_at 2017-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182964;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TEACH Malware Communication"; flow:established,to_server; content:"teach"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-07,updated_at 2019-10-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182965;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INSUFFICIENT SWITCH Malware Communication"; flow:established,to_server; content:"switch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-20,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182966;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAJOR STRAIT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"strait"; priority:2; metadata:cwe_id 73,cwe_id 618,hostile src_ip,created_at 2019-04-07,capec_id 253,updated_at 2019-04-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2015-1235565,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80182967;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANXIOUS GRAPE Malware Communication"; flow:established,to_server; content:"grape"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2017-05-21,updated_at 2017-05-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182968;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBTLE TASK Malware Communication"; flow:established,to_server; content:"task"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-09-06,updated_at 2016-09-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182969;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NORMAL INSTUNKNOWNENTALIST Malware Communication"; flow:established, to_server; content:"instUNKNOWNentalist"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-18,updated_at 2018-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182970;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMBARRASSED ZEBRA Exploitation Attempt Seen"; flow:established, to_server; content:"zebra"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2017-11-07,capec_id 248,updated_at 2017-11-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target server,attack_target http-server,cve 2017-2432787,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80182971;) #drop http any any -> $HOME_NET any (msg:"Acme - QUICKEST OVEREXERTION Traffic Detected"; flow:established, to_server; content:"overexertion"; priority:2; metadata:hostile src_ip,created_at 2015-08-25,capec_id 253,updated_at 2015-08-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80182972;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREAT WALNUT Exploitation Attempt Seen"; flow:established, to_server; content:"walnut"; priority:3; metadata:hostile src_ip,created_at 2019-08-01,capec_id 248,updated_at 2019-08-06,filename email.rules,priority low,rule_source acme-rule-factory,cve 2019-3587237,protocols smtp,protocols tcp; rev:1; sid:80182973;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRIEVING UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-20,updated_at 2019-04-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182974;) alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN RANDOMISATION Exploitation Attempt Seen"; flow:established, to_server; content:"randomisation"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-06-01,capec_id 63,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cve 2017-1636505,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80182975;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTEGRAL UNKNOWNSE Malware Communication"; flow:established, to_server; content:"UNKNOWNse"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-08-20,updated_at 2018-08-26,filename spyware.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182976;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BERET Traffic Detected"; flow:established, to_server; content:"beret"; priority:4; metadata:hostile src_ip,created_at 2017-10-04,capec_id 118,updated_at 2017-10-12,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80182977;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WITTY STEW Malware Communication"; flow:established, to_server; content:"stew"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-24,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182978;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECIFIED INDEPENDENCE Malware Communication"; flow:established, to_server; content:"independence"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-20,updated_at 2018-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80182979;) #alert http any any -> $HOME_NET any (msg:"Acme - PINK BATH Exploitation Attempt Seen"; flow:established,to_server; content:"bath"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2017-03-15,capec_id 63,updated_at 2017-03-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cve 2015-3519423,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:2; sid:80182980;) #alert http any any -> $HOME_NET any (msg:"Acme - OUTER MAGAZINE Exploitation Attempt Seen"; flow:established,to_server; content:"magazine"; priority:2; metadata:cwe_id 79,hostile src_ip,created_at 2019-06-15,capec_id 63,updated_at 2019-06-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target server,attack_target http-server,cve 2018-8496757,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80182981;) #alert http any any -> $HOME_NET any (msg:"Acme - QUAINT INVESTMENT Exploitation Attempt Seen"; flow:established,to_server; content:"investment"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-10-06,capec_id 63,updated_at 2019-10-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target server,attack_target http-server,cve 2019-909232,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:2; sid:80182982;) #alert http any any -> $HOME_NET any (msg:"Acme - DISASTROUS CALF Exploitation Attempt Seen"; flow:established,to_server; content:"calf"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2017-04-03,capec_id 63,updated_at 2017-04-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target server,attack_target http-server,cve 2016-7807207,cvss_v2_temporal 2.0,protocols http,protocols tcp; rev:2; sid:80182983;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN CANON Exploitation Attempt Seen"; flow:established,to_server; content:"canon"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-11-14,capec_id 63,updated_at 2019-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target server,attack_target http-server,cve 2019-4782078,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80182984;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCURATE MEZZANINE Malware Communication"; flow:established,to_server; content:"mezzanine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-07-18,updated_at 2016-07-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182985;) drop http any any -> $HOME_NET any (msg:"Acme - UNIVERSAL POMPOM Exploitation Attempt Seen"; flow:established, to_server; content:"pompom"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-06-03,capec_id 248,updated_at 2018-06-04,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,attack_target http-server,cve 2018-675931,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80182986;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNIQUE MATCH Malware Communication"; flow:established,to_server; content:"match"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-01,updated_at 2018-07-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80182987;) #alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISAPPOINTED CRASH Exploitation Attempt Seen"; flow:established,to_server; content:"crash"; priority:4; metadata:cwe_id 119,hostile src_ip,created_at 2019-01-05,updated_at 2019-01-18,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target smtp-server,cve 2017-3908631,cvss_v2_temporal 4.4,protocols smtp,protocols tcp; rev:3; sid:80182988;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STEADY WEIRD Malware Communication"; flow:established, to_server; content:"weird"; priority:3; metadata:cwe_id 512,malware download-attempt,created_at 2018-09-25,updated_at 2018-09-28,filename spyware.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80182989;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - INDEPENDENT DOWNFORCE Malware Communication"; flow:established, to_client; content:"downforce"; priority:3; metadata:cwe_id 512,malware download-attempt,hostile src_ip,created_at 2017-06-09,updated_at 2017-06-23,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182990;) #alert http any any -> $HOME_NET any (msg:"Acme - TALL KIMONO Exploitation Attempt Seen"; flow:established,to_server; content:"kimono"; priority:3; metadata:cwe_id 174,hostile src_ip,created_at 2019-08-01,capec_id 253,updated_at 2019-08-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,attack_target http-server,cve 2018-3115096,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80182991;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENTHUSIASTIC FACTOR Malware Communication"; flow:established,to_client; content:"factor"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-08-07,updated_at 2019-08-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182992;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL ALMANAC Malware Communication"; flow:established, to_server; content:"almanac"; priority:1; metadata:cwe_id 120,malware post-infection,hostile dest_ip,created_at 2016-05-09,updated_at 2016-05-17,filename acme.rules,priority high,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2016-915477,cvss_v2_temporal 7.8,protocols http,protocols tcp; rev:2; sid:80182993;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENSIVE RELIABILITY Malware Communication"; flow:established, to_server; content:"reliability"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-02-15,updated_at 2018-02-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-7854346,cve 2015-7854346,cve 2015-7854346,cve 2015-7854346,cve 2015-7854346,cve 2015-7854346,cve 2015-7854346,protocols http,protocols tcp; rev:2; sid:80182994;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURPRISED MANGROVE Malware Communication"; flow:established, to_server; content:"mangrove"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-03,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80182995;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - FRIENDLY CASSEROLE Exploitation Attempt Seen"; flow:established,to_client; content:"casserole"; priority:3; metadata:cwe_id 190,hostile src_ip,created_at 2019-03-13,updated_at 2019-03-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cve 2019-6184215,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:1; sid:80182996;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - IMPRESSED PLATFORM Malware Communication"; flow:established, to_client; content:"platform"; priority:3; metadata:cwe_id 512,malware download-attempt,hostile src_ip,created_at 2016-10-08,updated_at 2016-10-08,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182997;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LENGTHY DWARF Malware Communication"; flow:established, to_client; file_data; content:"dwarf"; priority:2; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2017-06-15,updated_at 2017-06-21,filename spyware.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182998;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANCY FOOT Malware Communication"; flow:established, to_client; file_data; content:"foot"; priority:2; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-06-18,updated_at 2019-06-26,filename spyware.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80182999;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GOVERNING CASSEROLE Malware Communication"; flow:established; content:"casserole"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2015-03-17,updated_at 2015-03-23,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183000;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KIND BRUSH Malware Communication"; flow:established; content:"brush"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-01,updated_at 2019-05-21,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183001;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIGHTENED UNKNOWN Malware Communication"; flow:established; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-15,updated_at 2019-02-21,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183002;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIPLOMATIC MOVER Malware Communication"; flow:established; content:"mover"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-02-27,updated_at 2016-02-27,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183003;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NERVOUS CASSOCK Malware Communication"; flow:established; content:"cassock"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-09-03,updated_at 2018-09-13,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183004;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREPARED SYRUP Malware Communication"; flow:established; content:"syrup"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-06,updated_at 2019-05-13,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183005;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICIOUS STRATEGY Traffic Detected"; flow:established,to_server; content:"strategy"; priority:1; metadata:hostile dest_ip,created_at 2016-10-18,updated_at 2016-10-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183006;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHIVERING UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:cwe_id 200,hostile dest_ip,created_at 2018-09-04,capec_id 118,updated_at 2018-09-24,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target http-client,attack_target client,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80183007;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLOSSAL ALARM Traffic Detected"; flow:established, to_client; file_data; content:"alarm"; priority:2; metadata:cwe_id 451,hostile src_ip,created_at 2019-02-24,capec_id 152,updated_at 2019-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.9,attack_target http-client,attack_target client,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80183008;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MARGINAL PEGBOARD Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"pegboard"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-10,capec_id 255,updated_at 2019-02-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target http-client,attack_target client,cve 2019-558267,cvss_v2_temporal 8.0,protocols http,protocols tcp; rev:2; sid:80183009;) drop http any any -> $HOME_NET any (msg:"Acme - URGENT LAPDOG Exploitation Attempt Seen"; flow:established, to_server; content:"lapdog"; priority:2; metadata:cwe_id 621,hostile src_ip,created_at 2019-09-01,capec_id 152,updated_at 2019-09-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target server,attack_target http-server,cve 2015-7444310,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80183010;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT MOAT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"moat"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-06-01,capec_id 255,updated_at 2018-06-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target http-client,attack_target client,cve 2018-8754002,cvss_v2_temporal 8.3,protocols http,protocols tcp; rev:2; sid:80183011;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LUCKY BLANK Malware Communication"; flow:established, to_server; content:"blank"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2016-06-04,updated_at 2016-06-13,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183012;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREY FUNERAL Malware Communication"; flow:established, to_server; content:"funeral"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2018-08-10,updated_at 2018-08-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183013;) drop tcp any any -> any $HTTP_PORTS (msg:"Acme - UNKNOWN COLLOQUIA Exploitation Attempt Seen"; flow:established, to_server; content:"colloquia"; priority:2; metadata:cwe_id 680,hostile src_ip,created_at 2018-01-01,capec_id 100,updated_at 2018-01-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.2,cve 2016-53634,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:1; sid:80183014;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ESTIMATED ANT Malware Communication"; flow:established,to_client; content:"ant"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-07-19,updated_at 2019-07-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183015;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLAD DECIMAL Malware Communication"; flow:established,to_server; content:"decimal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-10,updated_at 2018-09-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183016;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE COMPASSION Malware Communication"; flow:established,to_server; content:"compassion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-14,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183017;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACTIVE SELECT Malware Communication"; flow:established,to_server; content:"select"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-27,updated_at 2018-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183018;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENTLE PENCIL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"pencil"; priority:2; metadata:hostile src_ip,created_at 2019-01-04,capec_id 68,updated_at 2019-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target http-client,attack_target client,cve 2019-2591508,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80183019;) alert http any any -> any any (msg:"Acme - HIDDEN ALARM Exploitation Attempt Seen"; flow:established, to_server; content:"alarm"; priority:3; metadata:cwe_id 601,hostile dest_ip,created_at 2019-03-20,updated_at 2019-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,cve 2015-92373,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80183020;) drop http any any -> $HOME_NET any (msg:"Acme - OPERATIONAL SIDECAR Exploitation Attempt Seen"; flow:established, to_server; content:"sidecar"; priority:3; metadata:cwe_id 94,hostile dest_ip,created_at 2018-09-06,updated_at 2018-09-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,cve 2018-1286945,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80183021;) drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - FEW VISOR Exploitation Attempt Seen"; flow:established, to_server; content:"visor"; priority:3; metadata:cwe_id 601,hostile src_ip,created_at 2019-01-09,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target server,attack_target http-server,cve 2018-114455,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:1; sid:80183022;) drop http any any -> $HOME_NET any (msg:"Acme - HAPPY POPPY Exploitation Attempt Seen"; flow:established, to_server; content:"poppy"; priority:3; metadata:cwe_id 94,hostile dest_ip,created_at 2019-09-18,updated_at 2019-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,cve 2019-9465606,cvss_v2_temporal 1.4,protocols http,protocols tcp; rev:2; sid:80183023;) alert http any any -> any any (msg:"Acme - SHARP SURNAME Exploitation Attempt Seen"; flow:established, to_server; content:"surname"; priority:3; metadata:cwe_id 749,hostile dest_ip,created_at 2018-11-22,capec_id 118,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,cve 2018-2429436,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80183024;) drop http any any -> $HOME_NET any (msg:"Acme - SMOOTH NURSE Exploitation Attempt Seen"; flow:established, to_server; content:"nurse"; priority:3; metadata:cwe_id 94,hostile dest_ip,created_at 2019-02-03,capec_id 248,updated_at 2019-02-06,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,cve 2018-2394583,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80183025;) drop http any any -> $HOME_NET any (msg:"Acme - GENUINE TRIPOD Exploitation Attempt Seen"; flow:established, to_server; content:"tripod"; priority:3; metadata:cwe_id 94,created_at 2018-03-14,updated_at 2018-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,cve 2016-8320200,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80183026;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUE SOPRANO Malware Communication"; flow:established,to_server; content:"soprano"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-02-14,updated_at 2018-02-17,filename ddos.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183027;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INNOCENT TILL Malware Communication"; flow:established, to_server; content:"till"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-18,updated_at 2019-03-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183028;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OPEN CLUE Malware Communication"; flow:established,to_server; content:"clue"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183029;) alert http any any -> any any (msg:"Acme - FUNNY SLIPPER Exploitation Attempt Seen"; flow:established,to_server; content:"slipper"; priority:3; metadata:cwe_id 79,hostile dest_ip,created_at 2017-07-07,updated_at 2017-07-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,cve 2015-5944103,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80183030;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORING SEARCH Malware Communication"; flow:established,to_server; content:"search"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-19,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183031;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROKEN SOCCER Malware Communication"; flow:established,to_server; content:"soccer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-07,updated_at 2018-11-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183032;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KEEN VEIN Malware Communication"; flow:established,to_server; content:"vein"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-03-08,updated_at 2017-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183033;) drop http any any -> any any (msg:"Acme - DEAFENING PUBLIC Traffic Detected"; flow:established, to_server; content:"public"; priority:2; metadata:cwe_id 77,hostile src_ip,created_at 2018-03-05,capec_id 248,updated_at 2018-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,cvss_v2_temporal 3.2,protocols http,protocols tcp; rev:2; sid:80183034;) drop http any any -> any any (msg:"Acme - POOR RUSH Traffic Detected"; flow:established, to_server; content:"rush"; priority:2; metadata:cwe_id 77,hostile dest_ip,created_at 2019-06-05,capec_id 248,updated_at 2019-06-10,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80183035;) drop http any any -> any any (msg:"Acme - UNKNOWNKLY SPY Traffic Detected"; flow:established, to_server; content:"spy"; priority:2; metadata:cwe_id 77,hostile src_ip,created_at 2018-05-12,capec_id 248,updated_at 2018-05-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80183036;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HUSKY TUTU Malware Communication"; flow:established,to_server; content:"tutu"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-24,updated_at 2019-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183037;) alert http any any -> any any (msg:"Acme - GENTLE PUNKNOWNO Exploitation Attempt Seen"; flow:established, to_server; content:"pUNKNOWNo"; priority:2; metadata:cwe_id 22,hostile dest_ip,created_at 2019-11-24,capec_id 152,updated_at 2019-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.1,cve 2016-7107895,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80183038;) drop tcp any any -> any $HTTP_PORTS (msg:"Acme - CLASSIC POLICEMAN Exploitation Attempt Seen"; flow:established, to_server; content:"policeman"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2015-10-19,capec_id 248,updated_at 2015-10-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.8,cve 2015-3944282,cvss_v2_temporal 2.7,protocols http,protocols tcp; rev:1; sid:80183039;) alert http any any -> any any (msg:"Acme - ALERT MUG Exploitation Attempt Seen"; flow:established, to_server; content:"mug"; priority:4; metadata:cwe_id 284,hostile src_ip,created_at 2018-11-17,capec_id 118,updated_at 2018-11-20,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.7,cve 2018-2523342,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80183040;) alert http any any -> any any (msg:"Acme - LOYAL BROOK Exploitation Attempt Seen"; flow:established, to_server; content:"brook"; priority:4; metadata:cwe_id 284,hostile src_ip,created_at 2017-04-12,capec_id 118,updated_at 2017-04-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 4.5,cve 2016-9724765,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80183041;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIGH STRIKE Malware Communication"; flow:established,to_client; content:"strike"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-09-08,updated_at 2016-09-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183042;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BUSY PAY Traffic Detected"; flow:established,to_client; content:"pay"; priority:2; metadata:hostile src_ip,created_at 2018-06-07,updated_at 2018-06-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183043;) drop tcp any $HTTP_PORTS -> any any (msg:"Acme - VAST BEAK Exploitation Attempt Seen"; flow:established, to_client; content:"beak"; priority:1; metadata:cwe_id 416,hostile src_ip,created_at 2017-02-23,updated_at 2017-02-25,filename acme.rules,priority high,rule_source acme-rule-factory,cvss_v2_base 4.5,cve 2016-9475619,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:1; sid:80183044;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LUCKY REQUIREMENT Malware Communication"; flow:established, to_server; content:"requirement"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-04-20,updated_at 2019-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183045;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUDE SLOPE Exploitation Attempt Seen"; flow:established, to_client; content:"slope"; priority:3; metadata:hostile src_ip,created_at 2019-10-18,capec_id 248,updated_at 2019-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2019-7803539,protocols http,protocols tcp; rev:4; sid:80183046;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXISTING BIBLIOGRAPHY Malware Communication"; flow:established,to_server; content:"bibliography"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-01-17,updated_at 2019-01-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183047;) drop http any any -> any any (msg:"Acme - CONTROVERSIAL SERVER Traffic Detected"; flow:established, to_server; content:"server"; priority:2; metadata:cwe_id 507,hostile dest_ip,created_at 2016-06-06,capec_id 248,updated_at 2016-06-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.2,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80183048;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAN REPAIR Malware Communication"; flow:established,to_server; content:"repair"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-08-02,updated_at 2019-08-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183049;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOGICAL SECOND Malware Communication"; flow:established,to_server; content:"second"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-07,updated_at 2019-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183050;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLOODY DIVER Malware Communication"; flow:established,to_server; content:"diver"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-07-04,updated_at 2019-07-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183051;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY LEADING Traffic Detected"; flow:established,to_client; content:"leading"; priority:1; metadata:hostile dest_ip,created_at 2019-06-21,updated_at 2019-06-25,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183052;) drop http any any -> any any (msg:"Acme - DARK SPIRIT Traffic Detected"; flow:established, to_server; content:"spirit"; priority:2; metadata:cwe_id 507,hostile src_ip,created_at 2019-09-11,capec_id 248,updated_at 2019-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.1,cvss_v2_temporal 7.9,protocols http,protocols tcp; rev:2; sid:80183053;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBJECTIVE COMMERCIAL Traffic Detected"; flow:established, to_server; content:"commercial"; priority:1; metadata:hostile dest_ip,created_at 2019-10-13,capec_id 125,updated_at 2019-10-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183054;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ACCESS Traffic Detected"; flow:established, to_server; content:"access"; priority:1; metadata:hostile src_ip,created_at 2019-02-06,capec_id 125,updated_at 2019-02-28,filename ddos.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183055;) drop http any any -> $HOME_NET any (msg:"Acme - SLIMY TUTU Exploitation Attempt Seen"; flow:established, to_server; content:"tutu"; priority:2; metadata:cwe_id 676,hostile src_ip,created_at 2018-04-26,capec_id 248,updated_at 2018-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cve 2015-7096943,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80183056;) drop tcp any any -> any any (msg:"Acme - POSSIBLE FOX Exploitation Attempt Seen"; flow:established, to_server; content:"fox"; priority:3; metadata:hostile src_ip,created_at 2019-03-19,capec_id 152,updated_at 2019-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2018-4784769,cvss_v2_temporal 4.6,protocols tcp; rev:1; sid:80183057;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVAILABLE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-02-07,updated_at 2017-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183058;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - DANGEROUS TRUCKIT Malware Communication"; flow:established,to_server; content:"truckit"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-12,updated_at 2019-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183059;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CONVINCED TOAD Malware Communication"; flow:established,to_server; content:"toad"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2018-10-09,updated_at 2018-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183060;) drop http any any -> $HOME_NET any (msg:"Acme - FLAT AUTHORITY Traffic Detected"; flow:established, to_server; content:"authority"; priority:2; metadata:hostile src_ip,created_at 2019-02-09,capec_id 286,updated_at 2019-02-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,attack_target http-server,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80183061;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPEN BANDANA Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"bandana"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2017-10-21,capec_id 255,updated_at 2017-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target http-client,attack_target client,cve 2016-6084879,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80183062;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ACTOR Malware Communication"; flow:established,to_server; content:"actor"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2018-07-04,updated_at 2018-07-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183063;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN INEVITABLE Malware Communication"; flow:established,to_server; content:"inevitable"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-18,updated_at 2019-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183064;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN SIDESTREAM Exploitation Attempt Seen"; flow:established, to_server; content:"sidestream"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-04-14,updated_at 2019-04-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cve 2019-7401761,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80183065;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NERVOUS DERBY Traffic Detected"; flow:established,to_client; content:"derby"; priority:2; metadata:hostile src_ip,created_at 2018-01-20,updated_at 2018-01-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183066;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPPORTING WEAR Malware Communication"; flow:established, to_server; content:"wear"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-13,updated_at 2016-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183067;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TART MELODY Malware Communication"; flow:established,to_server; content:"melody"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2019-09-08,updated_at 2019-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183068;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBJECTIVE FEED Malware Communication"; flow:established,to_server; content:"feed"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-19,updated_at 2018-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183069;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LEASH Malware Communication"; flow:established,to_server; content:"leash"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183070;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-13,updated_at 2017-08-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183071;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORED INSIDE Malware Communication"; flow:established,to_server; content:"inside"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2016-04-16,updated_at 2016-04-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183072;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VOICELESS PARCEL Malware Communication"; flow:established,to_server; content:"parcel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-12,updated_at 2018-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183073;) drop http any any -> $HOME_NET any (msg:"Acme - STRONG CODE Exploitation Attempt Seen"; flow:established, to_server; content:"code"; priority:2; metadata:cwe_id 502,hostile src_ip,created_at 2018-11-27,capec_id 152,updated_at 2018-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,attack_target http-server,cve 2016-4070136,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80183074;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONG TRAINING Malware Communication"; flow:established, to_server; content:"training"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-08,updated_at 2017-01-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183075;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WASTEFUL CELERY Malware Communication"; flow:established, to_server; content:"celery"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-09,updated_at 2019-04-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183076;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENETIC THORN Traffic Detected"; flow:established, to_server; content:"thorn"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2017-04-09,capec_id 223,updated_at 2017-04-23,filename rpc.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183077;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY KILL Traffic Detected"; flow:established, to_server; content:"kill"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-04-16,capec_id 223,updated_at 2019-04-21,filename rpc.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183078;) drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - KIND UNKNOWNITY Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNity"; priority:3; metadata:cwe_id 425,hostile src_ip,created_at 2019-11-06,capec_id 118,updated_at 2019-11-10,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cve 2019-6528414,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:1; sid:80183079;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUND LOT Malware Communication"; flow:established,to_client; content:"lot"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-08-05,updated_at 2019-08-05,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183080;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN CESSPOOL Malware Communication"; flow:established,to_server; content:"cesspool"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-09-09,updated_at 2015-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183081;) drop http any any -> $HOME_NET any (msg:"Acme - LESSER DECONGESTANT Exploitation Attempt Seen"; flow:established, to_server; content:"decongestant"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2019-02-17,capec_id 152,updated_at 2019-02-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cve 2019-7383964,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80183082;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUNNING CONDITION Malware Communication"; flow:established,to_server; content:"condition"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-18,updated_at 2017-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183083;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MATTOCK Malware Communication"; flow:established,to_server; content:"mattock"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-02-14,updated_at 2019-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183084;) alert http any any -> $HOME_NET any (msg:"Acme - WIDESPREAD WEST Traffic Detected"; flow:established, to_server; content:"west"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-07-12,capec_id 118,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target server,attack_target http-server,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:2; sid:80183085;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADORABLE TROWEL Malware Communication"; flow:established,to_server; content:"trowel"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-01-22,updated_at 2019-01-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183086;) alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - MOLECULAR GOAT Exploitation Attempt Seen"; flow:established, to_server; urilen:>1058; content:"goat"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-08-10,capec_id 100,updated_at 2017-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2017-7346150,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80183087;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CLEAN PAGE Malware Communication"; flow:established,to_server; content:"page"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-09,updated_at 2019-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183088;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMPTY ROUNDABOUT Malware Communication"; flow:established,to_server; content:"roundabout"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-07-07,updated_at 2019-07-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183089;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - ENDLESS LAB Malware Communication"; flow:established,to_server; content:"lab"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-27,updated_at 2018-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183090;) alert http any any -> $HOME_NET any (msg:"Acme - FASHIONABLE SALOON Exploitation Attempt Seen"; flow:established, to_server; content:"saloon"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-01-07,capec_id 100,updated_at 2019-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-1431507,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80183091;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCESSIVE CENSUS Traffic Detected"; flow:established,to_server; content:"census"; priority:3; metadata:created_at 2018-08-09,capec_id 119,updated_at 2018-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183092;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DOMESTIC APPLE Traffic Detected"; flow:established,to_server; content:"apple"; priority:3; metadata:created_at 2015-04-08,capec_id 119,updated_at 2015-04-13,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183093;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN JEFF Traffic Detected"; flow:established,to_client; content:"jeff"; priority:3; metadata:cwe_id 118,hostile src_ip,created_at 2019-04-04,capec_id 267,updated_at 2019-04-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183094;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - YOUNG CRECHE Malware Communication"; flow:established, to_client; content:"creche"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-04-01,updated_at 2019-04-08,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183095;) drop http any any -> $HOME_NET any (msg:"Acme - FANTASTIC CREATURE Traffic Detected"; flow:established, to_server; content:"creature"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2018-11-20,capec_id 286,updated_at 2018-11-22,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183096;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WATERY ADMINISTRATION Malware Communication"; flow:established,to_server; content:"administration"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-02-18,updated_at 2016-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183097;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEVER KNIGHT Malware Communication"; flow:established, to_server; content:"knight"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-14,updated_at 2019-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183098;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAINT SPITE Malware Communication"; flow:established, to_server; content:"spite"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-10,updated_at 2018-10-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183099;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIGHT TITANIUM Malware Communication"; flow:established,to_server; content:"titanium"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2018-06-13,updated_at 2018-06-13,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183100;) drop http any any -> $HOME_NET any (msg:"Acme - NATIONAL PROGRESS Traffic Detected"; flow:established, to_server; content:"progress"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2019-05-27,capec_id 248,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target server,attack_target http-server,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80183101;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILKY TIMEOUT Traffic Detected"; flow:established,to_server; content:"timeout"; priority:1; metadata:hostile dest_ip,created_at 2018-08-18,updated_at 2018-08-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183102;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPOTLESS RADISH Malware Communication"; flow:established,to_server; content:"radish"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-23,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183103;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GOOD Exploitation Attempt Seen"; flow:established, to_server; content:"good"; priority:3; metadata:hostile src_ip,created_at 2019-07-02,capec_id 310,updated_at 2019-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-5279958,protocols http,protocols tcp; rev:2; sid:80183104;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIRECT DEPOSIT Exploitation Attempt Seen"; flow:established, to_server; content:"deposit"; priority:3; metadata:hostile src_ip,created_at 2018-11-01,capec_id 135,updated_at 2018-11-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-2770326,protocols http,protocols tcp; rev:2; sid:80183105;) drop http any any -> $HOME_NET any (msg:"Acme - AGREED REPUNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"repUNKNOWN"; priority:2; metadata:cwe_id 20,hostile src_ip,created_at 2016-08-13,capec_id 131,updated_at 2016-08-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target server,attack_target http-server,cve 2016-7645520,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80183106;) drop tcp any any -> $HOME_NET any (msg:"Acme - OCCASIONAL FISHERMAN Traffic Detected"; flow:established; content:"fisherman"; priority:3; metadata:created_at 2018-02-01,capec_id 248,updated_at 2018-02-09,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183107;) drop tcp any any -> $HOME_NET any (msg:"Acme - SCORNFUL NAIL Traffic Detected"; flow:established; content:"nail"; priority:3; metadata:created_at 2017-05-15,updated_at 2017-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183108;) alert http any any -> $HOME_NET any (msg:"Acme - TORY BORDER Exploitation Attempt Seen"; flow:established, to_server; content:"border"; priority:3; metadata:hostile src_ip,created_at 2019-02-15,capec_id 248,updated_at 2019-02-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-3779202,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80183109;) drop http any any -> $HOME_NET any (msg:"Acme - HILARIOUS DUNGAREES Exploitation Attempt Seen"; flow:established, to_server; content:"dungarees"; priority:3; metadata:hostile src_ip,created_at 2016-06-17,capec_id 248,updated_at 2016-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target server,attack_target http-server,cve 2015-2442089,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80183110;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIMARY HIRE Malware Communication"; flow:established,to_server; content:"hire"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-13,updated_at 2017-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183111;) drop http any any -> $HOME_NET any (msg:"Acme - EXCEPTIONAL BROILER Exploitation Attempt Seen"; flow:established, to_server; content:"broiler"; priority:3; metadata:cwe_id 20,cwe_id 22,hostile src_ip,created_at 2019-04-27,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target server,attack_target http-server,cve 2019-6213307,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80183112;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - NEGATIVE GEYSER Exploitation Attempt Seen"; flow:established,to_client; content:"geyser"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-06-01,capec_id 255,updated_at 2019-06-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cve 2018-79036,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:1; sid:80183113;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN STRUCTURE Malware Communication"; flow:established, to_server; content:"structure"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2018-10-07,updated_at 2018-10-11,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183114;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FISCAL UNKNOWNITY Malware Communication"; flow:established,to_server; content:"UNKNOWNity"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-07-25,updated_at 2019-07-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183115;) drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - TINY MUSIC-BOX Exploitation Attempt Seen"; flow:established, to_server; content:"music-box"; priority:3; metadata:cwe_id 502,hostile src_ip,created_at 2019-01-07,capec_id 248,updated_at 2019-01-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target server,attack_target http-server,cve 2017-978423,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:1; sid:80183116;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VICTORIOUS MARIMBA Exploitation Attempt Seen"; flow:established, to_server; content:"marimba"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2018-05-17,updated_at 2018-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cve 2016-3389708,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:4; sid:80183117;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DARK LEPROSY Exploitation Attempt Seen"; flow:established, to_server; content:"leprosy"; priority:3; metadata:hostile src_ip,created_at 2019-09-16,capec_id 213,updated_at 2019-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-1047327,protocols http,protocols tcp; rev:2; sid:80183118;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - JOLLY LUNG Exploitation Attempt Seen"; flow:established, to_client; content:"lung"; priority:3; metadata:hostile src_ip,created_at 2015-11-10,capec_id 135,updated_at 2015-11-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6958154,protocols http,protocols tcp; rev:1; sid:80183119;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLOSSAL UNKNOWNITY Malware Communication"; flow:established, to_server; content:"UNKNOWNity"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2015-01-13,updated_at 2015-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183120;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WICKED OXEN Malware Communication"; flow:established, to_server; content:"oxen"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-13,updated_at 2019-02-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183121;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAINT UMBRELLA Traffic Detected"; flow:established, to_client; file_data; content:"umbrella"; priority:3; metadata:hostile src_ip,created_at 2017-11-19,capec_id 248,updated_at 2017-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183122;) #drop http any any -> $HOME_NET any (msg:"Acme - HANDSOME SKYWALK Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"skywalk"; priority:3; metadata:cwe_id 73,cwe_id 618,hostile dest_ip,created_at 2017-09-13,capec_id 253,updated_at 2017-09-13,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,cve 2017-8446866,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80183123;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ROUND BLAME Malware Communication"; flow:established,to_client; content:"blame"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-01-01,updated_at 2019-01-06,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183124;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WHISPERING PAWNSHOP Exploitation Attempt Seen"; flow:established, to_server; content:"pawnshop"; priority:3; metadata:hostile src_ip,created_at 2019-06-15,capec_id 100,updated_at 2019-06-22,filename email.rules,priority low,rule_source acme-rule-factory,cve 2019-2926625,protocols smtp,protocols tcp; rev:1; sid:80183125;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LARGE BIRDCAGE Malware Communication"; flow:established,to_server; content:"birdcage"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183126;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONELY UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2015-11-04,updated_at 2015-11-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183127;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOVEL E-READER Malware Communication"; flow:established,to_server; content:"e-reader"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-10-18,updated_at 2016-10-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183128;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CERAMIC Malware Communication"; flow:established,to_server; content:"ceramic"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-20,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183129;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MONTHLY CRICKETER Malware Communication"; flow:established, to_client; content:"cricketer"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-08-14,updated_at 2017-08-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183130;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORGANISATIONAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2017-09-01,updated_at 2017-09-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183131;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORTHWHILE INVENTION Exploitation Attempt Seen"; flow:established, to_server; content:"invention"; priority:3; metadata:cwe_id 693,cwe_id 79,hostile src_ip,created_at 2019-03-09,capec_id 18,updated_at 2019-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target server,attack_target http-server,cve 2019-5939769,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80183132;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCHANTING BEGINNER Malware Communication"; flow:established,to_server; content:"beginner"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-01-25,updated_at 2018-01-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183133;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPECTED ELBOW Malware Communication"; flow:established,to_client; content:"elbow"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-08-26,updated_at 2019-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183134;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALRIGHT CHAP Malware Communication"; flow:established,to_client; content:"chap"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-11-25,updated_at 2017-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183135;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERMANENT VAGRANT Malware Communication"; flow:established,to_client; content:"vagrant"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-04-23,updated_at 2019-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183136;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LACK Malware Communication"; flow:established,to_server; content:"lack"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2017-11-11,updated_at 2017-11-11,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183137;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOW PASTA Traffic Detected"; flow:established, to_server; content:"pasta"; priority:3; metadata:hostile src_ip,created_at 2017-10-27,capec_id 248,updated_at 2017-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80183138;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HISSING BOLERO Malware Communication"; flow:established,to_server; content:"bolero"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-13,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183139;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIATURE SHIRT Malware Communication"; flow:established,to_server; content:"shirt"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-22,updated_at 2018-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183140;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HUSKY ASHTRAY Exploitation Attempt Seen"; flow:established, to_server; content:"ashtray"; priority:3; metadata:cwe_id 284,hostile src_ip,created_at 2016-06-23,capec_id 115,updated_at 2016-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target server,attack_target http-server,cve 2015-6635065,cvss_v2_temporal 1.7,protocols http,protocols tcp; rev:3; sid:80183141;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PERMANENT COTTAGE Malware Communication"; flow:established,to_server; content:"cottage"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-19,updated_at 2019-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183142;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GRAIN Malware Communication"; flow:established,to_server; content:"grain"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2017-03-25,updated_at 2017-03-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183143;) drop http $HOME_NET any -> any any (msg:"Acme - CHRONIC PULLEY Malware Communication"; flow:established,to_server; content:"pulley"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-18,updated_at 2018-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183144;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SURE KIND Malware Communication"; flow:established,to_client; content:"kind"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-07-24,updated_at 2019-07-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183145;) drop http any any -> $HOME_NET any (msg:"Acme - CULTURAL ENGINEERING Exploitation Attempt Seen"; flow:established, to_server; content:"engineering"; priority:1; metadata:cwe_id 288,hostile src_ip,created_at 2016-06-21,capec_id 115,updated_at 2016-06-23,filename acme.rules,priority high,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-1599511,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80183146;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNEST UNKNOWNEL Malware Communication"; flow:established, to_server; content:"UNKNOWNel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-11,updated_at 2017-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183147;) drop tcp any any -> $HOME_NET any (msg:"Acme - INNER ROLE Traffic Detected"; flow:established, to_server; content:"role"; priority:1; metadata:hostile src_ip,created_at 2019-11-02,updated_at 2019-11-12,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80183148;) drop tcp any any -> $HOME_NET any (msg:"Acme - DECISIVE PUMPKIN Traffic Detected"; flow:established, to_server; content:"pumpkin"; priority:1; metadata:hostile src_ip,created_at 2019-02-14,updated_at 2019-02-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80183149;) drop tcp any any -> $HOME_NET any (msg:"Acme - ACTIVE FURNACE Traffic Detected"; flow:established, to_server; content:"furnace"; priority:1; metadata:hostile src_ip,created_at 2018-03-12,updated_at 2018-03-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80183150;) drop tcp any any -> $HOME_NET any (msg:"Acme - HISSING GEOLOGY Traffic Detected"; flow:established, to_server; content:"geology"; priority:1; metadata:hostile src_ip,created_at 2019-10-06,updated_at 2019-10-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80183151;) drop tcp any any -> $HOME_NET any (msg:"Acme - WEIRD UNKNOWNSUIT Traffic Detected"; flow:established, to_server; content:"UNKNOWNsuit"; priority:1; metadata:hostile src_ip,created_at 2017-11-15,updated_at 2017-11-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80183152;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - EXCLUSIVE SLAPSTICK Malware Communication"; flow:established, to_server; content:"slapstick"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-07,updated_at 2018-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183153;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN NECKUNKNOWN Malware Communication"; flow:established, to_server; content:"neckUNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-15,updated_at 2016-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183154;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHOCKED SPIDER Malware Communication"; flow:established,to_server; content:"spider"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-17,updated_at 2017-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183155;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREMIER BREADCUNKNOWNB Traffic Detected"; flow:established,to_server; content:"breadcUNKNOWNb"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2017-03-08,updated_at 2017-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183156;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELATIVE INVITE Traffic Detected"; flow:established, to_server; content:"invite"; priority:1; metadata:hostile dest_ip,created_at 2019-09-15,updated_at 2019-09-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183157;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RAW Malware Communication"; flow:established,to_client; content:"raw"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-11-15,updated_at 2019-11-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183158;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIEF UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-19,updated_at 2018-04-21,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183159;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LAYER Malware Communication"; flow:established, to_server; content:"layer"; priority:1; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2017-06-20,updated_at 2017-06-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183160;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STANDARD DRY Malware Communication"; flow:established, to_client; content:"dry"; priority:1; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2019-02-24,updated_at 2019-02-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183161;) drop http any any -> $HOME_NET any (msg:"Acme - UNIQUE WHEAT Traffic Detected"; flow:established, to_server; content:"wheat"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-01-27,capec_id 286,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183162;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FALL Malware Communication"; flow:established, to_server; content:"fall"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-02,updated_at 2018-02-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183163;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELEGANT GLIDER Malware Communication"; flow:established,to_server; content:"glider"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-02,updated_at 2019-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183164;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DECENT AGENCY Malware Communication"; flow:established,to_client; content:"agency"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-06-01,updated_at 2016-06-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-8650794,cve 2016-8650794,cve 2016-8650794,cve 2016-8650794,cve 2016-8650794,cve 2016-8650794,cve 2016-8650794,protocols http,protocols tcp; rev:1; sid:80183165;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BONNET Malware Communication"; flow:established,to_server; content:"bonnet"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-19,updated_at 2018-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183166;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASHAMED HYBRIDISATION Malware Communication"; flow:established,to_server; content:"hybridisation"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-21,updated_at 2019-05-23,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183167;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN CAVE Malware Communication"; flow:established,to_client; content:"cave"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-01-18,updated_at 2018-01-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183168;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INNER INNOCENCE Malware Communication"; flow:established, to_server; content:"innocence"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-15,updated_at 2018-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183169;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUICKEST REGION Traffic Detected"; flow:established,to_server; content:"region"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-11-11,capec_id 310,updated_at 2019-11-24,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80183170;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DAMAGED OIL Malware Communication"; flow:established, to_server; content:"oil"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-13,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183171;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BOWLING Malware Communication"; flow:established,to_server; content:"bowling"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-11-15,updated_at 2019-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80183172;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCIENTIFIC UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2019-08-20,capec_id 310,updated_at 2019-08-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183173;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UPSET HAMMOCK Traffic Detected"; flow:established, to_server; content:"hammock"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2019-08-21,capec_id 112,updated_at 2019-08-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183174;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG PUNKNOWNE Malware Communication"; flow:established, to_server; content:"pUNKNOWNe"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-04-27,updated_at 2017-04-27,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-4085051,protocols http,protocols tcp; rev:3; sid:80183175;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - INDUSTRIAL IMPRESSION Traffic Detected"; flow:established, to_client; content:"impression"; priority:2; metadata:created_at 2019-06-27,updated_at 2019-06-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183176;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLASSIC PSEUDOSCIENCE Malware Communication"; flow:established,to_server; content:"pseudoscience"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183177;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HORRIBLE OPPORTUNIST Traffic Detected"; flow:established, to_server; content:"opportunist"; priority:2; metadata:cwe_id 506,hostile src_ip,created_at 2019-05-05,capec_id 248,updated_at 2019-05-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183178;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - USEFUL MOMENT Malware Communication"; flow:established, to_client; content:"moment"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-17,updated_at 2016-06-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183179;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROASTED PIZZA Traffic Detected"; flow:established, to_server; content:"pizza"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-10-25,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183180;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - COMMON NEWS Malware Communication"; flow:established,to_server; content:"news"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-04-03,updated_at 2017-04-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183181;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - SYSTEMATIC HOLD Traffic Detected"; flow:established,to_server; content:"hold"; priority:2; metadata:hostile dest_ip,created_at 2018-01-20,updated_at 2018-01-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183182;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN SPRAY Malware Communication"; flow:established,to_server; content:"spray"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-07,updated_at 2019-09-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183183;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCUSED BIOLOGY Malware Communication"; flow:established,to_server; content:"biology"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-11-02,updated_at 2017-11-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183184;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEVELOPED ASPARAGUS Malware Communication"; flow:established, to_server; content:"asparagus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-11,updated_at 2017-02-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183185;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COSTLY INDIVIDUAL Malware Communication"; flow:established,to_server; content:"individual"; priority:1; metadata:cwe_id 507,malware malware,hostile dest_ip,created_at 2019-07-13,updated_at 2019-07-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183186;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EDWARD Exploitation Attempt Seen"; flow:established; content:"edward"; priority:3; metadata:created_at 2019-01-21,capec_id 119,updated_at 2019-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2015-4736338,protocols tcp; rev:1; sid:80183187;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEW TRUCKIT Exploitation Attempt Seen"; flow:established, to_server; content:"truckit"; priority:3; metadata:cwe_id 693,cvss_v3_base 4.5,hostile src_ip,created_at 2019-10-18,capec_id 118,updated_at 2019-10-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cvss_v3_temporal 4.9,cve 2019-5244906,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:2; sid:80183188;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCARY GLUT Malware Communication"; flow:established, to_server; content:"glut"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183189;) drop http any any -> $HOME_NET any (msg:"Acme - ALLIED PROCESS Traffic Detected"; flow:established, to_server; content:"process"; priority:3; metadata:hostile src_ip,created_at 2015-10-13,capec_id 253,updated_at 2015-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183190;) drop http any any -> $HOME_NET any (msg:"Acme - LATE STEAM Traffic Detected"; flow:established, to_server; content:"steam"; priority:3; metadata:hostile src_ip,created_at 2017-08-27,capec_id 253,updated_at 2017-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183191;) drop http any any -> $HOME_NET any (msg:"Acme - STRICT UNKNOWNHPICK Traffic Detected"; flow:established, to_server; content:"UNKNOWNhpick"; priority:3; metadata:hostile src_ip,created_at 2018-06-12,capec_id 253,updated_at 2018-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183192;) drop http any any -> $HOME_NET any (msg:"Acme - RICH TECHNOLOGY Traffic Detected"; flow:established, to_server; content:"technology"; priority:3; metadata:hostile src_ip,created_at 2017-01-20,capec_id 253,updated_at 2017-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183193;) drop http any any -> $HOME_NET any (msg:"Acme - YOUNG EQUINOX Traffic Detected"; flow:established, to_server; content:"equinox"; priority:3; metadata:hostile src_ip,created_at 2019-05-14,capec_id 253,updated_at 2019-05-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183194;) drop http any any -> $HOME_NET any (msg:"Acme - DOUBTFUL SPIKE Traffic Detected"; flow:established, to_server; content:"spike"; priority:3; metadata:hostile src_ip,created_at 2019-09-09,capec_id 253,updated_at 2019-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183195;) drop http any any -> $HOME_NET any (msg:"Acme - ROASTED GAZELLE Traffic Detected"; flow:established, to_server; content:"gazelle"; priority:3; metadata:hostile src_ip,created_at 2019-06-07,capec_id 253,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183196;) drop http any any -> $HOME_NET any (msg:"Acme - DIZZY DILAPIDATION Traffic Detected"; flow:established, to_server; content:"dilapidation"; priority:3; metadata:hostile src_ip,created_at 2016-11-20,capec_id 253,updated_at 2016-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183197;) drop http any any -> $HOME_NET any (msg:"Acme - IRRELEVANT RECORD Traffic Detected"; flow:established, to_server; content:"record"; priority:3; metadata:hostile src_ip,created_at 2018-02-13,updated_at 2018-02-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183198;) drop http any any -> $HOME_NET any (msg:"Acme - SELFISH OATMEAL Traffic Detected"; flow:established, to_server; content:"oatmeal"; priority:3; metadata:hostile src_ip,created_at 2016-02-18,updated_at 2016-02-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183199;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN ROTATE Traffic Detected"; flow:established, to_server; content:"rotate"; priority:3; metadata:hostile src_ip,created_at 2019-10-21,capec_id 253,updated_at 2019-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183200;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RASPY DRAMA Malware Communication"; flow:established,to_server; content:"drama"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-01,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183201;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EQUIVALENT ARMADILLO Malware Communication"; flow:established,to_server; content:"armadillo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-20,updated_at 2018-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183202;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OLD VOLUME Exploitation Attempt Seen"; flow:established,to_client; content:"volume"; priority:4; metadata:cwe_id 787,cwe_id 371,cwe_id 191,hostile src_ip,created_at 2019-11-03,updated_at 2019-11-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target http-client,attack_target client,cve 2019-5708372,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:4; sid:80183203;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRANGE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-03,updated_at 2018-07-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183204;) alert http any any -> $HOME_NET any (msg:"Acme - SUCCESSFUL GUILTY Exploitation Attempt Seen"; flow:established, to_server; content:"guilty"; priority:2; metadata:cwe_id 120,hostile src_ip,created_at 2016-02-13,capec_id 100,updated_at 2016-02-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target server,attack_target http-server,cve 2015-2069960,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80183205;) drop http any any -> $HOME_NET any (msg:"Acme - FOOLISH POSTER Exploitation Attempt Seen"; flow:established, to_server; content:"poster"; priority:3; metadata:cwe_id 676,hostile src_ip,created_at 2019-03-11,capec_id 248,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target server,attack_target http-server,cve 2019-4448697,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80183206;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXACT EXAMINATION Malware Communication"; flow:established, to_server; content:"examination"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-20,updated_at 2018-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183207;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTHUSIASTIC NIGHTLIGHT Malware Communication"; flow:established,to_server; content:"nightlight"; priority:3; metadata:cwe_id 506,malware download-attempt,created_at 2016-10-14,updated_at 2016-10-18,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183208;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RULING LAWYER Malware Communication"; flow:established,to_client; content:"lawyer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-01-08,updated_at 2019-01-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183209;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRIVING POISON Malware Communication"; flow:established,to_server; content:"poison"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-26,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183210;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EQUIVALENT SHAPE Malware Communication"; flow:established,to_server; content:"shape"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-24,updated_at 2017-09-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183211;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TABBY Malware Communication"; flow:established,to_server; content:"tabby"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-08,updated_at 2019-03-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183212;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - METROPOLITAN OSTRICH Traffic Detected"; flow:established, to_server; content:"ostrich"; priority:4; metadata:cwe_id 200,created_at 2018-10-01,capec_id 118,updated_at 2018-10-10,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.8,cvss_v2_temporal 7.7,protocols http,protocols tcp; rev:2; sid:80183213;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMFORTABLE PAPER Malware Communication"; flow:established, to_server; content:"paper"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-06,updated_at 2019-01-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183214;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENTLE KEYSTONE Malware Communication"; flow:established,to_server; content:"keystone"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-06,updated_at 2019-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183215;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIANT GOPHER Malware Communication"; flow:established, to_server; content:"gopher"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-12,updated_at 2018-07-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183216;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARIABLE PROTECTION Malware Communication"; flow:established, to_client; content:"protection"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-01-16,updated_at 2018-01-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183217;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUSPICIOUS TERRITORY Malware Communication"; flow:established,to_server; content:"territory"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-24,updated_at 2018-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183218;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLAT SHAPE Malware Communication"; flow:established,to_server; content:"shape"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-20,updated_at 2015-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80183219;) alert http any any -> $HOME_NET any (msg:"Acme - IMPORTANT SORBET Exploitation Attempt Seen"; flow:established, to_server; content:"sorbet"; priority:2; metadata:cwe_id 89,hostile src_ip,created_at 2018-06-18,capec_id 110,updated_at 2018-06-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target server,attack_target http-server,cve 2018-2147716,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80183220;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONG BOOSTER Malware Communication"; flow:established,to_server; content:"booster"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2015-08-14,updated_at 2015-08-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-2164882,cve 2015-2164882,protocols http,protocols tcp; rev:2; sid:80183221;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNUSUAL DIRT Malware Communication"; flow:established,to_server; content:"dirt"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2016-03-08,updated_at 2016-03-11,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-217387,cve 2016-217387,protocols http,protocols tcp; rev:2; sid:80183222;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN FRUIT Exploitation Attempt Seen"; flow:established, to_server; content:"fruit"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2019-06-21,capec_id 248,updated_at 2019-06-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target server,attack_target http-server,cve 2018-9318044,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80183223;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YELLOW EXERCISE Malware Communication"; flow:established,to_server; content:"exercise"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-23,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183224;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DREADFUL SKULLDUGGERY Malware Communication"; flow:established, to_server; content:"skullduggery"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-10,updated_at 2018-03-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183225;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANY WILDERNESS Malware Communication"; flow:established, to_server; content:"wilderness"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-18,updated_at 2018-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183226;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUST ALARM Traffic Detected"; flow:established, to_server; content:"alarm"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-06-02,capec_id 286,updated_at 2017-06-04,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183227;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SELECTIVE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-21,updated_at 2018-03-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183228;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRIED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-21,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183229;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIZARRE COMPLAINT Malware Communication"; flow:established, to_server; content:"complaint"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-02,updated_at 2019-05-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183230;) drop tcp any any -> $EXTERNAL_NET any (msg:"Acme - SILLY ROUTE Malware Communication"; flow:established,to_server; content:"route"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-19,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183231;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANGRY ANGER Malware Communication"; flow:established,to_server; content:"anger"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-03,updated_at 2018-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183232;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILLING CLOUDY Malware Communication"; flow:established,to_server; content:"cloudy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-11,updated_at 2017-02-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183233;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THOUGHTLESS UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:hostile dest_ip,created_at 2015-10-16,updated_at 2015-10-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183234;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BREAK Malware Communication"; flow:established, to_server; content:"break"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-10,updated_at 2019-04-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183235;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDEPENDENT UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-04-09,updated_at 2016-04-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183236;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTENSIVE CRUDE Exploitation Attempt Seen"; flow:established, to_server; content:"crude"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2019-04-20,updated_at 2019-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target server,attack_target http-server,cve 2019-5417434,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80183237;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOCIAL PLANTATION Malware Communication"; flow:established,to_server; content:"plantation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-17,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183238;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOLLY MULE Malware Communication"; flow:established,to_client; file_data; content:"mule"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-09-16,updated_at 2018-09-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183239;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN PROSECUTION Exploitation Attempt Seen"; flow:established, to_server; content:"prosecution"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-07,capec_id 213,updated_at 2019-06-18,filename scada.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target server,cve 2018-6574558,cvss_v2_temporal 2.3,protocols tcp; rev:1; sid:80183240;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AFRAID CULTIVAR Malware Communication"; flow:established, to_server; content:"cultivar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-03,updated_at 2019-07-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183241;) drop http any any -> $HOME_NET any (msg:"Acme - ANONYMOUS TSUNAMI Malware Communication"; flow:established, to_server; content:"tsunami"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-05-21,updated_at 2018-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183242;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREEN LEAGUE Malware Communication"; flow:established,to_server; content:"league"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183243;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENUINE CANUNKNOWN Malware Communication"; flow:established,to_client; file_data; content:"canUNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-02-04,updated_at 2019-02-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183244;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CHILLY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-07-10,updated_at 2017-07-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183245;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TELLER Malware Communication"; flow:established,to_server; content:"teller"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2018-10-10,updated_at 2018-10-14,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183246;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANGRY SPRUCE Traffic Detected"; flow:established,to_server; content:"spruce"; priority:3; metadata:created_at 2019-01-17,updated_at 2019-01-21,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183247;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUAINT UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:created_at 2019-08-19,updated_at 2019-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183248;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE KINDNESS Malware Communication"; flow:established,to_server; content:"kindness"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-09-26,updated_at 2018-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183249;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWNIAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-08,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183250;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK EYE Malware Communication"; flow:established,to_server; content:"eye"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-05,updated_at 2016-05-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183251;) drop http any any -> any any (msg:"Acme - GENTLE TRAMP Traffic Detected"; flow:established,to_server; content:"tramp"; priority:4; metadata:cwe_id 200,created_at 2017-11-07,capec_id 310,updated_at 2017-11-18,filename scan.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80183252;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WHISPERING WAITRESS Malware Communication"; flow:established,to_server; content:"waitress"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-03-15,updated_at 2016-03-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183253;) drop http $HOME_NET any -> any any (msg:"Acme - BREEZY BEHEST Malware Communication"; flow:established, to_server; content:"behest"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-02,updated_at 2018-05-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183254;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ATTRACTIVE FOOTNOTE Malware Communication"; flow:established,to_server; content:"footnote"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-02-16,updated_at 2016-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183255;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEVERE KNIFE Malware Communication"; flow:established,to_server; content:"knife"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-05-09,updated_at 2019-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183256;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUND RISE Malware Communication"; flow:established,to_server; content:"rise"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-02,updated_at 2017-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183257;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE TRANSMISSION Malware Communication"; flow:established,to_server; content:"transmission"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-07,updated_at 2018-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183258;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DISUNKNOWN Malware Communication"; flow:established,to_server; content:"disUNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-03,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183259;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RECENT TURN Malware Communication"; flow:established,to_server; content:"turn"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-08-23,updated_at 2018-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183260;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HISTORICAL GREASE Traffic Detected"; flow:established,to_client; content:"grease"; priority:2; metadata:hostile src_ip,created_at 2019-02-20,capec_id 253,updated_at 2019-02-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183261;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRAIGHT PURITAN Exploitation Attempt Seen"; flow:established,to_server; content:"puritan"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-09-21,updated_at 2017-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2382588,protocols http,protocols tcp; rev:2; sid:80183262;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELATIVE OCTOPUS Malware Communication"; flow:established,to_client; file_data; content:"octopus"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-03-15,updated_at 2016-03-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183263;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 507,malware pre-infection,created_at 2018-09-25,updated_at 2018-09-27,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80183264;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTELLIGENT KANGAROO Malware Communication"; flow:established,to_server; content:"kangaroo"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-11-06,updated_at 2019-11-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183265;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILD INITIAL Malware Communication"; flow:established,to_server; content:"initial"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-08-05,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183266;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOBLE SCENT Malware Communication"; flow:established,to_server; content:"scent"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2015-04-11,updated_at 2015-04-15,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80183267;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LAN Malware Communication"; flow:established,to_server; content:"lan"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2018-10-27,updated_at 2018-10-28,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80183268;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTENSIVE COMBINE Malware Communication"; flow:established,to_server; content:"combine"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-09-02,updated_at 2019-09-26,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80183269;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRIED KNICKERS Malware Communication"; flow:established,to_server; content:"knickers"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2019-03-11,updated_at 2019-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183270;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LEADER Malware Communication"; flow:established,to_client; content:"leader"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-25,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183271;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RAINY FEAST Malware Communication"; flow:established,to_server; content:"feast"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-05-21,updated_at 2015-05-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80183272;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - VIVID LOINCLOTH Malware Communication"; flow:established,to_server; content:"loincloth"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-19,updated_at 2018-06-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183273;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MONETARY MUSTARD Malware Communication"; flow:established,to_server; content:"mustard"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2016-03-01,updated_at 2016-03-02,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183274;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - NOISY EASE Traffic Detected"; flow:established,to_server; content:"ease"; priority:2; metadata:hostile src_ip,created_at 2019-09-27,capec_id 227,updated_at 2019-09-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183275;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BALANCED STEP-GRANDMOTHER Malware Communication"; flow:established,to_server; content:"step-grandmother"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-10,updated_at 2018-03-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183276;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND DENIM Traffic Detected"; flow:established, to_server; content:"denim"; priority:3; metadata:hostile src_ip,created_at 2019-08-11,capec_id 118,updated_at 2019-08-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183277;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUTUAL STEP Malware Communication"; flow:established,to_server; content:"step"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-17,updated_at 2018-02-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183278;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FREEPLAY Malware Communication"; flow:established,to_server; content:"freeplay"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-08,updated_at 2018-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183279;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CONCRETE CLOTHING Malware Communication"; flow:established,to_server; content:"clothing"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-03-14,updated_at 2017-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183280;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOTAL HOVEL Malware Communication"; flow:established,to_server; content:"hovel"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-26,updated_at 2019-01-27,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183281;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNNECESSARY FORESTRY Malware Communication"; flow:established,to_server; content:"forestry"; priority:4; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-18,updated_at 2015-10-26,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183282;) drop tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any (msg:"Acme - UNIQUE HEDGEHOG Malware Communication"; flow:established, to_client; content:"hedgehog"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-20,updated_at 2019-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183283;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PSYCHIATRIC FAME Exploitation Attempt Seen"; flow:established, to_server; content:"fame"; priority:3; metadata:hostile src_ip,created_at 2018-02-05,capec_id 253,updated_at 2018-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-6234640,protocols http,protocols tcp; rev:2; sid:80183284;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRESIDENTIAL RATE Exploitation Attempt Seen"; flow:established, to_server; content:"rate"; priority:3; metadata:hostile src_ip,created_at 2019-05-22,capec_id 213,updated_at 2019-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-498867,protocols http,protocols tcp; rev:2; sid:80183285;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIATURE DRESSER Malware Communication"; flow:established, to_server; content:"dresser"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-18,updated_at 2019-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183286;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT OFFENCE Malware Communication"; flow:established, to_server; content:"offence"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-15,updated_at 2018-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183287;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TONGUE Malware Communication"; flow:established, to_server; content:"tongue"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-02-09,updated_at 2019-02-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183288;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CLUE Traffic Detected"; flow:established,to_server; content:"clue"; priority:3; metadata:hostile src_ip,created_at 2017-08-11,capec_id 310,updated_at 2017-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183289;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTINCT MILLENNIUM Traffic Detected"; flow:established, to_server; content:"millennium"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2017-06-12,capec_id 286,updated_at 2017-06-25,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183290;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLINICAL OPPORTUNIST Malware Communication"; flow:established,to_server; content:"opportunist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-16,updated_at 2018-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183291;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HELPLESS WASH Malware Communication"; flow:established,to_server; content:"wash"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-14,updated_at 2019-03-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183292;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRICT FAITH Malware Communication"; flow:established,to_client; file_data; content:"faith"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-04-14,updated_at 2016-04-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183293;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DAILY DEMUR Malware Communication"; flow:established, to_server; content:"demur"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-21,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183294;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNCTIONAL SPLIT Malware Communication"; flow:established,to_client; file_data; content:"split"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-06-04,updated_at 2018-06-06,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183295;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRECISE SNOWMAN Malware Communication"; flow:established,to_server; content:"snowman"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-02-21,updated_at 2019-02-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183296;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN POULTRY Malware Communication"; flow:established,to_server; content:"poultry"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-06-20,updated_at 2019-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183297;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLOW KIDNEYS Malware Communication"; flow:established,to_server; content:"kidneys"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-08-25,updated_at 2018-08-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183298;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN INDIVIDUAL Malware Communication"; flow:established,to_server; content:"individual"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-05-21,updated_at 2018-05-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183299;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY CONVECTION Malware Communication"; flow:established, to_server; content:"convection"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-02-17,updated_at 2018-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183300;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIGH-PITCHED UNKNOWN Malware Communication"; flow:established,to_server; content:"unknown"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-01-11,updated_at 2019-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183301;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPORTANT PIANO Malware Communication"; flow:established,to_server; content:"piano"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-26,updated_at 2018-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183302;) alert http any any -> $HOME_NET any (msg:"Acme - AUNKNOWNIC WALRUS Traffic Detected"; flow:established, to_server; content:"walrus"; priority:3; metadata:hostile src_ip,created_at 2015-11-11,updated_at 2015-11-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183303;) alert http any any -> $HOME_NET any (msg:"Acme - COLOSSAL PRIZEFIGHT Exploitation Attempt Seen"; flow:established, to_server; content:"prizefight"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2017-01-18,capec_id 248,updated_at 2017-01-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target server,attack_target http-server,cve 2017-7074873,cvss_v2_temporal 1.8,protocols http,protocols tcp; rev:2; sid:80183304;) alert http any any -> $HOME_NET any (msg:"Acme - TINY STANDARD Exploitation Attempt Seen"; flow:established, to_server; content:"standard"; priority:2; metadata:hostile src_ip,created_at 2017-06-05,updated_at 2017-06-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2016-6097308,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80183305;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELIGHTFUL SOMETHING Malware Communication"; flow:established,to_server; content:"something"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-16,updated_at 2017-09-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183306;) alert tcp any any -> $HOME_NET any (msg:"Acme - CHEERFUL AVERAGE Exploitation Attempt Seen"; flow:established,to_server; content:"average"; priority:4; metadata:hostile src_ip,created_at 2018-02-17,capec_id 118,updated_at 2018-02-28,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cve 2017-3178780,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:1; sid:80183307;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIME HURRY Traffic Detected"; flow:established,to_client; file_data; content:"hurry"; priority:2; metadata:hostile src_ip,created_at 2018-03-25,updated_at 2018-03-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183308;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TREMENDOUS BANKER Malware Communication"; flow:established,to_server; content:"banker"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-26,updated_at 2017-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183309;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUND GARB Malware Communication"; flow:established,to_server; content:"garb"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-07,updated_at 2016-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183310;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - OUTSTANDING MACADAMIA Malware Communication"; flow:established, to_server; content:"macadamia"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-08,updated_at 2017-09-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183311;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INVOLVED EYEBALL Malware Communication"; flow:established,to_server; content:"eyeball"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-08-19,updated_at 2019-08-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183312;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUFFICIENT PLAYGROUND Malware Communication"; flow:established,to_server; content:"playground"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-22,updated_at 2019-03-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183313;) drop tcp $HOME_NET any -> any any (msg:"Acme - FANTASTIC BORDER Malware Communication"; flow:established,to_server; content:"border"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-23,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183314;) #alert tcp any $HTTP_PORTS -> any any (msg:"Acme - DREADFUL INDEPENDENCE Traffic Detected"; flow:established, to_client; content:"independence"; priority:3; metadata:hostile dest_ip,created_at 2017-09-05,capec_id 248,updated_at 2017-09-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183315;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OVERSEAS UNKNOWN Malware Communication"; flow:established,to_server; content:"unknown"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-05,updated_at 2019-09-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183316;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADDITIONAL UNKNOWN Malware Communication"; flow:established,to_server; content:"THWuGA"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-09-27,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183317;) #drop http any any -> $HOME_NET any (msg:"Acme - ALIVE FORMAT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"format"; priority:2; metadata:cwe_id 618,hostile src_ip,created_at 2018-05-08,capec_id 253,updated_at 2018-05-22,filename scada.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target http-client,attack_target client,cve 2016-2956865,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:2; sid:80183318;) alert http any any -> $HOME_NET any (msg:"Acme - PASSIVE BANQUETTE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"banquette"; priority:4; metadata:cwe_id 200,created_at 2019-09-21,updated_at 2019-09-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 4.6,cve 2017-4331124,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:4; sid:80183319;) alert http any any -> $HOME_NET any (msg:"Acme - SLOW PROTECTION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"protection"; priority:4; metadata:cwe_id 200,created_at 2018-05-12,updated_at 2018-05-21,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.9,cve 2017-8031812,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:4; sid:80183320;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CORRECT PANTOLOGIST Malware Communication"; flow:established,to_server; content:"pantologist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-15,updated_at 2019-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183321;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOUDY NEAT Malware Communication"; flow:established,to_client; file_data; content:"neat"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-07-08,updated_at 2016-07-09,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183322;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEMANTIC FRUIT Malware Communication"; flow:established, to_server; content:"fruit"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-10-17,updated_at 2018-10-17,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183323;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIKELY EXAM Traffic Detected"; flow:established, to_server; content:"exam"; priority:3; metadata:hostile src_ip,created_at 2018-10-01,capec_id 223,updated_at 2018-10-12,filename telnet.rules,priority low,rule_source acme-rule-factory,attack_target telnet-server,attack_target server,protocols telnet,protocols tcp; rev:1; sid:80183324;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOICELESS ANTELOPE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"antelope"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-13,capec_id 123,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target http-client,attack_target client,cve 2018-2077699,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:2; sid:80183325;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABOVE COLUMNIST Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"columnist"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-25,capec_id 255,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2018-5323794,cvss_v2_temporal 1.7,protocols http,protocols tcp; rev:2; sid:80183326;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN STRENGTH Malware Communication"; flow:established, to_server; content:"strength"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-05-23,updated_at 2019-05-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80183327;) drop http any any -> $HOME_NET any (msg:"Acme - SQUARE MUSIC-MAKING Malware Communication"; flow:established, to_server; content:"music-making"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-02,updated_at 2019-06-24,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80183328;) drop http $HOME_NET any -> any any (msg:"Acme - REGIONAL NOUNKNOWN Malware Communication"; flow:established, to_client; content:"noUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-24,updated_at 2019-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183329;) drop http $HOME_NET any -> any any (msg:"Acme - COMPLETE MUKLUK Malware Communication"; flow:established, to_client; content:"mukluk"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-03,updated_at 2016-09-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183330;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SPARKLING UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; content:"UNKNOWN"; priority:4; metadata:cwe_id 416,hostile src_ip,created_at 2019-03-07,capec_id 255,updated_at 2019-03-20,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target http-client,attack_target client,cve 2018-2465316,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:3; sid:80183331;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BIOLOGICAL SHIFT Exploitation Attempt Seen"; flow:established, to_client; content:"shift"; priority:1; metadata:cwe_id 416,hostile src_ip,created_at 2018-05-09,capec_id 255,updated_at 2018-05-22,filename acme.rules,priority high,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target http-client,attack_target client,cve 2016-9196901,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:1; sid:80183332;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THEORETICAL UNKNOWN Malware Communication"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-03-12,updated_at 2019-03-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183333;) drop http any any -> any any (msg:"Acme - GENETIC EVALUATOR Malware Communication"; flow:established, to_server; content:"evaluator"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-07-26,updated_at 2018-07-28,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183334;) #alert tcp $EXTERNAL_NET any -> any $HTTP_PORTS (msg:"Acme - SPECTACULAR CONVERTIBLE Traffic Detected"; flow:established, to_server; content:"convertible"; priority:4; metadata:hostile src_ip,created_at 2018-03-18,updated_at 2018-03-27,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183335;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEGITIMATE NOISE Malware Communication"; flow:established, to_server; content:"noise"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-20,updated_at 2017-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183336;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMBINED GOPHER Malware Communication"; flow:established, to_server; content:"gopher"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-20,updated_at 2018-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183337;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RADICAL SPINACH Malware Communication"; flow:established,to_server; content:"spinach"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-01,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183338;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPLICABLE BURN-OUT Malware Communication"; flow:established,to_server; content:"burn-out"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2017-01-01,updated_at 2017-01-23,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80183339;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSIDE FRESCO Malware Communication"; flow:established,to_client; content:"fresco"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-02-21,updated_at 2019-02-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183340;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - METROPOLITAN TRIM Malware Communication"; flow:established,to_server; content:"trim"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-13,updated_at 2018-09-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183341;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - VISUAL PIKE Exploitation Attempt Seen"; flow:established, to_client; content:"pike"; priority:1; metadata:hostile src_ip,created_at 2019-09-11,updated_at 2019-09-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-5256336,protocols http,protocols tcp; rev:1; sid:80183342;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - IMPOSSIBLE HELICOPTER Traffic Detected"; flow:established, to_server; content:"helicopter"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-08-22,capec_id 310,updated_at 2017-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183343;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERESTED MARSH Malware Communication"; flow:established,to_server; content:"marsh"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80183344;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENETIC PILOT Malware Communication"; flow:established,to_server; content:"pilot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-09,updated_at 2017-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183345;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL KINDNESS Traffic Detected"; flow:established, to_server; content:"kindness"; priority:3; metadata:hostile src_ip,created_at 2017-10-03,capec_id 213,updated_at 2017-10-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183346;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN SCHOOL Traffic Detected"; flow:established,to_server; content:"school"; priority:3; metadata:hostile src_ip,created_at 2019-05-17,capec_id 286,updated_at 2019-05-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183347;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPLICATED STOCK Exploitation Attempt Seen"; flow:established, to_server; content:"stock"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-05-04,updated_at 2018-05-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-7113335,protocols http,protocols tcp; rev:2; sid:80183348;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SORE WISTERIA Exploitation Attempt Seen"; flow:established, to_server; content:"wisteria"; priority:3; metadata:hostile src_ip,created_at 2019-04-14,capec_id 129,updated_at 2019-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-4412171,protocols tcp; rev:1; sid:80183349;) alert http any any -> any any (msg:"Acme - BASIC SPOON Traffic Detected"; flow:established, to_server; content:"spoon"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2019-01-05,capec_id 100,updated_at 2019-01-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,cvss_v2_temporal 10.0,protocols http,protocols tcp; rev:2; sid:80183350;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2018-01-12,updated_at 2018-01-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183351;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SIGNIFICANT BANQUETTE Malware Communication"; flow:established,to_client; content:"banquette"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-07-18,updated_at 2017-07-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-2536001,protocols http,protocols tcp; rev:1; sid:80183352;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SKILLED UNKNOWNENING Malware Communication"; flow:established, to_server; content:"UNKNOWNening"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-24,updated_at 2018-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183353;) #alert http any any -> $HOME_NET any (msg:"Acme - SILLY SAVE Exploitation Attempt Seen"; flow:established, to_server; content:"save"; priority:2; metadata:cwe_id 22,hostile src_ip,created_at 2019-10-09,capec_id 253,updated_at 2019-10-15,filename scada.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cve 2018-8606116,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80183354;) alert http any any -> $HOME_NET any (msg:"Acme - RAPID CORRESPONDENT Exploitation Attempt Seen"; flow:established, to_server; content:"correspondent"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2015-05-24,updated_at 2015-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cve 2015-8730012,cve 2015-8730012,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:4; sid:80183355;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BATHROBE Malware Communication"; flow:established,to_server; content:"bathrobe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-03,updated_at 2017-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183356;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CURRENT CROP Exploitation Attempt Seen"; flow:established, to_server; content:"crop"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-04-19,capec_id 100,updated_at 2017-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,cve 2016-1005254,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:1; sid:80183357;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN LACQUERWARE Traffic Detected"; flow:established, to_server; content:"lacquerware"; priority:3; metadata:hostile src_ip,created_at 2017-01-24,capec_id 156,updated_at 2017-01-24,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183358;) #alert tcp any any -> $HOME_NET any (msg:"Acme - VARIOUS NICETY Traffic Detected"; flow:established, to_server; content:"nicety"; priority:3; metadata:hostile src_ip,created_at 2019-08-12,capec_id 156,updated_at 2019-08-22,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183359;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POST-WAR PROJECT Malware Communication"; flow:established,to_server; content:"project"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-12,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183360;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BALANCED DRY Malware Communication"; flow:established,to_client; content:"dry"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2019-07-03,updated_at 2019-07-06,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183361;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOBLE SCALE Traffic Detected"; flow:established, to_server; content:"scale"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-03-22,capec_id 253,updated_at 2019-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183362;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEGAL PAJAMA Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pajama"; priority:3; metadata:hostile src_ip,created_at 2019-05-21,updated_at 2019-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-6815553,protocols http,protocols tcp; rev:2; sid:80183363;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIMAL WALNUT Malware Communication"; flow:established,to_server; content:"walnut"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-10-03,updated_at 2019-10-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183364;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEMICAL BANK Malware Communication"; flow:established,to_server; content:"bank"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-07-06,updated_at 2016-07-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183365;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBEDIENT CANAL Malware Communication"; flow:established,to_server; content:"canal"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-08-02,updated_at 2018-08-02,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183366;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURIOUS UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-07-02,updated_at 2016-07-05,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183367;) #alert http any any -> $HOME_NET any (msg:"Acme - ZEALOUS PROFESSION Traffic Detected"; flow:established, to_server; content:"profession"; priority:3; metadata:hostile src_ip,created_at 2017-11-15,capec_id 100,updated_at 2017-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183368;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DECENT DRIZZLE Malware Communication"; flow:established,to_client; content:"drizzle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-05-18,updated_at 2019-05-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183369;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEVELOPING UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-24,updated_at 2017-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183370;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMILING UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183371;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICATE BLOOD Malware Communication"; flow:established,to_server; content:"blood"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-08,updated_at 2018-02-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183372;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIKE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-04-22,capec_id 248,updated_at 2019-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183373;) #alert http any any -> $HOME_NET any (msg:"Acme - HEAVY BULB Traffic Detected"; flow:established, to_server; content:"bulb"; priority:3; metadata:hostile src_ip,created_at 2019-01-21,capec_id 100,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183374;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - IMPOSSIBLE STYLE Malware Communication"; flow:established, to_client; content:"style"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-08-07,updated_at 2018-08-26,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183375;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CHEERFUL RECOGNITION Traffic Detected"; flow:established, to_server; content:"recognition"; priority:3; metadata:hostile src_ip,created_at 2017-08-24,capec_id 100,updated_at 2017-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183376;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - RUNNING MAJOR-LEAGUE Exploitation Attempt Seen"; flow:established,to_server; content:"major-league"; priority:3; metadata:cwe_id 444,hostile src_ip,created_at 2019-11-13,capec_id 33,updated_at 2019-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target server,attack_target http-server,cve 2017-1922787,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:1; sid:80183377;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIRSTY GAMEBIRD Malware Communication"; flow:established, to_server; content:"gamebird"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-06,updated_at 2017-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183378;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ROLLING JUDO Malware Communication"; flow:established, to_client; content:"judo"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-10-25,updated_at 2018-10-25,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183379;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BRAVE BRILLIANT Malware Communication"; flow:established, to_client; content:"brilliant"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-04-18,updated_at 2018-04-28,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183380;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - NUMEROUS CRACKERS Malware Communication"; flow:established, to_client; content:"crackers"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-07-15,updated_at 2018-07-26,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183381;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - LIVE MOTHER-IN-LAW Malware Communication"; flow:established, to_client; content:"mother-in-law"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2017-03-23,updated_at 2017-03-24,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183382;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - FRAGILE CANOPY Malware Communication"; flow:established,to_server; content:"canopy"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2015-04-06,updated_at 2015-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183383;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - STINGY PUNKNOWNUM Malware Communication"; flow:established, to_client; content:"pUNKNOWNum"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2016-03-08,updated_at 2016-03-20,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183384;) alert http any any -> any any (msg:"Acme - TROUBLED TRASH Traffic Detected"; flow:established, to_client; file_data; content:"trash"; priority:2; metadata:hostile src_ip,created_at 2019-04-11,updated_at 2019-04-13,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183385;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOCAL THANKS Malware Communication"; flow:established,to_client; content:"thanks"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-07-01,updated_at 2019-07-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-3591772,cve 2018-3591772,cve 2018-3591772,cve 2018-3591772,cve 2018-3591772,cve 2018-3591772,cve 2018-3591772,protocols http,protocols tcp; rev:2; sid:80183386;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - SKINNY TRIGONOMETRY Malware Communication"; flow:established,to_server; content:"trigonometry"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-01,updated_at 2018-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183387;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROUD GLUT Malware Communication"; flow:established,to_server; content:"glut"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-02-11,updated_at 2018-02-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183388;) alert http $HOME_NET any -> any any (msg:"Acme - HAPPY TRACK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"track"; priority:3; metadata:cwe_id 294,cwe_id 255,created_at 2019-07-25,capec_id 118,updated_at 2019-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2019-504961,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80183389;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SENSIBLE DANIEL Malware Communication"; flow:established, to_server; content:"daniel"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2016-05-15,updated_at 2016-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183390;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE T-SHIRT Malware Communication"; flow:established, to_server; content:"t-shirt"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-11-13,updated_at 2019-11-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183391;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEADING ELBOW Malware Communication"; flow:established,to_server; content:"elbow"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-13,updated_at 2019-11-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183392;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DESIRABLE COAST Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"coast"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2019-01-10,capec_id 148,updated_at 2019-01-11,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cve 2019-9822901,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80183393;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WRONG CELSIUS Malware Communication"; flow:established,to_server; content:"celsius"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-09-03,updated_at 2016-09-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183394;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JUNIOR PEACOAT Malware Communication"; flow:established,to_server; content:"peacoat"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-03-14,updated_at 2019-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183395;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BOLD UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-06-20,updated_at 2018-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183396;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHRILL HEDGE Malware Communication"; flow:established,to_server; content:"hedge"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-16,updated_at 2018-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183397;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRACTICAL HORROR Traffic Detected"; flow:established,to_server; content:"horror"; priority:3; metadata:cwe_id 657,created_at 2017-06-08,updated_at 2017-06-17,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183398;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUBBER LEGAL Malware Communication"; flow:established, to_server; content:"legal"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-27,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183399;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BRAIN Traffic Detected"; flow:established,to_server; content:"brain"; priority:1; metadata:cwe_id 506,hostile dest_ip,created_at 2018-02-23,updated_at 2018-02-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183400;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VERTICAL GRANDDAUGHTER Malware Communication"; flow:established,to_client; content:"granddaughter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-01-21,updated_at 2019-01-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183401;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - WHOLE HOMEWORK Malware Communication"; flow:established, to_client; content:"homework"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-09-11,updated_at 2019-09-26,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183402;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL SAVE Malware Communication"; flow:established,to_server; content:"save"; priority:4; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2018-04-06,updated_at 2018-04-24,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183403;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN EDITOR Malware Communication"; flow:established, to_server; content:"editor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183404;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CORRUPTION Malware Communication"; flow:established,to_server; content:"corruption"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-17,updated_at 2019-06-28,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183405;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SWIFT DASHBOARD Malware Communication"; flow:established,to_server; content:"dashboard"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-03-05,updated_at 2017-03-27,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183406;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE AARDVARK Malware Communication"; flow:established,to_server; content:"aardvark"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-09,updated_at 2019-05-12,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183407;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DUAL RECRUIT Malware Communication"; flow:established, to_server; content:"recruit"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-03,updated_at 2019-06-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183408;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HURT BELLY Malware Communication"; flow:established, to_server; content:"belly"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-17,updated_at 2016-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183409;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FURNITURE Malware Communication"; flow:established, to_server; content:"furniture"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-07,updated_at 2017-11-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183410;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CARROT Exploitation Attempt Seen"; flow:established,to_server; content:"carrot"; priority:1; metadata:hostile dest_ip,created_at 2019-11-08,updated_at 2019-11-13,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4937774,protocols http,protocols tcp; rev:2; sid:80183411;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRATEGIC ARMCHAIR Traffic Detected"; flow:established, to_server; content:"armchair"; priority:3; metadata:cwe_id 798,hostile src_ip,created_at 2017-02-11,capec_id 49,updated_at 2017-02-11,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v2_temporal 4.6,protocols tcp; rev:1; sid:80183412;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANUAL WOODWIND Malware Communication"; flow:established,to_server; content:"woodwind"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-16,updated_at 2017-11-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183413;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FORTUNE Malware Communication"; flow:established,to_server; content:"fortune"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-26,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183414;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PUBLIC Malware Communication"; flow:established,to_server; content:"public"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-10,updated_at 2019-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183415;) drop http any any -> any any (msg:"Acme - UNKNOWN KNITTING Traffic Detected"; flow:established, to_client; content:"knitting"; priority:2; metadata:hostile src_ip,created_at 2017-04-15,updated_at 2017-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183416;) drop http any any -> any any (msg:"Acme - STATIC COWBELL Traffic Detected"; flow:established, to_client; content:"cowbell"; priority:2; metadata:hostile src_ip,created_at 2017-08-08,updated_at 2017-08-27,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183417;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN DOGSLED Malware Communication"; flow:established, to_client; content:"dogsled"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-07-20,updated_at 2018-07-28,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183418;) alert tcp any any -> $HOME_NET any (msg:"Acme - MATHEMATICAL COLISEUM Malware Communication"; flow:established, to_server; content:"coliseum"; priority:3; metadata:cwe_id 507,malware post-infection,created_at 2019-01-23,updated_at 2019-01-23,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183419;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FOWL Malware Communication"; flow:established,to_server; content:"fowl"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-25,updated_at 2017-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183420;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPLICATED INFANCY Malware Communication"; flow:established,to_server; content:"infancy"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-01-16,updated_at 2017-01-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183421;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROUD FURNACE Malware Communication"; flow:established, to_server; content:"furnace"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-06-11,updated_at 2016-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183422;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRATEFUL CEMETERY Malware Communication"; flow:established,to_server; content:"cemetery"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-05-17,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183423;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SUSPENDERS Malware Communication"; flow:established, to_client; file_data; content:"suspenders"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-03-09,updated_at 2019-03-17,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183424;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CONTRACT Malware Communication"; flow:established,to_server; content:"contract"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2015-10-13,updated_at 2015-10-15,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183425;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PUNY RELATION Exploitation Attempt Seen"; flow:established, to_server; content:"relation"; priority:3; metadata:hostile src_ip,created_at 2017-11-08,capec_id 213,updated_at 2017-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-9409361,cve 2015-9409361,cve 2015-9409361,protocols http,protocols tcp; rev:2; sid:80183426;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - USED AGENT Malware Communication"; flow:established,to_client; content:"agent"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-11-06,updated_at 2018-11-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183427;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FREE GUESS Traffic Detected"; flow:established, to_server; content:"guess"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-01-16,capec_id 286,updated_at 2018-01-19,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183428;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MONETARY THANKS Malware Communication"; flow:established, to_server; content:"thanks"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-04,updated_at 2019-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183429;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT TROUBLE Traffic Detected"; flow:established, to_server; content:"trouble"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-02-22,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183430;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN JAW Malware Communication"; flow:established, to_client; file_data; content:"jaw"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2017-04-07,updated_at 2017-04-26,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183431;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SATISFACTORY TRIP Malware Communication"; flow:established, to_server; content:"trip"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-11-02,updated_at 2016-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183432;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BAD MALL Malware Communication"; flow:established, to_server; content:"mall"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-11,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183433;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ACOUSTICS Malware Communication"; flow:established,to_server; content:"acoustics"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-10-23,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183434;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMALL TATTOO Malware Communication"; flow:established, to_client; file_data; content:"tattoo"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-11-21,updated_at 2018-11-27,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183435;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPARE SHACK Malware Communication"; flow:established,to_server; content:"shack"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-04-09,updated_at 2018-04-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183436;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - PARALLEL PILLBOX Malware Communication"; flow:established, to_server; content:"pillbox"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-01-08,updated_at 2016-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183437;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ARTIFICIAL WINDAGE Malware Communication"; flow:established, to_client; file_data; content:"windage"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2016-06-10,updated_at 2016-06-28,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183438;) drop http any any -> any any (msg:"Acme - NINEUNKNOWNTH-CENTURY BOOTS Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"boots"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-08-02,capec_id 255,updated_at 2019-08-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.5,cve 2017-2328389,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80183439;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNPY UNKNOWN Malware Communication"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2018-06-20,updated_at 2018-06-21,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183440;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICIOUS UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-08-11,updated_at 2016-08-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183441;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG CLIPPER Malware Communication"; flow:established,to_client; file_data; content:"clipper"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-04-23,updated_at 2018-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183442;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENUINE UNKNOWNITY Malware Communication"; flow:established,to_server; content:"UNKNOWNity"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-15,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183443;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCORNFUL PROFESSOR Malware Communication"; flow:established, to_server; content:"professor"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-03-05,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183444;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHORT HOOF Malware Communication"; flow:established,to_server; content:"hoof"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-06,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183445;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEUTRAL ASTERISK Exploitation Attempt Seen"; flow:established,to_server; content:"asterisk"; priority:2; metadata:cwe_id 184,cwe_id 749,hostile src_ip,created_at 2019-05-23,capec_id 115,updated_at 2019-05-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,attack_target http-server,cve 2019-2353629,cve 2019-2353629,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80183446;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPPORTING TRADITIONALISM Exploitation Attempt Seen"; flow:established,to_server; content:"traditionalism"; priority:2; metadata:cwe_id 184,cwe_id 749,hostile src_ip,created_at 2018-02-08,capec_id 115,updated_at 2018-02-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target server,attack_target http-server,cve 2017-6703965,cve 2017-6703965,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80183447;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - LOOSE NEWSSTAND Exploitation Attempt Seen"; flow:established,to_client; content:"newsstand"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-06-06,capec_id 255,updated_at 2019-06-10,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target http-client,attack_target client,cve 2019-4931897,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:1; sid:80183448;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONG DASHBOARD Exploitation Attempt Seen"; flow:established, to_server; content:"dashboard"; priority:2; metadata:cwe_id 416,hostile dest_ip,created_at 2019-03-18,updated_at 2019-03-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2018-8186237,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80183449;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIMITED FIDDLE Exploitation Attempt Seen"; flow:established, to_server; content:"fiddle"; priority:2; metadata:cwe_id 416,hostile dest_ip,created_at 2016-06-20,updated_at 2016-06-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target http-client,attack_target client,cve 2016-410298,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80183450;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PASSIVE BAIT Exploitation Attempt Seen"; flow:established, to_server; content:"bait"; priority:2; metadata:cwe_id 416,hostile dest_ip,created_at 2019-01-26,updated_at 2019-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target http-client,attack_target client,cve 2019-7606376,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80183451;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIDDLE PLASTER Exploitation Attempt Seen"; flow:established, to_server; content:"plaster"; priority:2; metadata:cwe_id 416,hostile dest_ip,created_at 2018-05-16,updated_at 2018-05-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target http-client,attack_target client,cve 2018-4993468,cvss_v2_temporal 8.8,protocols http,protocols tcp; rev:2; sid:80183452;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GREAT-GRANDMOTHER Exploitation Attempt Seen"; flow:established, to_server; content:"great-grandmother"; priority:2; metadata:cwe_id 416,hostile dest_ip,created_at 2019-07-24,updated_at 2019-07-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target http-client,attack_target client,cve 2016-2165089,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80183453;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIANT TERRITORY Exploitation Attempt Seen"; flow:established, to_server; content:"territory"; priority:2; metadata:cwe_id 416,hostile dest_ip,created_at 2019-04-13,updated_at 2019-04-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cve 2019-2759553,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80183454;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELIGIBLE LINER Exploitation Attempt Seen"; flow:established, to_server; content:"liner"; priority:2; metadata:cwe_id 416,hostile dest_ip,created_at 2019-09-22,updated_at 2019-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target http-client,attack_target client,cve 2019-3258525,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80183455;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POPULAR PLAY Malware Communication"; flow:established,to_server; content:"play"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-10,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183456;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REMARKABLE CONTAGION Malware Communication"; flow:established,to_server; content:"contagion"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183457;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OPTIMISTIC COONSKIN Exploitation Attempt Seen"; flow:established,from_server; content:"coonskin"; priority:2; metadata:cwe_id 120,hostile src_ip,created_at 2017-01-21,capec_id 100,updated_at 2017-01-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cve 2016-2393056,cvss_v2_temporal 5.5,protocols http,protocols tcp; rev:1; sid:80183458;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ZANY TOPSAIL Exploitation Attempt Seen"; flow:established, to_server; content:"topsail"; priority:2; metadata:cwe_id 284,hostile src_ip,created_at 2019-08-23,capec_id 248,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-19660,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:1; sid:80183459;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ZANY NEXUS Malware Communication"; flow:established,to_server; content:"nexus"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-01-19,updated_at 2017-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183460;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRECIOUS PHILOSOPHER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"philosopher"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-10-27,capec_id 255,updated_at 2018-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target http-client,attack_target client,cve 2017-6336440,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80183461;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUIET BEAUTY Malware Communication"; flow:established,to_server; content:"beauty"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-09,updated_at 2016-06-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183462;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMMEDIATE DESERT Malware Communication"; flow:established,to_server; content:"desert"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-07,updated_at 2019-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80183463;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENERGETIC RESPECT Malware Communication"; flow:established, to_server; content:"respect"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-15,updated_at 2019-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183464;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONG SNOB Malware Communication"; flow:established, to_server; content:"snob"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-24,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183465;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - IDEOLOGICAL ANYWHERE Malware Communication"; flow:established,to_server; content:"anywhere"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-13,updated_at 2019-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183466;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONG ABILITY Malware Communication"; flow:established, to_server; content:"ability"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-24,updated_at 2017-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183467;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUEL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2018-08-18,updated_at 2018-08-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-40157,cve 2018-40157,cve 2018-40157,protocols http,protocols tcp; rev:3; sid:80183468;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THOUGHTLESS CRECHE Malware Communication"; flow:established,to_server; content:"creche"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2019-09-12,updated_at 2019-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4768286,cve 2019-4768286,cve 2019-4768286,protocols http,protocols tcp; rev:4; sid:80183469;) drop http any any -> $HOME_NET any (msg:"Acme - RELUCTANT COSTUME Exploitation Attempt Seen"; flow:established, to_server; content:"costume"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2019-08-07,capec_id 248,updated_at 2019-08-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-1070515,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80183470;) drop http any any -> $HOME_NET any (msg:"Acme - MANY FLASH Exploitation Attempt Seen"; flow:established, to_server; content:"flash"; priority:3; metadata:cwe_id 255,hostile src_ip,created_at 2018-11-06,updated_at 2018-11-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cve 2017-5380767,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80183471;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIEF AUDIENCE Malware Communication"; flow:established,to_server; content:"audience"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-02-03,updated_at 2019-02-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183472;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNDERLYING PARCEL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"parcel"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-11-05,capec_id 152,updated_at 2017-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target http-client,attack_target client,cve 2015-7830068,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80183473;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PAST UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-08,capec_id 255,updated_at 2019-04-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cve 2018-8522033,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80183474;) drop tcp any any -> $HOME_NET any (msg:"Acme - BAD HOE Traffic Detected"; flow:established,to_server; content:"hoe"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2019-04-09,capec_id 88,updated_at 2019-04-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.9,attack_target server,attack_target http-server,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:1; sid:80183475;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN AMUSEMENT Traffic Detected"; flow:established,to_server; content:"amusement"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2017-05-23,capec_id 88,updated_at 2017-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target server,attack_target http-server,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:1; sid:80183476;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONDEMNED TONGUE Traffic Detected"; flow:established,to_server; content:"tongue"; priority:3; metadata:created_at 2019-08-24,updated_at 2019-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183477;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LOGGIA Traffic Detected"; flow:established,to_server; content:"loggia"; priority:3; metadata:created_at 2018-05-21,updated_at 2018-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183478;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INNOCENT SPEAKER Malware Communication"; flow:established, to_server; content:"speaker"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-27,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183479;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGENTA TRIAL Malware Communication"; flow:established, to_client; file_data; content:"trial"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2017-11-09,updated_at 2017-11-18,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183480;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIBERAL SLEEP Malware Communication"; flow:established,to_server; content:"sleep"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-10-07,updated_at 2018-10-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183481;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PROGRAM Malware Communication"; flow:established,to_server; content:"program"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2015-11-17,updated_at 2015-11-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183482;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REDUCED CHAUFFEUR Malware Communication"; flow:established,to_server; content:"chauffeur"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-07-27,updated_at 2019-07-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183483;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INJURED RUNNER Malware Communication"; flow:established,to_server; content:"runner"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-03-09,updated_at 2016-03-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183484;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEERFUL BIRDHOUSE Malware Communication"; flow:established,to_server; content:"birdhouse"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-24,updated_at 2019-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183485;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLORIOUS SPADE Exploitation Attempt Seen"; flow:established, to_server; content:"spade"; priority:2; metadata:cwe_id 749,hostile src_ip,created_at 2019-10-23,capec_id 253,updated_at 2019-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target server,attack_target http-server,cve 2019-3171223,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:3; sid:80183486;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VAGUE SOAP Exploitation Attempt Seen"; flow:established, to_server; content:"soap"; priority:2; metadata:cwe_id 749,hostile src_ip,created_at 2016-10-13,capec_id 253,updated_at 2016-10-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,attack_target http-server,cve 2016-245563,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:3; sid:80183487;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL BREASTPLATE Malware Communication"; flow:established,to_server; content:"breastplate"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-02-14,updated_at 2018-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80183488;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MARKSMAN Malware Communication"; flow:established,to_client; content:"marksman"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-01-26,updated_at 2018-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183489;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERNAL MANGROVE Malware Communication"; flow:established, to_client; file_data; content:"mangrove"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-10-24,updated_at 2019-10-25,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183490;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HOBBIT Malware Communication"; flow:established, to_client; file_data; content:"hobbit"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-08-17,updated_at 2019-08-18,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183491;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DUSTY WOOLEN Malware Communication"; flow:established,to_client; file_data; content:"woolen"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-20,updated_at 2019-07-24,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:5; sid:80183492;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - COMPREHENSIVE CORRIDOR Malware Communication"; flow:established,to_client; file_data; content:"corridor"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-17,updated_at 2019-03-23,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80183493;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - COLORFUL CAMEL Malware Communication"; flow:established,to_client; file_data; content:"camel"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-10,updated_at 2019-01-13,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:5; sid:80183494;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - MEAN PLANE Malware Communication"; flow:established,to_client; file_data; content:"plane"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-26,updated_at 2018-10-26,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80183495;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CERTAIN METHODOLOGY Malware Communication"; flow:established,to_client; file_data; content:"methodology"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-11,updated_at 2019-10-16,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80183496;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - POST-WAR TOUGH-GUY Malware Communication"; flow:established,to_client; file_data; content:"tough-guy"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-24,updated_at 2017-09-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80183497;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BRIGHT HUB Malware Communication"; flow:established,to_client; file_data; content:"hub"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-11,updated_at 2019-01-14,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80183498;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - QUIET FRESCO Malware Communication"; flow:established,to_client; file_data; content:"fresco"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-24,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:5; sid:80183499;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - NOSY RING Malware Communication"; flow:established,to_client; file_data; content:"ring"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-27,updated_at 2017-06-28,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80183500;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN PATROL Malware Communication"; flow:established,to_client; file_data; content:"patrol"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-14,updated_at 2019-01-17,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80183501;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REAR MAIN Malware Communication"; flow:established,to_client; file_data; content:"main"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-26,updated_at 2017-06-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183502;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - REAL MANAGEMENT Malware Communication"; flow:established,to_client; file_data; content:"management"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-02,updated_at 2019-06-09,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80183503;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENSE TAIL Malware Communication"; flow:established, to_client; file_data; content:"tail"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2017-09-23,updated_at 2017-09-28,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183504;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - EERIE PAJAMAS Malware Communication"; flow:established,to_client; file_data; content:"pajamas"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-16,updated_at 2016-01-23,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80183505;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRESH TRY Malware Communication"; flow:established, to_client; file_data; content:"try"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-09-13,updated_at 2019-09-24,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183506;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCELLENT CIRRUS Malware Communication"; flow:established, to_client; file_data; content:"cirrus"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-11-01,updated_at 2019-11-06,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183507;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILKY RESEARCH Malware Communication"; flow:established,to_client; file_data; content:"research"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-12,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183508;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BARE MOTORBOAT Malware Communication"; flow:established,to_server; content:"motorboat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-26,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183509;) alert tcp any any -> $HOME_NET any (msg:"Acme - OLYMPIC INTERVENOR Exploitation Attempt Seen"; flow:established,to_server; content:"intervenor"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2017-04-16,capec_id 88,updated_at 2017-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,cve 2017-3738804,cvss_v2_temporal 4.7,protocols tcp; rev:1; sid:80183510;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEAR UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-16,updated_at 2018-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183511;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RETIRED BLUEBERRY Malware Communication"; flow:established, to_server; content:"blueberry"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-04,updated_at 2019-08-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80183512;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - EVERYDAY PRINCESS Malware Communication"; flow:established, to_client; content:"princess"; priority:2; metadata:cwe_id 119,malware pre-infection,hostile src_ip,created_at 2018-08-10,updated_at 2018-08-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cve 2018-7907006,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:1; sid:80183513;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PERFECT SOCIETY Malware Communication"; flow:established,to_server; content:"society"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-11-01,updated_at 2016-11-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183514;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN MANKIND Malware Communication"; flow:established,to_server; content:"mankind"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-14,updated_at 2019-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183515;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE-EYED STORY Malware Communication"; flow:established,to_server; content:"story"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-11-04,updated_at 2016-11-04,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-337176,cve 2016-337176,cve 2016-337176,cve 2016-337176,cve 2016-337176,cve 2016-337176,cve 2016-337176,protocols http,protocols tcp; rev:2; sid:80183516;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXUBERANT PHEASANT Malware Communication"; flow:established,to_server; content:"pheasant"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-11-12,updated_at 2019-11-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-2344205,cve 2017-2344205,cve 2017-2344205,cve 2017-2344205,cve 2017-2344205,cve 2017-2344205,cve 2017-2344205,protocols http,protocols tcp; rev:2; sid:80183517;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REMOTE CORDUROY Malware Communication"; flow:established,to_server; content:"corduroy"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-01-13,updated_at 2018-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183518;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAST CLOVE Traffic Detected"; flow:established,to_server; content:"clove"; priority:3; metadata:created_at 2019-01-19,capec_id 286,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183519;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREAT COMPOSER Malware Communication"; flow:established,to_server; content:"composer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-01,updated_at 2019-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183520;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PLANNED CLAVICLE Malware Communication"; flow:established, to_server; content:"clavicle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-16,updated_at 2017-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183521;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMBATIVE AFTERMATH Malware Communication"; flow:established,to_server; content:"aftermath"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2015-04-18,updated_at 2015-04-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-3677152,cve 2015-3677152,cve 2015-3677152,cve 2015-3677152,cve 2015-3677152,cve 2015-3677152,cve 2015-3677152,protocols http,protocols tcp; rev:2; sid:80183522;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNDERGROUND Malware Communication"; flow:established,to_server; content:"underground"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-16,updated_at 2019-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-6351206,cve 2017-6351206,cve 2017-6351206,cve 2017-6351206,cve 2017-6351206,cve 2017-6351206,cve 2017-6351206,protocols http,protocols tcp; rev:2; sid:80183523;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASSOCIATED HOCKEY Malware Communication"; flow:established, to_client; file_data; content:"hockey"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-11-02,updated_at 2019-11-10,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183524;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - WARM READING Malware Communication"; flow:established, to_server; content:"reading"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2016-06-27,updated_at 2016-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183525;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAINY FUEL Malware Communication"; flow:established,to_client; content:"fuel"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-02-22,updated_at 2019-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183526;) drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - REQUIRED STOCK-IN-TRADE Exploitation Attempt Seen"; flow:established, to_server; content:"stock-in-trade"; priority:2; metadata:cwe_id 16,hostile src_ip,created_at 2018-02-14,capec_id 248,updated_at 2018-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cve 2017-8529832,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:1; sid:80183527;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELECTRONIC MIDNIGHT Traffic Detected"; flow:established,to_server; content:"midnight"; priority:1; metadata:hostile dest_ip,created_at 2018-11-19,updated_at 2018-11-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183528;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SENSIBLE DINNER Malware Communication"; flow:established, to_server; content:"dinner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-08,updated_at 2019-03-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183529;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PETITE SLIP Malware Communication"; flow:established,to_server; content:"slip"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-02-20,updated_at 2018-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183530;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BURNING TRACHOMA Malware Communication"; flow:established,to_client; content:"trachoma"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-09-12,updated_at 2019-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183531;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CLEANER Malware Communication"; flow:established, to_server; content:"cleaner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-22,updated_at 2017-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183532;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WIDTH Malware Communication"; flow:established,to_client; content:"width"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-01-07,updated_at 2018-01-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183533;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHARACTERISTIC SUSPECT Malware Communication"; flow:established, to_server; content:"suspect"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-22,updated_at 2018-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183534;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRIMINAL PITH Malware Communication"; flow:established,to_server; content:"pith"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-07,updated_at 2018-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183535;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BACON Malware Communication"; flow:established,to_server; content:"bacon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-08,updated_at 2018-02-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183536;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURE LABOUR Malware Communication"; flow:established,to_server; content:"labour"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183537;) drop tcp $HOME_NET $HTTP_PORTS -> any any (msg:"Acme - MYSTERIOUS TOWEL Malware Communication"; flow:established, to_client; content:"towel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-17,updated_at 2019-10-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-4648649,protocols http,protocols tcp; rev:1; sid:80183538;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTSIDE ROCKET Malware Communication"; flow:established,to_server; content:"rocket"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-07-02,updated_at 2018-07-15,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183539;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YUMMY SWIVEL Exploitation Attempt Seen"; flow:established, to_server; content:"swivel"; priority:2; metadata:cwe_id 77,hostile src_ip,created_at 2018-01-11,capec_id 248,updated_at 2018-01-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cve 2017-7268234,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80183540;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROYAL TRAM Malware Communication"; flow:established,to_server; content:"tram"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-17,updated_at 2019-04-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-2707066,cve 2017-2707066,cve 2017-2707066,cve 2017-2707066,cve 2017-2707066,cve 2017-2707066,cve 2017-2707066,protocols http,protocols tcp; rev:2; sid:80183541;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNEST WISH Malware Communication"; flow:established,to_server; content:"wish"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-4417778,cve 2018-4417778,cve 2018-4417778,cve 2018-4417778,cve 2018-4417778,cve 2018-4417778,cve 2018-4417778,protocols http,protocols tcp; rev:2; sid:80183542;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEVER UNKNOWNKENDER Exploitation Attempt Seen"; flow:established,to_client; content:"UNKNOWNkender"; priority:3; metadata:cwe_id 119,created_at 2019-05-04,capec_id 129,updated_at 2019-05-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.4,cve 2019-4015850,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80183543;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPERIOR GOPHER Traffic Detected"; flow:established, to_server; content:"gopher"; priority:4; metadata:created_at 2017-09-24,updated_at 2017-09-24,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183544;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - LOGICAL MOTORCAR Exploitation Attempt Seen"; flow:established,to_client; content:"motorcar"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-07-08,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cve 2018-542915,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:1; sid:80183545;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REALISTIC EMERGENCE Malware Communication"; flow:established, to_server; content:"emergence"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-15,updated_at 2018-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183546;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ORGANISATIONAL SNOWMAN Exploitation Attempt Seen"; flow:established, to_client; content:"snowman"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-09-02,capec_id 255,updated_at 2018-09-08,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cve 2017-9191804,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:1; sid:80183547;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - TIRED DIBBLE Malware Communication"; flow:established, to_server; content:"dibble"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-17,updated_at 2016-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183548;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GUIDANCE Malware Communication"; flow:established, to_server; content:"guidance"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-15,updated_at 2018-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183549;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEARBY PLENTY Malware Communication"; flow:established, to_server; content:"plenty"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-09-01,updated_at 2015-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183550;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - FAINT TEACHER Malware Communication"; flow:established,to_server; content:"teacher"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-21,updated_at 2018-01-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183551;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURIOUS EVOCATION Malware Communication"; flow:established, to_server; content:"evocation"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-11,updated_at 2019-01-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183552;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIGH DOUBLING Malware Communication"; flow:established,to_server; content:"doubling"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-02-13,updated_at 2019-02-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183553;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROGRESSIVE TRUST Malware Communication"; flow:established,to_server; content:"trust"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183554;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIOLENT SEASON Malware Communication"; flow:established,to_server; content:"season"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-26,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183555;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLOUDY WASHTUB Malware Communication"; flow:established,to_server; content:"washtub"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183556;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIFFERENT MANX Malware Communication"; flow:established,to_server; content:"manx"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-07,updated_at 2019-07-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183557;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELATIVE PRESS Malware Communication"; flow:established,to_server; content:"press"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-01-08,updated_at 2017-01-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183558;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PINK ERROR Malware Communication"; flow:established,to_client; content:"error"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-10-20,updated_at 2017-10-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183559;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUSPICIOUS EAVE Malware Communication"; flow:established,to_client; content:"eave"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-06-08,updated_at 2018-06-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183560;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INEVITABLE RAINBOW Malware Communication"; flow:established,to_server; content:"rainbow"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-05-21,updated_at 2019-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183561;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MENORAH Malware Communication"; flow:established, to_server; content:"menorah"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-20,updated_at 2017-08-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183562;) alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN ALGEBRA Traffic Detected"; flow:established, to_server; content:"algebra"; priority:3; metadata:cwe_id 200,created_at 2019-01-10,capec_id 286,updated_at 2019-01-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183563;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASHAMED MOTORCAR Malware Communication"; flow:established,to_client; content:"motorcar"; priority:1; metadata:cwe_id 506,malware download-attempt,created_at 2018-04-13,updated_at 2018-04-18,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183564;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YOUNG EPHEMERA Malware Communication"; flow:established, to_server; content:"ephemera"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-08-02,updated_at 2019-08-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183565;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GUILTY TAMBOURINE Malware Communication"; flow:established,to_server; content:"tambourine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-21,updated_at 2019-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183566;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELDEST POSITION Malware Communication"; flow:established, to_server; content:"position"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-10-14,updated_at 2019-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183567;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OBNOXIOUS SOFA Malware Communication"; flow:established, to_client; content:"sofa"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-08-01,updated_at 2016-08-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183568;) drop http any any -> $HOME_NET any (msg:"Acme - STRONG SOCK Traffic Detected"; flow:established, to_server; content:"sock"; priority:2; metadata:cwe_id 20,hostile src_ip,created_at 2019-09-01,capec_id 248,updated_at 2019-09-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183569;) alert tcp any any -> $HOME_NET any (msg:"Acme - SOLID TRANSOM Traffic Detected"; flow:established, to_server; content:"transom"; priority:4; metadata:cwe_id 284,hostile src_ip,created_at 2019-04-13,capec_id 118,updated_at 2019-04-14,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target server,attack_target http-server,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:1; sid:80183570;) alert tcp any any -> $HOME_NET any (msg:"Acme - VITAL WINNER Traffic Detected"; flow:established, to_server; content:"winner"; priority:4; metadata:cwe_id 284,hostile src_ip,created_at 2019-05-17,capec_id 118,updated_at 2019-05-25,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target server,attack_target http-server,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:1; sid:80183571;) alert tcp any any -> $HOME_NET any (msg:"Acme - RANDOM UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:cwe_id 284,hostile src_ip,created_at 2015-01-20,capec_id 118,updated_at 2015-01-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target server,attack_target http-server,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:1; sid:80183572;) alert tcp any any -> $HOME_NET any (msg:"Acme - ODD BACKBONE Traffic Detected"; flow:established, to_server; content:"backbone"; priority:4; metadata:cwe_id 284,hostile src_ip,created_at 2018-02-02,capec_id 118,updated_at 2018-02-02,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target server,attack_target http-server,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:1; sid:80183573;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SUNNY ANETHESIOLOGIST Malware Communication"; flow:established,to_client; content:"anethesiologist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-19,updated_at 2019-03-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183574;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGENTA UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-09,updated_at 2017-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183575;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNITED CEMENT Malware Communication"; flow:established, to_server; content:"cement"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-01-25,updated_at 2017-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183576;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ICE-CREAM Malware Communication"; flow:established,to_server; content:"ice-cream"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-13,updated_at 2018-06-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183577;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELATED TUXEDO Malware Communication"; flow:established, to_server; content:"tuxedo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-23,updated_at 2017-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183578;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPORTANT SEAT Exploitation Attempt Seen"; flow:established, to_server; content:"seat"; priority:3; metadata:hostile src_ip,created_at 2015-02-18,capec_id 248,updated_at 2015-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2015-6577735,protocols http,protocols tcp; rev:2; sid:80183579;) drop tcp any any -> $HOME_NET any (msg:"Acme - INTACT ROD Traffic Detected"; flow:established, to_server; content:"rod"; priority:2; metadata:created_at 2019-04-23,capec_id 248,updated_at 2019-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183580;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNDAMENTAL TENSION Traffic Detected"; flow:established, to_server; content:"tension"; priority:4; metadata:created_at 2019-10-20,updated_at 2019-10-26,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183581;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGNIFICENT CUTICLE Traffic Detected"; flow:established, to_server; content:"cuticle"; priority:4; metadata:created_at 2016-06-09,updated_at 2016-06-12,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183582;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INSTANT BARIUM Traffic Detected"; flow:established, to_server; content:"barium"; priority:4; metadata:hostile src_ip,created_at 2018-02-12,updated_at 2018-02-19,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183583;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUZZY DOLPHIN Malware Communication"; flow:established,to_server; content:"dolphin"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-19,updated_at 2018-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183584;) drop tcp any any -> $HOME_NET any (msg:"Acme - GLEAMING GEYSER Traffic Detected"; flow:established, to_server; content:"geyser"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2019-05-01,capec_id 248,updated_at 2019-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:1; sid:80183585;) drop http any any -> $HOME_NET any (msg:"Acme - GLORIOUS UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2019-03-08,updated_at 2019-03-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target server,attack_target http-server,cve 2019-1939062,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80183586;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHORT COLISEUM Malware Communication"; flow:established,to_server; content:"coliseum"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-11,updated_at 2018-04-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183587;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PALE ESCAPE Malware Communication"; flow:established,to_server; content:"escape"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-23,updated_at 2018-01-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183588;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALIVE UNKNOWNITY Malware Communication"; flow:established, to_server; content:"UNKNOWNity"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-19,updated_at 2018-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183589;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OKAY LEEK Exploitation Attempt Seen"; flow:established,to_client; content:"leek"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-27,capec_id 129,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2019-75403,cvss_v2_temporal 2.7,protocols http,protocols tcp; rev:2; sid:80183590;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTELLECTUAL CAPE Exploitation Attempt Seen"; flow:established, to_server; content:"cape"; priority:3; metadata:hostile src_ip,created_at 2019-09-10,capec_id 213,updated_at 2019-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-1007334,protocols http,protocols tcp; rev:2; sid:80183591;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL SEAT Exploitation Attempt Seen"; flow:established, to_server; content:"seat"; priority:3; metadata:hostile src_ip,created_at 2019-08-19,capec_id 253,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2018-7653573,protocols http,protocols tcp; rev:2; sid:80183592;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICIOUS ESSAY Malware Communication"; flow:established,to_server; content:"essay"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-11,updated_at 2019-05-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183593;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAF KIELBASA Exploitation Attempt Seen"; flow:established, to_server; content:"kielbasa"; priority:3; metadata:hostile src_ip,created_at 2019-02-18,capec_id 242,updated_at 2019-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-1589064,protocols http,protocols tcp; rev:2; sid:80183594;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELATED AUTHORIZATION Exploitation Attempt Seen"; flow:established, to_server; content:"authorization"; priority:3; metadata:hostile src_ip,created_at 2017-06-12,capec_id 242,updated_at 2017-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-7118933,protocols http,protocols tcp; rev:2; sid:80183595;) alert http any any -> $HOME_NET any (msg:"Acme - ANNUAL COTTAGE Traffic Detected"; flow:established, to_server; content:"cottage"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-01-18,capec_id 248,updated_at 2018-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,attack_target http-server,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80183596;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD VIOLET Malware Communication"; flow:established,to_client; content:"violet"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-05-16,updated_at 2019-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-2674249,cve 2016-2674249,cve 2016-2674249,cve 2016-2674249,cve 2016-2674249,cve 2016-2674249,cve 2016-2674249,protocols http,protocols tcp; rev:2; sid:80183597;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BREAKABLE PULL Exploitation Attempt Seen"; flow:established, to_server; content:"pull"; priority:3; metadata:cwe_id 20,created_at 2019-05-07,capec_id 242,updated_at 2019-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,cve 2018-3198101,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80183598;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELEGANT RIDER Malware Communication"; flow:established,to_client; content:"rider"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-01-20,updated_at 2019-01-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183599;) #alert http any any -> $HOME_NET any (msg:"Acme - RESULTING DEPLOYMENT Traffic Detected"; flow:established, to_server; content:"deployment"; priority:3; metadata:hostile src_ip,created_at 2019-04-18,updated_at 2019-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183600;) drop http any any -> $HOME_NET any (msg:"Acme - MELODIC CLASSROOM Malware Communication"; flow:established, to_server; content:"classroom"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-05-27,updated_at 2019-05-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183601;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEIGHBOURING EARDUNKNOWN Malware Communication"; flow:established, to_server; content:"eardUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-11-17,updated_at 2016-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183602;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCITED UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-02-13,updated_at 2016-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183603;) drop http any any -> $HOME_NET any (msg:"Acme - VOCATIONAL DRUG Traffic Detected"; flow:established, to_server; content:"drug"; priority:2; metadata:hostile src_ip,created_at 2016-03-23,capec_id 242,updated_at 2016-03-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183604;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEFT WASHBASIN Malware Communication"; flow:established, to_server; content:"washbasin"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183605;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREFERRED OVERCOAT Traffic Detected"; flow:established, to_server; content:"overcoat"; priority:4; metadata:hostile dest_ip,created_at 2019-11-07,updated_at 2019-11-22,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183606;) drop tcp any $HTTP_PORTS -> any any (msg:"Acme - RESPECTABLE INTRODUCTION Traffic Detected"; flow:established, to_client; content:"introduction"; priority:2; metadata:hostile dest_ip,created_at 2019-04-27,updated_at 2019-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183607;) alert tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN STEAL Malware Communication"; flow:established; content:"steal"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2017-09-05,updated_at 2017-09-06,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols irc,protocols tcp; rev:1; sid:80183608;) drop tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN APPLIANCE Malware Communication"; flow:established; content:"appliance"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-03-07,updated_at 2019-03-20,filename acme.rules,priority high,rule_source acme-rule-factory,protocols irc,protocols tcp; rev:1; sid:80183609;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUBBER NUT Malware Communication"; flow:established; content:"nut"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-10-09,updated_at 2019-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols irc,protocols tcp; rev:1; sid:80183610;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STORMY COMPOSER Malware Communication"; flow:established, to_server; content:"composer"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-05,updated_at 2019-10-23,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80183611;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN READING Malware Communication"; flow:established, to_server; content:"reading"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-18,updated_at 2016-09-20,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80183612;) alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN COMMUNITY Exploitation Attempt Seen"; flow:established, to_server; content:"community"; priority:4; metadata:cwe_id 200,cwe_id 843,cvss_v3_base 6.3,hostile src_ip,created_at 2019-03-24,updated_at 2019-03-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cvss_v3_temporal 5.1,cve 2019-2669981,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80183613;) alert http any any -> $HOME_NET any (msg:"Acme - VICTORIOUS HUMOUR Exploitation Attempt Seen"; flow:established, to_server; content:"humour"; priority:4; metadata:cwe_id 200,cwe_id 843,cvss_v3_base 5.2,hostile src_ip,created_at 2019-03-20,updated_at 2019-03-25,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cvss_v3_temporal 4.5,cve 2017-1818632,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80183614;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WRONG SETTLER Malware Communication"; flow:established, to_server; content:"settler"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-26,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183615;) #alert tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - EXPLICIT SAILBOAT Traffic Detected"; flow:established, to_server; content:"sailboat"; priority:4; metadata:cwe_id 657,created_at 2017-01-22,updated_at 2017-01-28,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183616;) #alert tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - DEFIANT RECORD Traffic Detected"; flow:established, to_server; content:"record"; priority:4; metadata:cwe_id 657,created_at 2019-02-26,updated_at 2019-02-27,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183617;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNTIC BICYCLE Malware Communication"; flow:established,to_server; content:"bicycle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-25,updated_at 2018-02-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183618;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASSOCIATED MENORAH Malware Communication"; flow:established,to_server; content:"menorah"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-09,updated_at 2019-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183619;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGISTERED ECLIPTIC Malware Communication"; flow:established,to_server; content:"ecliptic"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-27,updated_at 2019-11-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183620;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CHEST Malware Communication"; flow:established,to_server; content:"chest"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-22,updated_at 2019-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183621;) alert tcp any any -> any any (msg:"Acme - REMARKABLE CURTAIN Traffic Detected"; flow:established, to_client; content:"curtain"; priority:3; metadata:created_at 2018-05-14,updated_at 2018-05-20,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:1; sid:80183622;) drop http any any -> $HOME_NET any (msg:"Acme - ASSISTANT AGREEMENT Exploitation Attempt Seen"; flow:established,to_server; content:"agreement"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2018-02-18,capec_id 88,updated_at 2018-02-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-2978297,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80183623;) alert http any any -> $HOME_NET any (msg:"Acme - SENSIBLE TON Exploitation Attempt Seen"; flow:established, to_server; content:"ton"; priority:2; metadata:cwe_id 620,hostile src_ip,created_at 2019-06-07,capec_id 253,updated_at 2019-06-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cve 2018-3554711,cvss_v2_temporal 8.3,protocols http,protocols tcp; rev:2; sid:80183624;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LUTE Traffic Detected"; flow:established,to_client; content:"lute"; priority:2; metadata:hostile dest_ip,created_at 2019-07-23,capec_id 410,updated_at 2019-07-24,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183625;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CROWDED CRAFTSMAN Malware Communication"; flow:established, to_server; content:"craftsman"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-01-20,updated_at 2016-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183626;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CREEPY RAW Exploitation Attempt Seen"; flow:established, to_server; content:"raw"; priority:3; metadata:hostile src_ip,created_at 2018-11-15,capec_id 100,updated_at 2018-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-2295253,protocols http,protocols tcp; rev:2; sid:80183627;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CHAMPIONSHIP Exploitation Attempt Seen"; flow:established, to_server; content:"championship"; priority:3; metadata:hostile src_ip,created_at 2017-02-15,capec_id 100,updated_at 2017-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-7733849,protocols http,protocols tcp; rev:2; sid:80183628;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANAGING CUSHION Exploitation Attempt Seen"; flow:established, to_server; content:"cushion"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-01-15,capec_id 135,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cve 2016-9211249,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80183629;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SHORT-TERM GUESTBOOK Malware Communication"; flow:established, to_server; content:"guestbook"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-03-24,updated_at 2017-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183630;) drop http any any -> $HOME_NET any (msg:"Acme - OK NORTH Exploitation Attempt Seen"; flow:established,to_server; content:"north"; priority:2; metadata:cwe_id 78,cvss_v3_base 6.8,hostile src_ip,created_at 2019-06-25,capec_id 88,updated_at 2019-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.2,cve 2019-8044373,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80183631;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - PROUD ANAGRAM Malware Communication"; flow:established, to_server; content:"anagram"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-01-24,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183632;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIDICULOUS ATTIC Malware Communication"; flow:established,to_server; content:"attic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-27,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183633;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - PROUD NOUNKNOWN Malware Communication"; flow:established,to_client; content:"noUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-05-21,updated_at 2019-05-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183634;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - PRIME DIG Malware Communication"; flow:established,to_server; content:"dig"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-19,updated_at 2019-01-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183635;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - STUCK BONDSMAN Malware Communication"; flow:established,to_server; content:"bondsman"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-03-03,updated_at 2018-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183636;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - IRRELEVANT MACHINE Malware Communication"; flow:established,to_server; content:"machine"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-01-01,updated_at 2017-01-08,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183637;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - UNKNOWNTIC SNOWFLAKE Malware Communication"; flow:established,to_server; content:"snowflake"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-10-23,updated_at 2019-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183638;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILD NAMING Malware Communication"; flow:established, to_server; content:"naming"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-05,updated_at 2017-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183639;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWNESTY Malware Communication"; flow:established, to_server; content:"UNKNOWNesty"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-12,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183640;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PSYCHOLOGICAL HEADREST Malware Communication"; flow:established, to_server; content:"headrest"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-10,updated_at 2019-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183641;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - BASIC POUCH Malware Communication"; flow:established,to_server; content:"pouch"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183642;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRYING PLATFORM Malware Communication"; flow:established,to_server; content:"platform"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-10-01,updated_at 2017-10-02,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183643;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL SPRING Malware Communication"; flow:established, to_server; content:"spring"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-25,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183644;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRAMATIC DIMPLE Malware Communication"; flow:established, to_server; content:"dimple"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-13,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183645;) alert http any any -> $HOME_NET any (msg:"Acme - SURE FENCE Exploitation Attempt Seen"; flow:established,to_server; content:"fence"; priority:4; metadata:cwe_id 89,hostile src_ip,created_at 2019-06-02,capec_id 110,updated_at 2019-06-13,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,attack_target http-server,cve 2018-8368150,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80183646;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAPABLE BEANIE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"beanie"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2017-05-17,capec_id 123,updated_at 2017-05-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2017-7389480,cvss_v2_temporal 7.9,protocols http,protocols tcp; rev:2; sid:80183647;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ESSENTIAL SISTER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"sister"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-04-07,capec_id 123,updated_at 2018-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.9,attack_target http-client,attack_target client,cve 2017-8699889,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80183648;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EAT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"eat"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-16,capec_id 123,updated_at 2019-08-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cve 2019-7230952,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80183649;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CIRCULAR SMOKING Malware Communication"; flow:established,to_server; content:"smoking"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-01-07,updated_at 2019-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183650;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EVIDENT RHYTHM Traffic Detected"; flow:established, to_server; content:"rhythm"; priority:2; metadata:hostile src_ip,created_at 2018-04-12,updated_at 2018-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183651;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWARE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-01-23,updated_at 2018-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183652;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANAGING MANKIND Malware Communication"; flow:established, to_client; file_data; content:"mankind"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-10-21,updated_at 2017-10-21,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183653;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOOD DEPARTMENT Traffic Detected"; flow:established, to_server; content:"department"; priority:2; metadata:hostile src_ip,created_at 2019-08-03,capec_id 248,updated_at 2019-08-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183654;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SERIOUS EXPLANATION Traffic Detected"; flow:established, to_server; content:"explanation"; priority:2; metadata:hostile src_ip,created_at 2017-06-24,capec_id 248,updated_at 2017-06-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183655;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OBLIGATION Traffic Detected"; flow:established, to_server; content:"obligation"; priority:2; metadata:hostile src_ip,created_at 2019-04-15,updated_at 2019-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183656;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISGUSTED SILVER Traffic Detected"; flow:established, to_server; content:"silver"; priority:2; metadata:hostile src_ip,created_at 2018-02-25,capec_id 248,updated_at 2018-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183657;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUDDEN PROBATION Traffic Detected"; flow:established, to_server; content:"probation"; priority:2; metadata:hostile src_ip,created_at 2019-05-14,capec_id 248,updated_at 2019-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183658;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUTE DRESSER Traffic Detected"; flow:established, to_server; content:"dresser"; priority:2; metadata:hostile src_ip,created_at 2017-01-19,capec_id 248,updated_at 2017-01-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183659;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MUSIC-MAKING Malware Communication"; flow:established, to_server; content:"music-making"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-15,updated_at 2017-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183660;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXISTING FUN Traffic Detected"; flow:established, to_server; content:"fun"; priority:2; metadata:hostile src_ip,created_at 2019-08-05,capec_id 248,updated_at 2019-08-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183661;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURRENT ODOMETER Traffic Detected"; flow:established, to_server; content:"odometer"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2018-09-10,capec_id 248,updated_at 2018-09-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183662;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEGAL FRIGATE Traffic Detected"; flow:established, to_server; content:"frigate"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2017-05-13,capec_id 248,updated_at 2017-05-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183663;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORGANIC BOSS Traffic Detected"; flow:established, to_server; content:"boss"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-06-17,capec_id 248,updated_at 2019-06-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183664;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIMARY BLOOM Traffic Detected"; flow:established,to_server; content:"bloom"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2018-11-07,capec_id 248,updated_at 2018-11-23,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183665;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNNY ASSOCIATION Traffic Detected"; flow:established,to_server; content:"association"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-08-07,capec_id 248,updated_at 2019-08-13,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183666;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OFFICIAL CEMENT Traffic Detected"; flow:established,to_server; content:"cement"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2018-03-17,capec_id 248,updated_at 2018-03-19,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183667;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANUAL ATTENUATION Malware Communication"; flow:established,to_server; content:"attenuation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-07,updated_at 2017-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183668;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECIAL TIMBALE Malware Communication"; flow:established,to_server; content:"timbale"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-20,updated_at 2018-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183669;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STEEP DEPTH Malware Communication"; flow:established, to_server; content:"depth"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-17,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183670;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLINICAL ROLL Malware Communication"; flow:established,to_server; content:"roll"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-05,updated_at 2016-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183671;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PART-TIME TRIAL Malware Communication"; flow:established,to_server; content:"trial"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-16,updated_at 2017-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183672;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNINTERESTED HOPE Malware Communication"; flow:established, to_server; content:"hope"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-08-19,updated_at 2018-08-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183673;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANCIENT BONGO Malware Communication"; flow:established,to_server; content:"bongo"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-25,updated_at 2019-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183674;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUEL ROTATE Malware Communication"; flow:established, to_server; content:"rotate"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-17,updated_at 2019-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183675;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR POUNDING Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pounding"; priority:3; metadata:hostile src_ip,created_at 2019-11-16,capec_id 100,updated_at 2019-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-8943974,protocols http,protocols tcp; rev:2; sid:80183676;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESULTING MOON Traffic Detected"; flow:established, to_client; content:"moon"; priority:4; metadata:hostile src_ip,created_at 2019-05-08,updated_at 2019-05-10,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183677;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANXIOUS UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-13,updated_at 2017-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183678;) alert http any any -> $HOME_NET any (msg:"Acme - UGLY SPROUT Exploitation Attempt Seen"; flow:established, to_server; urilen:<12,norm; content:"sprout"; priority:3; metadata:hostile dest_ip,created_at 2019-06-21,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-2723765,protocols http,protocols tcp; rev:2; sid:80183679;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LABOUR UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2019-04-12,capec_id 115,updated_at 2019-04-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-5861875,protocols http,protocols tcp; rev:2; sid:80183680;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRIM CESSPOOL Exploitation Attempt Seen"; flow:established, to_server; content:"cesspool"; priority:3; metadata:hostile src_ip,created_at 2018-07-18,capec_id 100,updated_at 2018-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2017-2846052,protocols ftp,protocols tcp; rev:1; sid:80183681;) #alert http any any -> $HOME_NET any (msg:"Acme - DIFFERENT MUD Exploitation Attempt Seen"; flow:established, to_server; content:"mud"; priority:3; metadata:hostile src_ip,created_at 2016-01-22,capec_id 213,updated_at 2016-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-9095494,protocols http,protocols tcp; rev:2; sid:80183682;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - DYING DOUBTER Malware Communication"; flow:established,to_server; content:"doubter"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-06-17,updated_at 2016-06-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183683;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - UNAWARE MAILMAN Malware Communication"; flow:established,to_server; content:"mailman"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-04-14,updated_at 2017-04-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183684;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLORFUL LEMON Malware Communication"; flow:established, to_server; content:"lemon"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-06,updated_at 2017-07-10,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183685;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOUD TEAM Malware Communication"; flow:established,to_server; content:"team"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-09,updated_at 2019-10-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183686;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANCIENT PROGRESS Malware Communication"; flow:established, to_server; content:"progress"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-26,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183687;) drop tcp $HOME_NET any -> $EXTERNAL_NET !$HTTP_PORTS (msg:"Acme - EXISTING DANCE Malware Communication"; flow:established,to_server; content:"dance"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-10-24,updated_at 2019-10-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183688;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INJURED END Malware Communication"; flow:established,to_server; content:"end"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-20,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183689;) drop http $HOME_NET any -> any any (msg:"Acme - UNKNOWN DATE Malware Communication"; flow:established, to_server; content:"date"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-10-10,updated_at 2019-10-23,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-7758032,protocols http,protocols tcp; rev:2; sid:80183690;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRESH PRICE Exploitation Attempt Seen"; flow:established, to_server; content:"price"; priority:3; metadata:hostile src_ip,created_at 2019-06-19,capec_id 115,updated_at 2019-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-6609413,protocols http,protocols tcp; rev:2; sid:80183691;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOSY OXFORD Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"oxford"; priority:3; metadata:hostile src_ip,created_at 2018-10-16,capec_id 118,updated_at 2018-10-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-5675896,protocols http,protocols tcp; rev:2; sid:80183692;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CALM GARB Malware Communication"; flow:established,to_server; content:"garb"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-09,updated_at 2019-01-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183693;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAMILIAR FONT Malware Communication"; flow:established, to_server; content:"font"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-21,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183694;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNIVERSAL UMBRELLA Malware Communication"; flow:established, to_server; content:"umbrella"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-26,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183695;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASHAMED REVOLVE Malware Communication"; flow:established, to_server; content:"revolve"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-16,updated_at 2018-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183696;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - HELPLESS THING Traffic Detected"; flow:established,to_server; content:"thing"; priority:2; metadata:hostile src_ip,created_at 2018-08-11,updated_at 2018-08-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183697;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL LARK Malware Communication"; flow:established, to_server; content:"lark"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-05,updated_at 2019-01-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183698;) alert tcp $EXTERNAL_NET !$HTTP_PORTS -> $HOME_NET any (msg:"Acme - CHIEF HEADLIGHT Malware Communication"; flow:established,to_client; content:"headlight"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2015-02-23,updated_at 2015-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183699;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BREAKABLE POLENTA Traffic Detected"; flow:established, to_server; content:"polenta"; priority:4; metadata:hostile src_ip,created_at 2018-03-10,updated_at 2018-03-15,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183700;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANTASTIC PRIZEFIGHT Malware Communication"; flow:established, to_server; urilen:>200; content:"prizefight"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-08-05,updated_at 2018-08-06,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183701;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISASTROUS CHUB Malware Communication"; flow:established, to_server; content:"chub"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-23,updated_at 2018-07-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183702;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTINUED STAMINA Malware Communication"; flow:established,to_server; content:"stamina"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-25,updated_at 2018-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183703;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEAT NAME Malware Communication"; flow:established, to_server; content:"name"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-23,updated_at 2019-07-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183704;) drop http any any -> $HOME_NET any (msg:"Acme - LOYAL FAMILY Exploitation Attempt Seen"; flow:established,to_server; content:"family"; priority:2; metadata:cwe_id 287,hostile src_ip,created_at 2015-05-27,capec_id 115,updated_at 2015-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-7267575,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:3; sid:80183705;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEDICAL BASEBALL Malware Communication"; flow:established,to_client; content:"baseball"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-03-06,updated_at 2019-03-15,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183706;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN POEM Malware Communication"; flow:established,to_client; content:"poem"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-10-02,updated_at 2017-10-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183707;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - WASTEFUL WORKER Malware Communication"; flow:established,to_server; content:"worker"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2017-10-19,updated_at 2017-10-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183708;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OLD WRENCH Malware Communication"; flow:established,to_server; content:"wrench"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-10-16,updated_at 2019-10-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183709;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FROZEN MANDARIN Malware Communication"; flow:established,to_server; content:"mandarin"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183710;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STORMY UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2015-04-24,capec_id 255,updated_at 2015-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target http-client,attack_target client,cve 2015-2215532,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80183711;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTENDED COMPETITOR Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"competitor"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-09-10,capec_id 255,updated_at 2018-09-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target http-client,attack_target client,cve 2017-3322417,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80183712;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR AIRBUS Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"airbus"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-21,capec_id 255,updated_at 2019-11-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2019-9981839,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80183713;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURLY DOGSLED Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"dogsled"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-10-18,capec_id 255,updated_at 2019-10-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cve 2017-805609,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80183714;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOW POLENTA Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"polenta"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-03,capec_id 255,updated_at 2019-06-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cve 2016-3779962,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80183715;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP RECORD Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"record"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-02-11,capec_id 255,updated_at 2019-02-11,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cve 2019-6007586,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80183716;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MARVELLOUS UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-07-12,updated_at 2017-07-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183717;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEMANTIC AVALANCHE Malware Communication"; flow:established,to_client; content:"avalanche"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-09-27,updated_at 2018-09-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183718;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OKAY STAIRCASE Malware Communication"; flow:established,to_server; content:"staircase"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-03,updated_at 2019-02-07,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183719;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EDUCATIONAL WILL Malware Communication"; flow:established,to_server; content:"will"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-07,updated_at 2018-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183720;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISCIPLINARY PLASTIC Malware Communication"; flow:established,to_server; content:"plastic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-17,updated_at 2018-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183721;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN KITTY Exploitation Attempt Seen"; flow:established,to_server; content:"kitty"; priority:2; metadata:cwe_id 77,hostile src_ip,created_at 2019-01-21,capec_id 248,updated_at 2019-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cve 2018-7769190,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80183722;) alert http any any -> $HOME_NET any (msg:"Acme - FAT STEPS Exploitation Attempt Seen"; flow:established,to_server; content:"steps"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-04-01,updated_at 2017-04-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cve 2017-927982,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80183723;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY ICICLE Traffic Detected"; flow:established,to_client; content:"icicle"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2019-06-08,capec_id 228,updated_at 2019-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183724;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN-BAR Malware Communication"; flow:established,to_client; content:"UNKNOWN-bar"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-10-04,updated_at 2018-10-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183725;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WILLING WEDDING Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"wedding"; priority:3; metadata:hostile src_ip,created_at 2017-08-20,capec_id 255,updated_at 2017-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-5938431,protocols http,protocols tcp; rev:2; sid:80183726;) drop http any any -> $HOME_NET any (msg:"Acme - FAIR NEWS Traffic Detected"; flow:established, to_server; content:"news"; priority:3; metadata:hostile src_ip,created_at 2019-10-19,capec_id 286,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183727;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHRILL HOWITZER Malware Communication"; flow:established,to_server; content:"howitzer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-23,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183728;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBJECTIVE BACKPACK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"backpack"; priority:2; metadata:cwe_id 88,hostile src_ip,created_at 2018-05-13,capec_id 6,updated_at 2018-05-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2015-9599500,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80183729;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCELLENT VIRTUE Traffic Detected"; flow:established,to_client; file_data; content:"virtue"; priority:2; metadata:hostile src_ip,created_at 2018-10-09,capec_id 255,updated_at 2018-10-09,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183730;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YUMMY GELDING Malware Communication"; flow:established,to_server; content:"gelding"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-06-11,updated_at 2015-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80183731;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWFUL IRIS Traffic Detected"; flow:established,to_server; content:"iris"; priority:4; metadata:created_at 2019-06-20,updated_at 2019-06-20,filename acme.rules,priority info,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80183732;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLYMPIC DRAWBRIDGE Traffic Detected"; flow:established, to_server; content:"drawbridge"; priority:1; metadata:hostile src_ip,created_at 2016-10-22,updated_at 2016-10-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183733;) alert tcp any any -> $HOME_NET any (msg:"Acme - NATIONAL MINUTE Exploitation Attempt Seen"; flow:established, to_server; content:"minute"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-10-07,capec_id 248,updated_at 2019-10-10,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,cve 2019-4224707,cvss_v2_temporal 7.1,protocols tcp; rev:1; sid:80183734;) drop http any any -> $HOME_NET any (msg:"Acme - ANXIOUS REFUND Exploitation Attempt Seen"; flow:established,to_server; content:"refund"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2019-07-13,capec_id 88,updated_at 2019-07-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2017-7593876,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80183735;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMPIRICAL FACULTY Exploitation Attempt Seen"; flow:established,to_server; content:"faculty"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2019-10-24,capec_id 88,updated_at 2019-10-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-1663659,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:3; sid:80183736;) #alert http any any -> $HOME_NET any (msg:"Acme - DULL PLUNGER Exploitation Attempt Seen"; flow:established,to_server; content:"plunger"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2018-10-09,capec_id 253,updated_at 2018-10-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2017-41529,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80183737;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAXIMUM PRODUCTION Malware Communication"; flow:established,to_client; content:"production"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-13,updated_at 2017-06-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183738;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BENEFICIAL ESE Malware Communication"; flow:established, to_server; content:"ese"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-09,updated_at 2017-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80183739;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLUE KETTLE Malware Communication"; flow:established, to_server; content:"kettle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-02,updated_at 2016-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183740;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVERYDAY SITUATION Malware Communication"; flow:established, to_server; content:"situation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-10,updated_at 2018-06-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183741;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ULTIMATE SAILOR Exploitation Attempt Seen"; flow:established,to_server; content:"sailor"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2017-11-13,capec_id 88,updated_at 2017-11-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2016-2364871,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:3; sid:80183742;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALIVE CEILING Exploitation Attempt Seen"; flow:established,to_server; content:"ceiling"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2019-03-10,capec_id 88,updated_at 2019-03-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-5931328,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:3; sid:80183743;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCEPTABLE FIFTH Exploitation Attempt Seen"; flow:established, to_server; content:"fifth"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2019-07-10,capec_id 253,updated_at 2019-07-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target smtp-server,cve 2019-634986,cvss_v2_temporal 6.3,protocols smtp,protocols tcp; rev:1; sid:80183744;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCEPTED NIGHT Exploitation Attempt Seen"; flow:established, to_server; content:"night"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile dest_ip,created_at 2018-10-07,capec_id 253,updated_at 2018-10-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2018-8594926,cvss_v2_temporal 5.9,protocols smtp,protocols tcp; rev:1; sid:80183745;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCERNED AIRLINE Exploitation Attempt Seen"; flow:established,to_server; content:"airline"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2017-09-03,capec_id 88,updated_at 2017-09-07,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-4346997,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80183746;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE PRINCIPLE Traffic Detected"; flow:established, to_server; content:"principle"; priority:3; metadata:hostile src_ip,created_at 2015-05-09,capec_id 286,updated_at 2015-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183747;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REPULSIVE CARE Exploitation Attempt Seen"; flow:established,to_server; content:"care"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2019-11-03,capec_id 88,updated_at 2019-11-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2016-188662,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:3; sid:80183748;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLUE MEANING Malware Communication"; flow:established,to_client; content:"meaning"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-06-19,updated_at 2018-06-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183749;) drop tcp $HOME_NET any -> any any (msg:"Acme - TAME DESIGN Malware Communication"; flow:established,to_server; content:"design"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-11,updated_at 2018-02-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80183750;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEALTHY KETCHUP Exploitation Attempt Seen"; flow:established, to_server; content:"ketchup"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2019-11-17,capec_id 248,updated_at 2019-11-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target ftp-server,attack_target server,cve 2016-7429219,cvss_v2_temporal 4.1,protocols ftp,protocols tcp; rev:1; sid:80183751;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREAT JUDO Malware Communication"; flow:established, to_server; content:"judo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-21,updated_at 2016-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183752;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VICTORIOUS FRAME Malware Communication"; flow:established, to_server; content:"frame"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-21,updated_at 2016-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183753;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ZANY MOVIE Malware Communication"; flow:established,to_server; content:"movie"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183754;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAR MONGER Traffic Detected"; flow:established, to_server; content:"monger"; priority:3; metadata:hostile src_ip,created_at 2019-04-09,capec_id 110,updated_at 2019-04-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183755;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WOODEN LANGUAGE Traffic Detected"; flow:established,to_server; content:"language"; priority:3; metadata:created_at 2018-11-24,capec_id 286,updated_at 2018-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:4; sid:80183756;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN INLAY Malware Communication"; flow:established,to_client; content:"inlay"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-11-15,updated_at 2019-11-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183757;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - HORRIBLE TRUTH Traffic Detected"; flow:established,to_server; content:"truth"; priority:2; metadata:hostile src_ip,created_at 2019-01-07,capec_id 241,updated_at 2019-01-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80183758;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANCIENT SHIELD Malware Communication"; flow:established, to_server; content:"shield"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-16,updated_at 2018-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183759;) alert http $HOME_NET any -> any any (msg:"Acme - UNKNOWN PADDOCK Malware Communication"; flow:established, to_server; content:"paddock"; priority:4; metadata:cwe_id 507,malware post-infection,created_at 2018-03-12,updated_at 2018-03-27,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183760;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIDDLE ARCHITECT Exploitation Attempt Seen"; flow:established,to_client; content:"architect"; priority:3; metadata:cwe_id 119,created_at 2019-10-03,capec_id 152,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,cve 2017-8040471,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80183761;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCOMFORTABLE WATCHMAKER Exploitation Attempt Seen"; flow:established, to_client; content:"watchmaker"; priority:1; metadata:cwe_id 416,hostile src_ip,created_at 2016-10-15,capec_id 255,updated_at 2016-10-16,filename acme.rules,priority high,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target http-client,attack_target client,cve 2015-5972521,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80183762;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEPARATE LIMO Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"limo"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-01,updated_at 2019-02-01,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2019-5602722,cvss_v2_temporal 7.8,protocols http,protocols tcp; rev:3; sid:80183763;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HANDBALL Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"handball"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-04-11,updated_at 2018-04-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target http-client,attack_target client,cve 2015-5849682,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:3; sid:80183764;) #alert tcp any any -> any any (msg:"Acme - RESPECTABLE ALBATROSS Exploitation Attempt Seen"; flow:established, to_server; content:"albatross"; priority:4; metadata:cwe_id 310,hostile dest_ip,created_at 2016-02-18,updated_at 2016-02-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.5,cve 2016-8359262,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:1; sid:80183765;) #alert tcp any any -> any any (msg:"Acme - SPLENDID CHIEF Exploitation Attempt Seen"; flow:established, to_client; content:"chief"; priority:4; metadata:cwe_id 310,hostile dest_ip,created_at 2019-02-18,updated_at 2019-02-19,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.7,cve 2019-6490056,cvss_v2_temporal 7.4,protocols tcp; rev:1; sid:80183766;) #alert tcp any any -> any any (msg:"Acme - SUPERB INTERIOR Exploitation Attempt Seen"; flow:established, to_server; content:"interior"; priority:4; metadata:cwe_id 310,hostile dest_ip,created_at 2019-05-07,updated_at 2019-05-21,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.0,cve 2019-5169769,cvss_v2_temporal 6.6,protocols tcp; rev:1; sid:80183767;) #alert tcp any any -> any any (msg:"Acme - DUSTY WEALTH Exploitation Attempt Seen"; flow:established, to_server; content:"wealth"; priority:4; metadata:cwe_id 310,hostile dest_ip,created_at 2018-10-23,updated_at 2018-10-23,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.2,cve 2018-8147308,cvss_v2_temporal 4.3,protocols tcp; rev:1; sid:80183768;) #alert tcp any any -> any any (msg:"Acme - CONCERNED TRANSOM Exploitation Attempt Seen"; flow:established, to_client; content:"transom"; priority:4; metadata:cwe_id 310,hostile dest_ip,created_at 2019-09-18,updated_at 2019-09-22,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.1,cve 2018-495197,cvss_v2_temporal 6.8,protocols tls,protocols tcp; rev:1; sid:80183769;) drop http any any -> $HOME_NET any (msg:"Acme - SELECT WEATHER Traffic Detected"; flow:established, to_server; content:"weather"; priority:2; metadata:hostile src_ip,created_at 2019-08-18,capec_id 248,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183770;) drop http any any -> $HOME_NET any (msg:"Acme - GOOD INCREASE Traffic Detected"; flow:established, to_server; content:"increase"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2017-11-13,capec_id 248,updated_at 2017-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183771;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPICY HYDRANT Malware Communication"; flow:established,to_server; content:"hydrant"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-01-09,updated_at 2019-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183772;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MEET Malware Communication"; flow:established,to_server; content:"meet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-11,updated_at 2019-05-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183773;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN CONIFER Traffic Detected"; flow:established, to_server; content:"conifer"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-10-03,capec_id 248,updated_at 2019-10-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183774;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THOUGHTLESS EPOXY Malware Communication"; flow:established,to_server; content:"epoxy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183775;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAVE LOG Malware Communication"; flow:established,to_server; content:"log"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-08,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183776;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - BORED FROWN Malware Communication"; flow:established, to_server; content:"frown"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-02,updated_at 2019-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183777;) drop tcp any any -> $HOME_NET any (msg:"Acme - AWKWARD PAW Traffic Detected"; flow:established, to_server; content:"paw"; priority:1; metadata:hostile src_ip,created_at 2018-11-17,updated_at 2018-11-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80183778;) drop tcp $HOME_NET any -> any $HTTP_PORTS (msg:"Acme - GRUNKNOWN BOTHER Malware Communication"; flow:established, to_server; content:"bother"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-01,updated_at 2018-08-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183779;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED WRECKER Malware Communication"; flow:established,to_client; content:"wrecker"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-07-01,updated_at 2018-07-09,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183780;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL QUINCE Malware Communication"; flow:established,to_server; content:"quince"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-21,updated_at 2018-08-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183781;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EDUCATIONAL CENSUS Traffic Detected"; flow:established, to_server; content:"census"; priority:1; metadata:hostile dest_ip,created_at 2019-03-14,updated_at 2019-03-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183782;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SUBUNKNOWN Malware Communication"; flow:established,to_server; content:"subUNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-09-12,updated_at 2016-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183783;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TROUBLED LAP Traffic Detected"; flow:established, to_server; content:"lap"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2018-06-02,capec_id 286,updated_at 2018-06-02,filename scan.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183784;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHY DANIEL Malware Communication"; flow:established,to_server; content:"daniel"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-07,updated_at 2018-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183785;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIVIL UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-09-21,updated_at 2016-09-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183786;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRICKLY LEGUME Malware Communication"; flow:established,to_server; content:"legume"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-14,updated_at 2016-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183787;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEIRD TRANSMISSION Malware Communication"; flow:established,to_server; content:"transmission"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-14,updated_at 2019-10-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183788;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN ANALOG Malware Communication"; flow:established,to_server; content:"analog"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-11-21,updated_at 2019-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183789;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OK CULTIVAR Malware Communication"; flow:established,to_server; content:"cultivar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-21,updated_at 2019-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183790;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOUGH EYEBROWS Malware Communication"; flow:established,to_server; content:"eyebrows"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-23,updated_at 2016-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183791;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ORGAN Malware Communication"; flow:established,to_server; content:"organ"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-05,updated_at 2019-05-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183792;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRATEGIC CONIFER Malware Communication"; flow:established,to_server; content:"conifer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-11-23,updated_at 2016-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183793;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VAST GROUSE Malware Communication"; flow:established,to_server; content:"grouse"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-07-05,updated_at 2017-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183794;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUN DOUBLING Malware Communication"; flow:established,to_server; content:"doubling"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-25,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183795;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EARLY BRONZE Malware Communication"; flow:established,to_server; content:"bronze"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-07,updated_at 2018-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183796;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - NUTRITIOUS SHIFT Exploitation Attempt Seen"; flow:established,to_server; content:"shift"; priority:2; metadata:cwe_id 79,created_at 2016-03-01,capec_id 244,updated_at 2016-03-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.3,cve 2016-6450112,cvss_v2_temporal 5.5,protocols http,protocols tcp; rev:2; sid:80183797;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN CHROME Exploitation Attempt Seen"; flow:established; content:"chrome"; priority:3; metadata:cwe_id 36,cwe_id 61,created_at 2018-11-10,capec_id 152,updated_at 2018-11-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,cve 2016-4848501,cvss_v2_temporal 7.1,protocols ftp,protocols tcp; rev:2; sid:80183798;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUCIAL RUN Traffic Detected"; flow:established, to_server; content:"run"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2018-04-12,capec_id 286,updated_at 2018-04-26,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183799;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURROUNDING AGE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"age"; priority:3; metadata:hostile src_ip,created_at 2019-06-06,capec_id 248,updated_at 2019-06-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-6735843,protocols http,protocols tcp; rev:2; sid:80183800;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PANTOLOGY Malware Communication"; flow:established,to_server; content:"pantology"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183801;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCRETE WHOLESALE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"wholesale"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-27,capec_id 255,updated_at 2019-09-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target http-client,attack_target client,cve 2018-2267223,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80183802;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT MESSAGE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"message"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-07-16,capec_id 119,updated_at 2019-07-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target http-client,attack_target client,cve 2019-5875441,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80183803;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NARROW APPOINTMENT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"appointment"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-05-11,capec_id 119,updated_at 2019-05-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2017-5079288,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80183804;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNEST NOUNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"noUNKNOWN"; priority:2; metadata:cwe_id 843,hostile src_ip,created_at 2018-02-15,capec_id 119,updated_at 2018-02-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target http-client,attack_target client,cve 2018-9425854,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80183805;) alert http any any -> $HOME_NET any (msg:"Acme - DECISIVE EPHEMERIS Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"ephemeris"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-03-16,capec_id 116,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target http-client,attack_target client,cve 2018-834516,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:2; sid:80183806;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POLITE WORKER Malware Communication"; flow:established,to_server; content:"worker"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-03-22,updated_at 2019-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183807;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OVERWHELMING GRAND Malware Communication"; flow:established,to_client; content:"grand"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-01-18,updated_at 2019-01-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183808;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEDICAL WALNUT Malware Communication"; flow:established,to_client; content:"walnut"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-07-09,updated_at 2017-07-09,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183809;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK BUY Malware Communication"; flow:established,to_server; content:"buy"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-08-01,updated_at 2016-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183810;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OUTSTANDING CLOUDBURST Exploitation Attempt Seen"; flow:established,to_client; content:"cloudburst"; priority:2; metadata:cwe_id 454,hostile src_ip,created_at 2019-09-04,capec_id 255,updated_at 2019-09-07,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cve 2019-1995479,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:1; sid:80183811;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INFLUENTIAL PAJAMA Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pajama"; priority:3; metadata:hostile src_ip,created_at 2019-11-18,capec_id 248,updated_at 2019-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-5610656,protocols http,protocols tcp; rev:2; sid:80183812;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPENSIVE VACATION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"vacation"; priority:2; metadata:cwe_id 454,hostile src_ip,created_at 2019-08-09,capec_id 255,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2019-5258522,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80183813;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AUTONOMOUS LARDER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"larder"; priority:2; metadata:cwe_id 454,hostile src_ip,created_at 2017-03-09,capec_id 255,updated_at 2017-03-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cve 2016-8044095,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80183814;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BITTER EMPLOYEE Malware Communication"; flow:established,to_server; content:"employee"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-05,updated_at 2019-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183815;) alert http any any -> $HOME_NET any (msg:"Acme - BIG PARADE Exploitation Attempt Seen"; flow:established, to_server; content:"parade"; priority:3; metadata:cwe_id 120,hostile dest_ip,created_at 2018-03-24,capec_id 100,updated_at 2018-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2015-6967546,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80183816;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IDENTICAL PLATFORM Malware Communication"; flow:established,to_server; content:"platform"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-01,updated_at 2017-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183817;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN OPPOSITE Malware Communication"; flow:established,to_server; content:"opposite"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2016-06-13,updated_at 2016-06-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183818;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FISCAL UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-14,updated_at 2017-04-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183819;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RULING CONCEPT Malware Communication"; flow:established, to_server; content:"concept"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-01-27,updated_at 2015-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183820;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID VASE Malware Communication"; flow:established, to_server; content:"vase"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-21,updated_at 2019-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183821;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SENSIBLE UNKNOWNDER Malware Communication"; flow:established, to_server; content:"UNKNOWNder"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-08-12,updated_at 2019-08-27,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183822;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SING Malware Communication"; flow:established, to_server; content:"sing"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-20,updated_at 2018-07-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183823;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROYAL LUGGAGE Malware Communication"; flow:established, to_server; content:"luggage"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-04,updated_at 2019-02-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80183824;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-01-20,updated_at 2018-01-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183825;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRIED GAME Malware Communication"; flow:established,to_client; content:"game"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-04-20,updated_at 2018-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183826;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HUNGRY BILL Malware Communication"; flow:established, to_server; content:"bill"; priority:1; metadata:cwe_id 507,malware download-attempt,created_at 2019-09-20,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183827;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BASIC LIQUID Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"liquid"; priority:3; metadata:cwe_id 454,hostile src_ip,created_at 2017-10-12,updated_at 2017-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2015-8593937,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:3; sid:80183828;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DOMINANT CONGRESSMAN Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"congressman"; priority:2; metadata:cwe_id 454,hostile src_ip,created_at 2018-08-18,updated_at 2018-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cve 2015-2246748,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:3; sid:80183829;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWFUL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-19,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183830;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CONE Malware Communication"; flow:established, to_server; content:"cone"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-05-04,updated_at 2018-05-15,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183831;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STANDARD PROMOTION Traffic Detected"; flow:established, to_server; content:"promotion"; priority:4; metadata:created_at 2018-08-13,updated_at 2018-08-22,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183832;) alert http any any -> $HOME_NET any (msg:"Acme - SUFFICIENT FIREMAN Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"fireman"; priority:2; metadata:cwe_id 121,hostile src_ip,created_at 2018-03-10,capec_id 100,updated_at 2018-03-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cve 2018-9437146,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80183833;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN BATH Malware Communication"; flow:established, to_client; content:"bath"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-02-16,updated_at 2018-02-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183834;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEXICAL CONTINENT Malware Communication"; flow:established, to_server; content:"continent"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-02,updated_at 2017-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80183835;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CONFUSED PHRASE Exploitation Attempt Seen"; flow:established, to_client; content:"phrase"; priority:2; metadata:cwe_id 454,hostile src_ip,created_at 2017-02-01,updated_at 2017-02-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target http-client,attack_target client,cve 2017-9497521,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:1; sid:80183836;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEIGHBOURING LYRIC Malware Communication"; flow:established,to_client; content:"lyric"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-02-08,updated_at 2019-02-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183837;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD MARSHLAND Traffic Detected"; flow:established, to_server; content:"marshland"; priority:3; metadata:cwe_id 284,hostile src_ip,created_at 2017-10-02,updated_at 2017-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target server,attack_target http-server,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80183838;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREAT PAW Malware Communication"; flow:established,to_server; content:"paw"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-24,updated_at 2019-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183839;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ENGINEER Malware Communication"; flow:established,to_client; content:"engineer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-03-21,updated_at 2018-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183840;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-27,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183841;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EERIE ACCOMPANIST Malware Communication"; flow:established,to_server; content:"accompanist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-11,updated_at 2019-11-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183842;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHALLOW UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-08-23,updated_at 2017-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183843;) #alert tcp any any -> any any (msg:"Acme - CURRENT WAITRESS Traffic Detected"; flow:established, to_client; content:"waitress"; priority:4; metadata:hostile dest_ip,created_at 2017-07-20,updated_at 2017-07-24,filename netbios.rules,priority info,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:1; sid:80183844;) drop tcp any $HTTP_PORTS -> any any (msg:"Acme - RETIRED UNKNOWN Traffic Detected"; flow:established, to_client; content:"UNKNOWN"; priority:2; metadata:cwe_id 434,hostile dest_ip,created_at 2019-09-10,updated_at 2019-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183845;) drop tcp any $HTTP_PORTS -> any any (msg:"Acme - VIVID WIN Traffic Detected"; flow:established, to_client; content:"win"; priority:2; metadata:cwe_id 434,hostile dest_ip,created_at 2017-09-15,updated_at 2017-09-19,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80183846;) drop http any any -> $HOME_NET any (msg:"Acme - LOYAL PLATYPUS Traffic Detected"; flow:established, to_server; content:"platypus"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-05-19,capec_id 248,updated_at 2019-05-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183847;) alert http $HOME_NET any -> any any (msg:"Acme - LOW KENDO Malware Communication"; flow:established, to_client; content:"kendo"; priority:2; metadata:cwe_id 434,malware post-infection,hostile src_ip,created_at 2019-09-06,updated_at 2019-09-18,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183848;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN LYNX Traffic Detected"; flow:established, to_server; content:"lynx"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2017-11-06,capec_id 248,updated_at 2017-11-09,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183849;) alert tcp $HOME_NET $HTTP_PORTS -> any any (msg:"Acme - UGLIEST UNKNOWN Malware Communication"; flow:established, to_client; content:"UNKNOWN"; priority:2; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2018-03-07,updated_at 2018-03-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183850;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGIC DRIVEWAY Traffic Detected"; flow:established, to_server; content:"driveway"; priority:1; metadata:hostile dest_ip,created_at 2017-05-23,updated_at 2017-05-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:2; sid:80183851;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WISE CASHIER Malware Communication"; flow:established, to_server; content:"cashier"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:2; sid:80183852;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - HIGH TEXTURE Exploitation Attempt Seen"; flow:established, to_client; content:"texture"; priority:3; metadata:hostile src_ip,created_at 2018-01-22,capec_id 253,updated_at 2018-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-9011377,protocols http,protocols tcp; rev:1; sid:80183853;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPOTLESS KETTLEDUNKNOWN Malware Communication"; flow:established,to_server; content:"kettledUNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-22,updated_at 2018-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-9296747,cve 2018-9296747,cve 2018-9296747,cve 2018-9296747,cve 2018-9296747,cve 2018-9296747,cve 2018-9296747,protocols http,protocols tcp; rev:5; sid:80183854;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIMARY ALTERUNKNOWN Malware Communication"; flow:established, to_server; content:"alterUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-23,updated_at 2017-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183855;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NET FEW Exploitation Attempt Seen"; flow:established, to_server; content:"few"; priority:3; metadata:hostile src_ip,created_at 2015-02-18,capec_id 100,updated_at 2015-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-4068901,protocols ftp,protocols tcp; rev:1; sid:80183856;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INSTITUTIONAL UNKNOWNATO Traffic Detected"; flow:established,to_server; content:"UNKNOWNato"; priority:2; metadata:created_at 2017-05-20,capec_id 410,updated_at 2017-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183857;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TECHNICAL NETWORK Malware Communication"; flow:established,to_server; content:"network"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-10-12,updated_at 2018-10-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183858;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ARM Malware Communication"; flow:established, to_server; content:"arm"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-12,updated_at 2019-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183859;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRATEFUL RECORDER Traffic Detected"; flow:established,to_server; content:"recorder"; priority:3; metadata:cwe_id 98,cwe_id 23,hostile src_ip,created_at 2018-02-26,capec_id 118,updated_at 2018-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,attack_target http-server,cvss_v2_temporal 1.4,protocols http,protocols tcp; rev:2; sid:80183860;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRONT TOWER Traffic Detected"; flow:established, to_server; content:"tower"; priority:1; metadata:hostile dest_ip,created_at 2016-04-23,updated_at 2016-04-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80183861;) drop tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any (msg:"Acme - INSUFFICIENT SMOKING Malware Communication"; flow:established, to_client; content:"smoking"; priority:2; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2015-04-08,updated_at 2015-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183862;) drop http any any -> $HOME_NET any (msg:"Acme - COHERENT KLOMPS Traffic Detected"; flow:established, to_server; content:"klomps"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2017-05-20,capec_id 248,updated_at 2017-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183863;) drop http any any -> $HOME_NET any (msg:"Acme - COSTLY TRIPOD Traffic Detected"; flow:established, to_server; content:"tripod"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-03-09,capec_id 248,updated_at 2019-03-15,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80183864;) drop tcp $HOME_NET $HTTP_PORTS -> any any (msg:"Acme - UNKNOWN SYNOD Malware Communication"; flow:established, to_client; content:"synod"; priority:2; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-02-04,updated_at 2019-02-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183865;) alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWNITY Traffic Detected"; flow:established, to_server; content:"UNKNOWNity"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2019-10-16,capec_id 248,updated_at 2019-10-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,attack_target http-server,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:3; sid:80183866;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPPORTING CHAPTER Malware Communication"; flow:established,to_server; content:"chapter"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-24,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183867;) alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN AFTERSHAVE Exploitation Attempt Seen"; flow:established, to_server; content:"aftershave"; priority:2; metadata:cwe_id 266,hostile src_ip,created_at 2018-01-24,capec_id 233,updated_at 2018-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target server,attack_target http-server,cve 2017-528339,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80183868;) alert tcp $HOME_NET $HTTP_PORTS -> any any (msg:"Acme - UNKNOWNPY PORCH Traffic Detected"; flow:established, to_server; content:"porch"; priority:2; metadata:cwe_id 611,hostile dest_ip,created_at 2018-01-21,updated_at 2018-01-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target http-client,attack_target client,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:1; sid:80183869;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFENSIVE WANNABE Malware Communication"; flow:established; content:"wannabe"; priority:1; metadata:cwe_id 509,malware post-infection,created_at 2018-08-02,updated_at 2018-08-07,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183870;) drop tcp any any -> any any (msg:"Acme - ECONOMIC PENDANT Malware Communication"; flow:established; content:"pendant"; priority:1; metadata:cwe_id 509,malware post-infection,created_at 2019-05-06,updated_at 2019-05-24,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80183871;) drop tcp any any -> $HOME_NET any (msg:"Acme - GEOGRAPHICAL COMPOSER Malware Communication"; flow:established,to_server; content:"composer"; priority:1; metadata:cwe_id 509,malware post-infection,hostile src_ip,created_at 2019-09-07,updated_at 2019-09-07,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183872;) drop tcp any any -> any any (msg:"Acme - DULL WRAPAROUND Malware Communication"; flow:established; content:"wraparound"; priority:1; metadata:cwe_id 509,malware post-infection,created_at 2016-06-07,updated_at 2016-06-07,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183873;) drop tcp any any -> any any (msg:"Acme - PREMIER ECCLESIA Malware Communication"; flow:established; content:"ecclesia"; priority:1; metadata:cwe_id 509,malware post-infection,created_at 2016-09-26,updated_at 2016-09-27,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80183874;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - LOW BEING Malware Communication"; flow:established, to_server; content:"being"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-09,updated_at 2018-01-13,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183875;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCARY LUNCHEONETTE Malware Communication"; flow:established,to_server; content:"luncheonette"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-07,updated_at 2019-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183876;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLEASED SCREAMER Malware Communication"; flow:established,to_server; content:"screamer"; priority:3; metadata:cwe_id 120,malware post-infection,created_at 2018-02-23,updated_at 2018-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2018-4590437,protocols http,protocols tcp; rev:1; sid:80183877;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOLID UNION Malware Communication"; flow:established,to_server; content:"union"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-12,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183878;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNDERGROUND CURLER Malware Communication"; flow:established,to_server; content:"curler"; priority:1; metadata:cwe_id 509,malware post-infection,hostile src_ip,created_at 2017-05-17,updated_at 2017-05-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183879;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VICTORIOUS EVENT Exploitation Attempt Seen"; flow:established,to_server; content:"event"; priority:3; metadata:cwe_id 119,created_at 2018-06-02,capec_id 255,updated_at 2018-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2018-9346124,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:1; sid:80183880;) drop tcp $HOME_NET any -> any any (msg:"Acme - GOOD WIRE Malware Communication"; flow:established,to_client; content:"wire"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2016-05-27,updated_at 2016-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80183881;) drop tcp any $HTTP_PORTS -> any any (msg:"Acme - BORED SOCK Traffic Detected"; flow:established, to_client; content:"sock"; priority:2; metadata:hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-16,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183882;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUST PICKAX Malware Communication"; flow:established,to_client; content:"pickax"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-04-25,updated_at 2017-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183883;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVENTIONAL UNKNOWNS Traffic Detected"; flow:established,to_server; content:"UNKNOWNs"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2019-02-22,capec_id 193,updated_at 2019-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183884;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGNIFICENT MEETING Malware Communication"; flow:established,to_client; content:"meeting"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2016-08-07,updated_at 2016-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-server,attack_target server,protocols irc,protocols tcp; rev:2; sid:80183885;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRELIMINARY WISTERIA Malware Communication"; flow:established,to_server; content:"wisteria"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-16,updated_at 2019-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:2; sid:80183886;) drop http any any -> $HOME_NET any (msg:"Acme - RESONANT DISUNKNOWN Malware Communication"; flow:established,to_server; content:"disUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-09,updated_at 2018-05-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183887;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROMISING COCKTAIL Malware Communication"; flow:established, to_server; content:"cocktail"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-17,updated_at 2018-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183888;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPLICABLE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:2; metadata:hostile dest_ip,created_at 2019-06-17,updated_at 2019-06-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183889;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK MANGROVE Malware Communication"; flow:established,to_server; content:"mangrove"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-08,updated_at 2019-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183890;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BULLET Malware Communication"; flow:established,to_server; content:"bullet"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-09,updated_at 2019-10-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183891;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILD MENTION Malware Communication"; flow:established,to_server; content:"mention"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-03-21,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183892;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOOSE CROCUS Exploitation Attempt Seen"; flow:established,to_server; content:"crocus"; priority:3; metadata:cwe_id 617,created_at 2017-05-12,capec_id 228,updated_at 2017-05-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,cve 2016-3832492,cve 2016-3832492,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:3; sid:80183893;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVENIENT SLIDER Malware Communication"; flow:established,to_server; content:"slider"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target dns-client,protocols dns,protocols tcp; rev:1; sid:80183894;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE DUNKNOWN Malware Communication"; flow:established,to_server; content:"dUNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-04-16,updated_at 2018-04-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-5320460,protocols http,protocols tcp; rev:2; sid:80183895;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINEAR RESPECT Traffic Detected"; flow:established, to_server; content:"respect"; priority:3; metadata:hostile src_ip,created_at 2017-05-18,capec_id 175,updated_at 2017-05-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183896;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SIGNIFICANT CINEMA Malware Communication"; flow:established,to_client; content:"cinema"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-07-04,updated_at 2018-07-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183897;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURE ANALYSIS Malware Communication"; flow:established,to_server; content:"analysis"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-18,updated_at 2019-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183898;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROTTEN UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-05-12,capec_id 100,updated_at 2019-05-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-2610437,protocols tcp; rev:1; sid:80183899;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT WISEGUY Exploitation Attempt Seen"; flow:established, to_server; content:"wiseguy"; priority:3; metadata:hostile src_ip,created_at 2019-11-11,capec_id 100,updated_at 2019-11-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2017-2806774,protocols tcp; rev:1; sid:80183900;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NECESSARY ARM Malware Communication"; flow:established,to_server; content:"arm"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-25,updated_at 2015-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183901;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARALLEL MISSION Malware Communication"; flow:established,to_server; content:"mission"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-22,updated_at 2019-04-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80183902;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRESH BUCKLE Exploitation Attempt Seen"; flow:established, to_server; content:"buckle"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2018-03-25,capec_id 248,updated_at 2018-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2018-4765519,cvss_v2_temporal 1.5,protocols http,protocols tcp; rev:3; sid:80183903;) drop tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - CRITICAL PAVILION Traffic Detected"; flow:established; content:"pavilion"; priority:1; metadata:cwe_id 506,created_at 2015-07-12,updated_at 2015-07-25,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183904;) drop tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - SUPPOSED CEUNKNOWNLOPOD Malware Communication"; flow:established; content:"ceUNKNOWNlopod"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-20,updated_at 2019-02-22,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80183905;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGIONAL VEHICLE Malware Communication"; flow:established,to_server; content:"vehicle"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-08-02,updated_at 2017-08-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183906;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMOTIONAL UNKNOWNLE Malware Communication"; flow:established,to_client; file_data; content:"UNKNOWNle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-23,updated_at 2018-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183907;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNIQUE COMMUNICATION Traffic Detected"; flow:established; content:"communication"; priority:4; metadata:cwe_id 506,created_at 2019-11-22,capec_id 216,updated_at 2019-11-22,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183908;) drop http any any -> $HOME_NET any (msg:"Acme - CONSTANT KALE Exploitation Attempt Seen"; flow:established, to_server; content:"kale"; priority:2; metadata:cwe_id 120,hostile src_ip,created_at 2019-08-23,updated_at 2019-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,attack_target http-server,cve 2016-4131604,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:3; sid:80183909;) alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - NEUTRAL FOUNTAIN Traffic Detected"; flow:established; content:"fountain"; priority:4; metadata:cwe_id 506,created_at 2017-06-21,updated_at 2017-06-24,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183910;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEAN DANGER Malware Communication"; flow:established,to_client; content:"danger"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-03-12,updated_at 2019-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183911;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ILL RUTH Traffic Detected"; flow:established; content:"ruth"; priority:4; metadata:cwe_id 506,created_at 2019-05-02,updated_at 2019-05-11,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183912;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL PLAIN Exploitation Attempt Seen"; flow:established, to_server; content:"plain"; priority:3; metadata:hostile src_ip,created_at 2019-09-12,capec_id 262,updated_at 2019-09-19,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-1954579,protocols tcp; rev:1; sid:80183913;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN KETTLEDUNKNOWN Traffic Detected"; flow:established; content:"kettledUNKNOWN"; priority:4; metadata:cwe_id 506,created_at 2018-11-25,updated_at 2018-11-25,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183914;) alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - DIVINE PARACHUTE Traffic Detected"; flow:established; content:"parachute"; priority:4; metadata:cwe_id 506,created_at 2019-06-03,updated_at 2019-06-18,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80183915;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANY GAP Traffic Detected"; flow:established, to_server; content:"gap"; priority:2; metadata:cwe_id 89,hostile src_ip,created_at 2019-07-13,capec_id 110,updated_at 2019-07-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183916;) drop http $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any (msg:"Acme - FAINT SERVICE Malware Communication"; flow:established, to_client; content:"service"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-16,updated_at 2019-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183917;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GOOD UNKNOWNORROW Malware Communication"; flow:established,to_server; content:"UNKNOWNorrow"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-10-24,updated_at 2019-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183918;) #alert http $HOME_NET any -> any any (msg:"Acme - BLOODY OBESITY Exploitation Attempt Seen"; flow:established, to_client; content:"obesity"; priority:4; metadata:cwe_id 798,hostile dest_ip,created_at 2019-04-01,updated_at 2019-04-15,filename scada.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target server,attack_target http-server,cve 2018-3372468,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:4; sid:80183919;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POTENTIAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-27,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183920;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REMOTE PAGE Malware Communication"; flow:established,to_server; content:"page"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-03-13,updated_at 2018-03-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183921;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDUSTRIAL RIDGE Malware Communication"; flow:established,to_server; content:"ridge"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-15,updated_at 2019-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183922;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THIRSTY ASIDE Traffic Detected"; flow:established, to_client; content:"aside"; priority:2; metadata:hostile src_ip,created_at 2017-07-03,updated_at 2017-07-03,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183923;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - NUMEROUS UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:hostile src_ip,created_at 2019-06-02,updated_at 2019-06-03,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80183924;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JEALOUS AGENT Malware Communication"; flow:established, to_server; content:"agent"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-13,updated_at 2019-10-17,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183925;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PAINTING Exploitation Attempt Seen"; flow:established,to_client; content:"painting"; priority:3; metadata:cwe_id 79,created_at 2017-07-27,capec_id 242,updated_at 2017-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,cve 2017-9561775,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:3; sid:80183926;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RURAL MARBLE Malware Communication"; flow:established,to_server; content:"marble"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-02-16,updated_at 2019-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183927;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLEASANT ORGANIZATION Malware Communication"; flow:established,to_client; content:"organization"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-09-02,updated_at 2017-09-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183928;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HAPPY UNION Malware Communication"; flow:established, to_server; content:"union"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-02,updated_at 2019-11-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183929;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STALE DOE Malware Communication"; flow:established,to_server; content:"doe"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-08-12,updated_at 2019-08-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183930;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRIM ATTORNEY Malware Communication"; flow:established,to_server; content:"attorney"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2016-04-20,updated_at 2016-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80183931;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPARKLING TEA Malware Communication"; flow:established,to_server; content:"tea"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-11-22,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80183932;) drop tcp any any -> $EXTERNAL_NET any (msg:"Acme - IDEAL BIRD Traffic Detected"; flow:established, to_server; content:"bird"; priority:1; metadata:hostile dest_ip,created_at 2019-09-11,updated_at 2019-09-27,filename acme.rules,priority high,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:2; sid:80183933;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXACT BEAK Exploitation Attempt Seen"; flow:established,to_client; content:"beak"; priority:3; metadata:cwe_id 79,created_at 2015-06-20,capec_id 242,updated_at 2015-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,cve 2015-2570611,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80183934;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIKELY ATTENTION Malware Communication"; flow:established,to_server; content:"attention"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-17,updated_at 2017-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183935;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SMOKING Exploitation Attempt Seen"; flow:established,to_client; content:"smoking"; priority:3; metadata:cwe_id 79,created_at 2018-01-21,capec_id 242,updated_at 2018-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,cve 2017-5498354,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:2; sid:80183936;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIOR LISTEN Malware Communication"; flow:established, to_server; content:"listen"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-15,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183937;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BEWILDERED ISSUE Malware Communication"; flow:established,to_server; content:"issue"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-13,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183938;) alert http any $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ROUND BOTUNKNOWN-LINE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"botUNKNOWN-line"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2016-05-20,capec_id 255,updated_at 2016-05-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target http-client,attack_target client,cve 2016-2988831,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80183939;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFICIENT DEVIANCE Exploitation Attempt Seen"; flow:established,to_client; content:"deviance"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-02-20,capec_id 255,updated_at 2018-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target http-client,attack_target client,cve 2018-6452734,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80183940;) alert tcp any $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ORDINARY UNIVERSITY Exploitation Attempt Seen"; flow:established, to_client; content:"university"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-06,capec_id 255,updated_at 2019-02-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cve 2017-7757541,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80183941;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIFFERENT TASK Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"task"; priority:4; metadata:cwe_id 119,hostile src_ip,created_at 2015-09-26,capec_id 255,updated_at 2015-09-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target http-client,attack_target client,cve 2015-4458467,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80183942;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN REPUBLIC Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"republic"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-01-17,capec_id 255,updated_at 2018-01-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target http-client,attack_target client,cve 2018-9277457,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:2; sid:80183943;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REAR WATCHMAKER Exploitation Attempt Seen"; flow:established,to_client; content:"watchmaker"; priority:3; metadata:cwe_id 119,created_at 2019-06-07,capec_id 255,updated_at 2019-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,cve 2019-933517,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:3; sid:80183944;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIXED DICTAPUNKNOWNE Exploitation Attempt Seen"; flow:established,to_client; content:"dictapUNKNOWNe"; priority:2; metadata:cwe_id 119,created_at 2019-01-21,capec_id 255,updated_at 2019-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,cve 2017-2350513,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80183945;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT MAELSTROM Exploitation Attempt Seen"; flow:established,to_client; content:"maelstrom"; priority:3; metadata:cwe_id 119,created_at 2018-05-22,capec_id 255,updated_at 2018-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,cve 2017-6090478,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:3; sid:80183946;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN NONBELIEVER Exploitation Attempt Seen"; flow:established,to_client; content:"nonbeliever"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-09-26,capec_id 255,updated_at 2016-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2016-755253,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:3; sid:80183947;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DAILY OTHER Exploitation Attempt Seen"; flow:established,to_client; content:"other"; priority:3; metadata:cwe_id 119,created_at 2016-04-24,capec_id 255,updated_at 2016-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.3,cve 2016-1184324,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80183948;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WHEAT Traffic Detected"; flow:established, to_server; content:"wheat"; priority:3; metadata:hostile dest_ip,created_at 2016-05-16,updated_at 2016-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183949;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELATIVE CANCER Malware Communication"; flow:established, to_server; content:"cancer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-07-20,updated_at 2017-07-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-7586943,cve 2016-7586943,cve 2016-7586943,cve 2016-7586943,cve 2016-7586943,cve 2016-7586943,cve 2016-7586943,protocols http,protocols tcp; rev:2; sid:80183950;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SILKWORM Malware Communication"; flow:established, to_server; content:"silkworm"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-16,updated_at 2019-09-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4434422,cve 2019-4434422,cve 2019-4434422,cve 2019-4434422,cve 2019-4434422,cve 2019-4434422,cve 2019-4434422,protocols http,protocols tcp; rev:3; sid:80183951;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELIBERATE MEAL Malware Communication"; flow:established, to_server; content:"meal"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-05-05,updated_at 2018-05-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-7354723,cve 2018-7354723,cve 2018-7354723,cve 2018-7354723,cve 2018-7354723,cve 2018-7354723,cve 2018-7354723,protocols http,protocols tcp; rev:2; sid:80183952;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UPPER GARLIC Malware Communication"; flow:established, to_server; content:"garlic"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-24,updated_at 2019-03-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-2572793,cve 2019-2572793,cve 2019-2572793,cve 2019-2572793,cve 2019-2572793,cve 2019-2572793,cve 2019-2572793,protocols http,protocols tcp; rev:2; sid:80183953;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGISTERED BONSAI Malware Communication"; flow:established,to_server; urilen:>400; content:"bonsai"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-10,updated_at 2019-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80183954;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEERFUL COWBOY Malware Communication"; flow:established,to_client; content:"cowboy"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-11-17,updated_at 2019-11-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183955;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROFOUND WELCOME Malware Communication"; flow:established, to_server; content:"welcome"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-02-02,updated_at 2018-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-4405465,cve 2018-4405465,cve 2018-4405465,cve 2018-4405465,cve 2018-4405465,cve 2018-4405465,cve 2018-4405465,protocols http,protocols tcp; rev:3; sid:80183956;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMMEDIATE UNKNOWNEN Malware Communication"; flow:established,to_server; content:"UNKNOWNen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-16,updated_at 2016-05-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183957;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TYPICAL IRIDESCENCE Malware Communication"; flow:established,to_server; content:"iridescence"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-11-02,updated_at 2018-11-12,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183958;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BACK STEM Malware Communication"; flow:established,to_server; content:"stem"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2016-05-17,updated_at 2016-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183959;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINE GOLDFISH Malware Communication"; flow:established, to_server; content:"goldfish"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-08,updated_at 2018-10-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80183960;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STICKY BILL Malware Communication"; flow:established, to_server; content:"bill"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183961;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MERE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-13,updated_at 2019-04-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183962;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELEGANT HOLE Exploitation Attempt Seen"; flow:established, to_server; content:"hole"; priority:3; metadata:hostile src_ip,created_at 2019-07-22,capec_id 100,updated_at 2019-07-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-9824789,protocols tcp; rev:1; sid:80183963;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FULL-TIME TANGERINE Malware Communication"; flow:established,to_server; content:"tangerine"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-15,updated_at 2019-02-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:4; sid:80183964;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WHISPERING GALE Malware Communication"; flow:established,to_server; content:"gale"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-18,updated_at 2019-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80183965;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REMOTE FIGURINE Malware Communication"; flow:established,to_server; content:"figurine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-15,updated_at 2019-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183966;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCURATE CHECKROOM Malware Communication"; flow:established, to_server; content:"checkroom"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-13,updated_at 2019-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183967;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCLUSIVE GLEN Malware Communication"; flow:established, to_server; content:"glen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-18,updated_at 2019-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80183968;) drop tcp any any -> $HOME_NET any (msg:"Acme - FAMOUS ESCAPE Exploitation Attempt Seen"; flow:established, to_server; content:"escape"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2016-08-05,capec_id 248,updated_at 2016-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2015-8077007,cvss_v2_temporal 4.8,protocols tcp; rev:2; sid:80183969;) #alert tcp any any -> $HOME_NET any (msg:"Acme - GENUINE HEEL Exploitation Attempt Seen"; flow:established, to_server; content:"heel"; priority:3; metadata:hostile src_ip,created_at 2019-06-18,capec_id 100,updated_at 2019-06-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,cve 2018-277570,protocols dns,protocols tcp; rev:1; sid:80183970;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUTUAL REAR Malware Communication"; flow:established,to_server; content:"rear"; priority:3; metadata:cwe_id 321,malware post-infection,hostile dest_ip,created_at 2018-04-17,updated_at 2018-04-25,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2018-2081795,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:5; sid:80183971;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OLYMPIC CHIMPANZEE Malware Communication"; flow:established,to_server; content:"chimpanzee"; priority:2; metadata:cwe_id 321,malware post-infection,hostile dest_ip,created_at 2017-09-25,updated_at 2017-09-25,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target http-client,attack_target client,cve 2017-9883822,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80183972;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GLOCKENSPIEL Malware Communication"; flow:established,to_client; content:"glockenspiel"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-03-16,updated_at 2019-03-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80183973;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASHAMED ACUPUNCTURE Malware Communication"; flow:established,to_client; content:"acupuncture"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-02-22,updated_at 2019-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80183974;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORDINARY CRAW Malware Communication"; flow:established,to_server; content:"craw"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-26,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80183975;) alert http any any -> $HOME_NET any (msg:"Acme - AGREEABLE MUTT Exploitation Attempt Seen"; flow:established, to_server; content:"mutt"; priority:3; metadata:hostile src_ip,created_at 2018-03-25,updated_at 2018-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-7428781,cve 2018-7428781,protocols http,protocols tcp; rev:2; sid:80183976;) alert http any any -> $HOME_NET any (msg:"Acme - GENTLE CULTURE Exploitation Attempt Seen"; flow:established, to_server; content:"culture"; priority:3; metadata:hostile src_ip,created_at 2019-05-10,updated_at 2019-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-7777713,cve 2016-7777713,protocols http,protocols tcp; rev:2; sid:80183977;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OLD-FASHIONED CORK Traffic Detected"; flow:established,to_server; content:"cork"; priority:3; metadata:created_at 2017-08-12,updated_at 2017-08-19,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183978;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNDERGROUND ANAGRAM Malware Communication"; flow:established,to_server; content:"anagram"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-04,updated_at 2019-08-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80183979;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ARBITRARY CODON Malware Communication"; flow:established, to_server; content:"codon"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-27,updated_at 2019-09-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183980;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WATERY EMERGENT Traffic Detected"; flow:established, to_server; content:"emergent"; priority:3; metadata:hostile src_ip,created_at 2016-01-23,capec_id 310,updated_at 2016-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80183981;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SAD TAM-O'-SHANTER Malware Communication"; flow:established, to_server; content:"tam-o'-shanter"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-06,updated_at 2017-07-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183982;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SELECTIVE TUGBOAT Malware Communication"; flow:established,to_server; content:"tugboat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-08,updated_at 2015-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183983;) drop http $HOME_NET any -> any any (msg:"Acme - ALIVE REINDEER Exploitation Attempt Seen"; flow:established,from_server; content:"reindeer"; priority:2; metadata:cwe_id 209,hostile dest_ip,created_at 2018-04-06,capec_id 54,updated_at 2018-04-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,attack_target http-server,cve 2017-8133243,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:1; sid:80183984;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLAT DISASTER Malware Communication"; flow:established,to_server; content:"disaster"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-17,updated_at 2018-10-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183985;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REDUCED AUTHOR Malware Communication"; flow:established, to_server; content:"author"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2019-11-18,updated_at 2019-11-23,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183986;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIGHT PROFESSION Malware Communication"; flow:established, to_server; content:"profession"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2017-05-10,updated_at 2017-05-13,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183987;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERFECT RHEUMATISM Traffic Detected"; flow:established, to_client; content:"rheumatism"; priority:2; metadata:created_at 2019-08-02,updated_at 2019-08-28,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183988;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAD INDICATION Malware Communication"; flow:established,to_server; content:"indication"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-01-19,updated_at 2019-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183989;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREAT IRONY Malware Communication"; flow:established, to_server; content:"irony"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2018-01-11,updated_at 2018-01-14,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80183990;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMALL SUNKNOWN Malware Communication"; flow:established,to_server; content:"sUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-16,updated_at 2019-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183991;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOICELESS FANLIGHT Malware Communication"; flow:established,to_client; content:"fanlight"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-01-13,updated_at 2017-01-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80183992;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GOLDEN SIGNIFICANCE Malware Communication"; flow:established, to_server; content:"significance"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183993;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOLAR UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-09-16,updated_at 2016-09-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80183994;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-17,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80183995;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINGUISTIC OTHERS Traffic Detected"; flow:established, to_client; content:"others"; priority:3; metadata:hostile src_ip,created_at 2019-05-18,capec_id 248,updated_at 2019-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target nntp-client,attack_target client,protocols nntp,protocols tcp; rev:1; sid:80183996;) drop http any any -> $HOME_NET any (msg:"Acme - TART KICK-OFF Exploitation Attempt Seen"; flow:established,to_server; content:"kick-off"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-09-02,capec_id 15,updated_at 2017-09-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2015-7153501,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80183997;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL ROUTE Exploitation Attempt Seen"; flow:established,to_client; content:"route"; priority:3; metadata:cwe_id 119,created_at 2015-10-17,capec_id 255,updated_at 2015-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,cve 2015-9739079,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80183998;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMPTY SMOKING Exploitation Attempt Seen"; flow:established,to_client; content:"smoking"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-03-09,capec_id 255,updated_at 2018-03-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target http-client,attack_target client,cve 2018-5127853,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80183999;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOOSE VIRTUE Exploitation Attempt Seen"; flow:established,to_client; content:"virtue"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-10,capec_id 255,updated_at 2019-02-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target http-client,attack_target client,cve 2019-628762,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80184000;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EASTERN NORTH Malware Communication"; flow:established,to_server; content:"north"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-20,updated_at 2018-09-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184001;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN SLEUTH Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"sleuth"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2015-04-05,capec_id 255,updated_at 2015-04-11,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target http-client,attack_target client,cve 2015-3977938,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80184002;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRESENT RAFT Malware Communication"; flow:established, to_server; content:"raft"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-13,updated_at 2016-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184003;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CIVIC PALM Malware Communication"; flow:established,to_server; content:"palm"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-08,updated_at 2017-11-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184004;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUTURE WAVE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"wave"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-02,capec_id 123,updated_at 2019-09-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target http-client,attack_target client,cve 2017-7835127,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80184005;) drop http any any -> any any (msg:"Acme - UPPER COAST Exploitation Attempt Seen"; flow:established,to_server; content:"coast"; priority:2; metadata:cwe_id 79,created_at 2018-11-05,capec_id 63,updated_at 2018-11-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,cve 2017-7394334,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80184006;) alert http any any -> $HOME_NET any (msg:"Acme - MAMMOTH JOURNEY Exploitation Attempt Seen"; flow:established,to_server; content:"journey"; priority:2; metadata:cwe_id 79,hostile src_ip,created_at 2017-05-24,updated_at 2017-05-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2017-4516097,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:3; sid:80184007;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INQUISITIVE KIND Malware Communication"; flow:established, to_server; content:"kind"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184008;) #alert tcp any any -> $HOME_NET any (msg:"Acme - COMPETITIVE PAIL Traffic Detected"; flow:established, to_client; content:"pail"; priority:3; metadata:hostile src_ip,created_at 2016-06-03,capec_id 248,updated_at 2016-06-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target nntp-client,attack_target client,protocols nntp,protocols tcp; rev:1; sid:80184009;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PRESSURISATION Malware Communication"; flow:established, to_server; content:"pressurisation"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-08-11,updated_at 2019-08-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184010;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNER HARMONY Exploitation Attempt Seen"; flow:established, to_server; content:"harmony"; priority:3; metadata:hostile src_ip,created_at 2017-06-02,capec_id 100,updated_at 2017-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-4040372,protocols tcp; rev:1; sid:80184011;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE ADVANCE Exploitation Attempt Seen"; flow:established, to_server; content:"advance"; priority:3; metadata:hostile src_ip,created_at 2016-06-15,capec_id 100,updated_at 2016-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-6617625,protocols tcp; rev:1; sid:80184012;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFIDENT CLIMATE Traffic Detected"; flow:established,to_server; content:"climate"; priority:3; metadata:hostile src_ip,created_at 2018-03-23,capec_id 152,updated_at 2018-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184013;) drop http any any -> $HOME_NET any (msg:"Acme - NEARBY SNORER Traffic Detected"; flow:established,to_server; content:"snorer"; priority:2; metadata:cwe_id 98,hostile src_ip,created_at 2018-04-09,capec_id 253,updated_at 2018-04-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:2; sid:80184014;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLUE WINNER Malware Communication"; flow:established,to_server; content:"winner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-20,updated_at 2019-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184015;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CHEERFUL PANTRY Malware Communication"; flow:established,to_server; content:"pantry"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-08-21,updated_at 2018-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184016;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DETAILED FRAME Traffic Detected"; flow:established,to_server; content:"frame"; priority:2; metadata:hostile src_ip,created_at 2019-01-13,capec_id 152,updated_at 2019-01-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184017;) drop http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CONSISTENT UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:hostile src_ip,created_at 2017-05-24,capec_id 152,updated_at 2017-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184018;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCEPTIONAL ENTRANCE Malware Communication"; flow:established,to_client; file_data; content:"entrance"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2015-02-27,updated_at 2015-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184019;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FORWARD MANDARIN Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"mandarin"; priority:3; metadata:hostile src_ip,created_at 2015-09-10,capec_id 100,updated_at 2015-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-5046231,protocols http,protocols tcp; rev:2; sid:80184020;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - ADEQUATE MARKET Malware Communication"; flow:established,to_server; content:"market"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2015-09-08,updated_at 2015-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184021;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISITING HANDBALL Malware Communication"; flow:established,to_server; content:"handball"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-11,updated_at 2018-04-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184022;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - PROMISING POET Malware Communication"; flow:established,to_server; content:"poet"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-16,updated_at 2017-11-16,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184023;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN CARDIGAN Malware Communication"; flow:established,to_server; content:"cardigan"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-11-15,updated_at 2016-11-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184024;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POWERFUL LOAFER Malware Communication"; flow:established,to_client; content:"loafer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-01-01,updated_at 2016-01-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184025;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COGNITIVE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-09-11,capec_id 242,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184026;) drop http any any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - LOVELY TONE Malware Communication"; flow:established, to_server; content:"tone"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-01,updated_at 2018-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184027;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ROCKET Traffic Detected"; flow:established, to_server; content:"rocket"; priority:3; metadata:hostile src_ip,created_at 2019-07-21,capec_id 242,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184028;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANCIENT HUSBAND Exploitation Attempt Seen"; flow:established, to_server; content:"husband"; priority:3; metadata:hostile src_ip,created_at 2019-11-26,capec_id 248,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-2155362,protocols http,protocols tcp; rev:2; sid:80184029;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - PLANNED UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2016-01-09,capec_id 248,updated_at 2016-01-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-5914967,protocols http,protocols tcp; rev:1; sid:80184030;) drop http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - PRETTY WHOLESALER Traffic Detected"; flow:established,to_server; content:"wholesaler"; priority:2; metadata:hostile src_ip,created_at 2019-04-02,capec_id 286,updated_at 2019-04-02,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184031;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DETAINMENT Malware Communication"; flow:established,to_server; content:"detainment"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-20,updated_at 2019-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184032;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MID HAIR Exploitation Attempt Seen"; flow:established, to_client; content:"hair"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2019-06-03,capec_id 248,updated_at 2019-06-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2015-4935465,protocols tcp; rev:1; sid:80184033;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-02-15,updated_at 2017-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184034;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUR GRAB Traffic Detected"; flow:established,to_server; content:"grab"; priority:2; metadata:hostile src_ip,created_at 2017-03-17,capec_id 66,updated_at 2017-03-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184035;) #alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FEUNKNOWN Exploitation Attempt Seen"; flow:established,from_server; content:"feUNKNOWN"; priority:4; metadata:cwe_id 327,hostile src_ip,created_at 2019-11-06,updated_at 2019-11-20,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target tls-client,attack_target client,cve 2017-1320994,cvss_v2_temporal 2.8,protocols tls,protocols tcp; rev:1; sid:80184036;) #alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBNOXIOUS PERMIT Exploitation Attempt Seen"; flow:established,from_server; content:"permit"; priority:4; metadata:cwe_id 327,hostile src_ip,created_at 2018-03-18,updated_at 2018-03-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target tls-client,attack_target client,cve 2018-4092982,cvss_v2_temporal 5.3,protocols tls,protocols tcp; rev:1; sid:80184037;) #alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MATHEMATICAL QUART Exploitation Attempt Seen"; flow:established,from_server; content:"quart"; priority:4; metadata:cwe_id 327,hostile src_ip,created_at 2018-05-03,updated_at 2018-05-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target tls-client,attack_target client,cve 2015-3679701,cvss_v2_temporal 6.0,protocols tls,protocols tcp; rev:1; sid:80184038;) #alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTENSE STEAM Exploitation Attempt Seen"; flow:established,from_server; content:"steam"; priority:4; metadata:cwe_id 327,hostile src_ip,created_at 2018-07-26,updated_at 2018-07-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target tls-client,attack_target client,cve 2016-116106,cvss_v2_temporal 5.2,protocols tls,protocols tcp; rev:1; sid:80184039;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIRCULAR GRASSLAND Exploitation Attempt Seen"; flow:established,from_server; content:"grassland"; priority:4; metadata:cwe_id 327,hostile src_ip,created_at 2018-09-04,updated_at 2018-09-20,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target tls-client,attack_target client,cve 2018-500218,cvss_v2_temporal 8.1,protocols tls,protocols tcp; rev:1; sid:80184040;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LARGE FILTH Exploitation Attempt Seen"; flow:established,from_server; content:"filth"; priority:4; metadata:cwe_id 327,hostile src_ip,created_at 2019-07-26,updated_at 2019-07-28,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target tls-client,attack_target client,cve 2019-687637,cvss_v2_temporal 6.8,protocols tls,protocols tcp; rev:1; sid:80184041;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADJACENT ELEUNKNOWNNT Malware Communication"; flow:established,to_server; content:"eleUNKNOWNnt"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-05,updated_at 2018-07-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184042;) #alert http any any -> $HOME_NET any (msg:"Acme - GIVEN BOOSTER Traffic Detected"; flow:established, to_server; content:"booster"; priority:3; metadata:hostile dest_ip,created_at 2017-01-15,capec_id 248,updated_at 2017-01-17,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184043;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CORRESPONDING CENTER Malware Communication"; flow:established, to_server; content:"center"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-14,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184044;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STATISTICAL INVITE Malware Communication"; flow:established, to_server; content:"invite"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-08-10,updated_at 2016-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184045;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE PIONEER Malware Communication"; flow:established,to_server; content:"pioneer"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2015-09-02,updated_at 2015-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184046;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - VIOLENT OAK Malware Communication"; flow:established,to_server; content:"oak"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-02-11,updated_at 2019-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184047;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - INDIRECT PUDDLE Exploitation Attempt Seen"; flow:established, to_client; content:"puddle"; priority:3; metadata:hostile src_ip,created_at 2019-01-06,capec_id 100,updated_at 2019-01-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-9996297,protocols http,protocols tcp; rev:1; sid:80184048;) drop http any any -> $HOME_NET any (msg:"Acme - QUIET VAULT Exploitation Attempt Seen"; flow:established,to_server; content:"vault"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2019-07-19,capec_id 248,updated_at 2019-07-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cve 2016-2495208,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80184049;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ARTIFICIAL FOUNTAIN Malware Communication"; flow:established,to_server; content:"fountain"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184050;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCURATE BELT Malware Communication"; flow:established,to_client; content:"belt"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-01-05,updated_at 2019-01-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184051;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STEEP PLAYGROUND Malware Communication"; flow:established,to_client; content:"playground"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-03-11,updated_at 2018-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184052;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BELL Malware Communication"; flow:established,to_server; content:"bell"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-03-23,updated_at 2018-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184053;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VAGUE CASTANET Malware Communication"; flow:established,to_server; content:"castanet"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-03-07,updated_at 2019-03-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184054;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - MAXIMUM DETERMINATION Malware Communication"; flow:established,to_server; content:"determination"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-11-23,updated_at 2018-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184055;) drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SWIFT PORCUPINE Exploitation Attempt Seen"; flow:established,to_server; content:"porcupine"; priority:2; metadata:cwe_id 20,hostile src_ip,created_at 2016-09-25,capec_id 248,updated_at 2016-09-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cve 2015-5792576,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80184056;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MULTIPLE DUD Malware Communication"; flow:established,to_client; file_data; content:"dud"; priority:3; metadata:cwe_id 507,malware post-infection,created_at 2019-01-15,updated_at 2019-01-25,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184057;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRIVING TIGER Malware Communication"; flow:established,to_client; file_data; content:"tiger"; priority:2; metadata:cwe_id 507,malware post-infection,created_at 2018-04-24,updated_at 2018-04-26,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184058;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STORMY BULL Malware Communication"; flow:established,to_server; content:"bull"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-05,updated_at 2019-10-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184059;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN SIGNET Malware Communication"; flow:established,to_client; content:"signet"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-02-09,updated_at 2019-02-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184060;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOTAL PRECIPITATION Malware Communication"; flow:established,to_client; file_data; content:"precipitation"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-04-13,updated_at 2017-04-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184061;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCONSCIOUS HOLE Malware Communication"; flow:established,to_server; content:"hole"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-22,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184062;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DISCIPLINARY SYSTEM Malware Communication"; flow:established,to_client; content:"system"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-03-06,updated_at 2017-03-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184063;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - MUSHY UNKNOWNBOARD Malware Communication"; flow:established,to_server; content:"UNKNOWNboard"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-06-15,updated_at 2018-06-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184064;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - RELAXED CONSENT Malware Communication"; flow:established,to_server; content:"consent"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-08-18,updated_at 2019-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184065;) drop http any any -> $HOME_NET any (msg:"Acme - FIERCE DERBY Exploitation Attempt Seen"; flow:established, to_server; content:"derby"; priority:2; metadata:hostile src_ip,created_at 2019-03-11,capec_id 253,updated_at 2019-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-3750449,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:4; sid:80184066;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - INSTITUTIONAL POPULATION Malware Communication"; flow:established,to_server; content:"population"; priority:1; metadata:cwe_id 94,cwe_id 231,malware post-infection,hostile dest_ip,created_at 2017-05-26,updated_at 2017-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2016-4565157,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80184067;) drop http any any -> $HOME_NET any (msg:"Acme - LEADING CRAVAT Exploitation Attempt Seen"; flow:established, to_server; content:"cravat"; priority:2; metadata:cwe_id 79,hostile src_ip,created_at 2019-01-25,updated_at 2019-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,attack_target http-server,cve 2019-1137790,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80184068;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BUZZARD Malware Communication"; flow:established,to_server; content:"buzzard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-25,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184069;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - VOICELESS LAW Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"law"; priority:2; metadata:cwe_id 416,created_at 2017-03-21,capec_id 255,updated_at 2017-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,cve 2016-3700905,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80184070;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - MISTY COMBAT Malware Communication"; flow:established,to_server; content:"combat"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-23,updated_at 2019-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184071;) drop http $HOME_NET any -> any any (msg:"Acme - UNKNOWN ROAST Malware Communication"; flow:established,to_server; content:"roast"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-20,updated_at 2018-07-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184072;) drop tcp any any -> $HOME_NET any (msg:"Acme - RULING TAM Malware Communication"; flow:established; content:"tam"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2017-07-26,updated_at 2017-07-26,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80184073;) drop tcp any any -> $HOME_NET any (msg:"Acme - AMBITIOUS FRAME Malware Communication"; flow:established; content:"frame"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-02-09,updated_at 2019-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:5; sid:80184074;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FORWARD OCTAGON Exploitation Attempt Seen"; flow:established,to_client; content:"octagon"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-09-15,capec_id 255,updated_at 2018-09-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target http-client,attack_target client,cve 2018-9283177,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80184075;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTER GYM Malware Communication"; flow:established,to_server; content:"gym"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-11-19,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184076;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - INADEQUATE LUGGAGE Exploitation Attempt Seen"; flow:established, to_client; content:"luggage"; priority:3; metadata:hostile src_ip,created_at 2018-11-07,capec_id 100,updated_at 2018-11-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-8959159,protocols http,protocols tcp; rev:1; sid:80184077;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CENTRAL SPUR Malware Communication"; flow:established,to_server; content:"spur"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-23,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184078;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOSY TRIGONOMETRY Malware Communication"; flow:established,to_server; content:"trigonometry"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-11,updated_at 2018-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184079;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPLICABLE LONG Malware Communication"; flow:established,to_server; content:"long"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-09,updated_at 2019-03-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184080;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HORRIBLE SIDEBURNS Malware Communication"; flow:established,to_server; content:"sideburns"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-01,updated_at 2016-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184081;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LITTLE CORRAL Exploitation Attempt Seen"; flow:established, to_server; content:"corral"; priority:3; metadata:cwe_id 209,hostile src_ip,created_at 2017-09-04,capec_id 118,updated_at 2017-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cve 2017-9057610,cvss_v2_temporal 1.8,protocols http,protocols tcp; rev:3; sid:80184082;) drop tcp any any -> $HOME_NET any (msg:"Acme - FANCY LITTER Malware Communication"; flow:established; content:"litter"; priority:2; metadata:cwe_id 506,malware download-attempt,created_at 2019-04-27,updated_at 2019-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80184083;) drop tcp any any -> $HOME_NET any (msg:"Acme - ENTHUSIASTIC WHISTLE Malware Communication"; flow:established; content:"whistle"; priority:2; metadata:cwe_id 506,malware download-attempt,created_at 2019-10-11,updated_at 2019-10-17,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80184084;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - WORKING LOAD Traffic Detected"; flow:established, to_server; content:"load"; priority:4; metadata:hostile src_ip,created_at 2017-11-01,capec_id 118,updated_at 2017-11-04,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184085;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - MINIMAL UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:hostile src_ip,created_at 2019-04-24,capec_id 118,updated_at 2019-04-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184086;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ENVIRONMENTAL SANDALS Traffic Detected"; flow:established, to_server; content:"sandals"; priority:4; metadata:hostile src_ip,created_at 2019-02-05,capec_id 118,updated_at 2019-02-13,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184087;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNKNOWN VISION Traffic Detected"; flow:established, to_server; content:"vision"; priority:4; metadata:hostile src_ip,created_at 2018-10-14,capec_id 118,updated_at 2018-10-25,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184088;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CIVIL TARGET Traffic Detected"; flow:established, to_server; content:"target"; priority:4; metadata:hostile src_ip,created_at 2019-08-03,capec_id 118,updated_at 2019-08-10,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184089;) alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CONFIDENT UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:hostile src_ip,created_at 2017-03-20,capec_id 118,updated_at 2017-03-24,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184090;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - AWFUL CRITERION Traffic Detected"; flow:established, to_server; content:"criterion"; priority:4; metadata:hostile src_ip,created_at 2017-04-27,capec_id 118,updated_at 2017-04-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184091;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - POOR CAMEO Traffic Detected"; flow:established, to_server; content:"cameo"; priority:4; metadata:hostile src_ip,created_at 2019-03-12,capec_id 118,updated_at 2019-03-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184092;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - RESIDENT VIDEO Traffic Detected"; flow:established, to_server; content:"video"; priority:4; metadata:hostile src_ip,created_at 2019-07-25,capec_id 118,updated_at 2019-07-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184093;) alert http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNITED SLOPE Traffic Detected"; flow:established, to_server; content:"slope"; priority:4; metadata:hostile src_ip,created_at 2019-04-15,capec_id 118,updated_at 2019-04-15,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184094;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUTUAL TILL Malware Communication"; flow:established,to_client; file_data; content:"till"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-09-05,updated_at 2018-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184095;) drop tcp any $HTTP_PORTS -> $HOME_NET any (msg:"Acme - GRADUAL FISHMONGER Malware Communication"; flow:established,to_client; content:"fishmonger"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-07-22,updated_at 2016-07-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184096;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIGHTY FIREMAN Malware Communication"; flow:established,to_server; content:"fireman"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-03,updated_at 2018-02-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184097;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN COUNTER-FORCE Malware Communication"; flow:established,to_server; content:"counter-force"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-01,updated_at 2019-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184098;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND LYRIC Malware Communication"; flow:established,to_client; content:"lyric"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-07-09,updated_at 2019-07-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184099;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ZEALOUS TIRE Malware Communication"; flow:established,to_client; content:"tire"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-01-08,updated_at 2019-01-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184100;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JOLLY COLONISATION Malware Communication"; flow:established,to_server; content:"colonisation"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-03-10,updated_at 2017-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184101;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ARTISTIC BOWLING Traffic Detected"; flow:established, to_client; file_data; content:"bowling"; priority:3; metadata:hostile src_ip,created_at 2018-03-27,capec_id 100,updated_at 2018-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184102;) alert http any any -> $HOME_NET any (msg:"Acme - COMPLEX RETOUCH Exploitation Attempt Seen"; flow:established,to_server; content:"retouch"; priority:3; metadata:cwe_id 79,cvss_v3_base 4.8,hostile src_ip,created_at 2019-02-09,capec_id 63,updated_at 2019-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target server,attack_target http-server,cvss_v3_temporal 4.8,cve 2019-9668571,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80184103;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COURAGEOUS STAMP Malware Communication"; flow:established,to_server; content:"stamp"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-14,updated_at 2019-01-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184104;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RED DESIGN Traffic Detected"; flow:established,to_server; content:"design"; priority:4; metadata:hostile dest_ip,created_at 2018-01-05,updated_at 2018-01-25,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184105;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRELIMINARY UNKNOWN Malware Communication"; flow:established,to_server; urilen:>100; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-08,updated_at 2019-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80184106;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN NATIONAL Exploitation Attempt Seen"; flow:established,to_server; content:"national"; priority:2; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2017-08-19,capec_id 76,updated_at 2017-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2016-5642726,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:1; sid:80184107;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TOSSER Malware Communication"; flow:established, to_server; content:"tosser"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-15,updated_at 2019-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184108;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRIPED KANGAROO Exploitation Attempt Seen"; flow:established,to_server; content:"kangaroo"; priority:2; metadata:cwe_id 16,hostile src_ip,created_at 2018-09-13,capec_id 63,updated_at 2018-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cve 2016-6365292,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:1; sid:80184109;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RECENT SHORTWAVE Traffic Detected"; flow:established,to_server; content:"shortwave"; priority:4; metadata:hostile dest_ip,created_at 2017-10-04,updated_at 2017-10-23,filename forensic.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184110;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERIOR VESSEL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"vessel"; priority:2; metadata:cwe_id 693,hostile src_ip,created_at 2017-02-15,capec_id 129,updated_at 2017-02-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cve 2017-2243043,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80184111;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEARY OCEAN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"ocean"; priority:2; metadata:cwe_id 693,hostile src_ip,created_at 2018-11-23,capec_id 153,updated_at 2018-11-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2018-4563889,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80184112;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BORING MOSQUITO Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"mosquito"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-06,capec_id 255,updated_at 2019-03-11,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2018-8058676,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80184113;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VALUABLE CONCERN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"concern"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-08-26,capec_id 255,updated_at 2018-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target http-client,attack_target client,cve 2017-3020515,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80184114;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLD INDIGENCE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"indigence"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-10-21,capec_id 255,updated_at 2019-10-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target http-client,attack_target client,cve 2016-3004242,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:2; sid:80184115;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCEPTABLE CRITICISM Malware Communication"; flow:established,to_server; content:"criticism"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-06-12,updated_at 2019-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184116;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLOBAL CATAMARAN Malware Communication"; flow:established,to_server; content:"catamaran"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-03-22,updated_at 2017-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184117;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STABLE CIRCLE Malware Communication"; flow:established,to_server; content:"circle"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-07-16,updated_at 2019-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184118;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUDE HUGGER Exploitation Attempt Seen"; flow:established, to_server; content:"hugger"; priority:2; metadata:cwe_id 89,hostile src_ip,created_at 2018-07-24,capec_id 110,updated_at 2018-07-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cve 2018-5384784,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:2; sid:80184119;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN THRONE Malware Communication"; flow:established,to_server; content:"throne"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-02-07,updated_at 2019-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184120;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEARY RAIMENT Malware Communication"; flow:established,to_server; content:"raiment"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-11-27,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184121;) drop tcp any $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CONTINENTAL PIECE Malware Communication"; flow:established,to_client; content:"piece"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-10-21,updated_at 2017-10-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184122;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - INJURED LANTERN Malware Communication"; flow:established,to_server; content:"lantern"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2018-03-18,updated_at 2018-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184123;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRUNK PLUME Malware Communication"; flow:established,to_client; content:"plume"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-02-23,updated_at 2017-02-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184124;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MAYOR Malware Communication"; flow:established,to_server; content:"mayor"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2015-03-02,updated_at 2015-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184125;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCOURAGING UNKNOWNENING Malware Communication"; flow:established,to_server; content:"UNKNOWNening"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-25,updated_at 2016-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184126;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN COOKING Malware Communication"; flow:established,to_server; content:"cooking"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-10-10,updated_at 2019-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184127;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SHY CONSPIRATOR Malware Communication"; flow:established,to_client; content:"conspirator"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-04-19,updated_at 2019-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80184128;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - SCREECHING BLIGHT Malware Communication"; flow:established,to_server; content:"blight"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,created_at 2016-01-19,updated_at 2016-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184129;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAINT SAILBOAT Exploitation Attempt Seen"; flow:established,to_client; content:"sailboat"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-05-19,capec_id 129,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target client,cve 2018-8224422,cvss_v2_temporal 6.3,protocols tcp; rev:2; sid:80184130;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISERABLE LOOK Malware Communication"; flow:established,to_server; content:"look"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-13,updated_at 2019-10-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184131;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CAUSAL TOTAL Malware Communication"; flow:established,to_server; content:"total"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-25,updated_at 2016-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184132;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENVIRONMENTAL OBJECTIVE Exploitation Attempt Seen"; flow:established, to_server; content:"objective"; priority:3; metadata:hostile src_ip,created_at 2018-05-19,capec_id 100,updated_at 2018-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-2234134,protocols tcp; rev:1; sid:80184133;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCONSCIOUS HOLE Exploitation Attempt Seen"; flow:established, to_server; content:"hole"; priority:3; metadata:hostile src_ip,created_at 2018-01-22,capec_id 100,updated_at 2018-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-2686460,protocols tcp; rev:1; sid:80184134;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLOSE ADVERTISING Malware Communication"; flow:established,to_server; content:"advertising"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-07-12,updated_at 2018-07-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184135;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RENEWED FOG Malware Communication"; flow:established,to_server; content:"fog"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-16,updated_at 2019-06-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80184136;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLAT ADVANCE Malware Communication"; flow:established,to_server; urilen:10; content:"advance"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-07-01,updated_at 2016-07-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184137;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOUGH MOMENT Malware Communication"; flow:established,to_server; content:"moment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-06,updated_at 2018-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184138;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMERICAN LENGTH Exploitation Attempt Seen"; flow:established, to_server; content:"length"; priority:3; metadata:hostile src_ip,created_at 2018-09-10,capec_id 100,updated_at 2018-09-14,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2015-9890006,protocols smb,protocols tcp; rev:1; sid:80184139;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HANDSOME DECONGESTANT Malware Communication"; flow:established,to_client; content:"decongestant"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-01-10,updated_at 2017-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184140;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EDUCATIONAL UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-20,updated_at 2017-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184141;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ALIVE TANGERINE Malware Communication"; flow:established,to_client; content:"tangerine"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-09-06,updated_at 2019-09-15,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184142;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROUND TSUNAMI Malware Communication"; flow:established, to_server; content:"tsunami"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-15,updated_at 2017-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184143;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT OSMOSIS Malware Communication"; flow:established, to_server; content:"osmosis"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-24,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184144;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SPEAR Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"spear"; priority:2; metadata:cwe_id 119,created_at 2019-08-16,capec_id 255,updated_at 2019-08-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.6,cve 2019-8561730,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80184145;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ARTISTIC INK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"ink"; priority:2; metadata:cwe_id 119,created_at 2019-11-23,capec_id 255,updated_at 2019-11-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,cve 2019-220473,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80184146;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARMING ENVIRONMENT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"environment"; priority:2; metadata:cwe_id 119,created_at 2017-08-26,capec_id 255,updated_at 2017-08-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.0,cve 2015-544182,cvss_v2_temporal 1.6,protocols http,protocols tcp; rev:2; sid:80184147;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELEVANT VOYAGE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"voyage"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-02-22,capec_id 255,updated_at 2018-02-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2016-1517510,cvss_v2_temporal 5.5,protocols http,protocols tcp; rev:2; sid:80184148;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - BRIGHT RADIATOR Malware Communication"; flow:established,to_server; content:"radiator"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-25,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184149;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRECIOUS FLOW Malware Communication"; flow:established,to_server; content:"flow"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-15,updated_at 2019-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184150;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CREEPY PORTER Malware Communication"; flow:established,to_server; content:"porter"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-18,updated_at 2019-01-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184151;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROKEN CONCERN Malware Communication"; flow:established,to_server; content:"concern"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-07-13,updated_at 2018-07-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184152;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COOL PIE Malware Communication"; flow:established,to_client; content:"pie"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-10-03,updated_at 2018-10-03,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184153;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNEMPLOYED SKULL Malware Communication"; flow:established,to_client; content:"skull"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2017-11-07,updated_at 2017-11-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184154;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LINEAR CARTILAGE Malware Communication"; flow:established,to_server; content:"cartilage"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-08-06,updated_at 2018-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184155;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL IRON Malware Communication"; flow:established,to_server; content:"iron"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-05,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184156;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VALUABLE FULL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"full"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2017-02-14,capec_id 255,updated_at 2017-02-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cve 2016-5878588,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80184157;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSIDE LOT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"lot"; priority:2; metadata:cwe_id 264,hostile src_ip,created_at 2019-07-22,capec_id 233,updated_at 2019-07-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target http-client,attack_target client,cve 2019-3902608,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80184158;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HISTORICAL LAWN Traffic Detected"; flow:established, to_server; content:"lawn"; priority:1; metadata:hostile dest_ip,created_at 2016-11-11,updated_at 2016-11-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80184159;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FREQUENT TUXEDO Malware Communication"; flow:established, to_server; content:"tuxedo"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-06-04,updated_at 2016-06-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80184160;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERNAL ASSIGNMENT Malware Communication"; flow:established,to_server; content:"assignment"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-04-04,updated_at 2019-04-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184161;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPECIAL BALCONY Exploitation Attempt Seen"; flow:established,to_client; content:"balcony"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-21,capec_id 255,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cve 2016-2403568,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80184162;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUNNY EMBOSSING Malware Communication"; flow:established,to_server; content:"embossing"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-24,updated_at 2018-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184163;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRIBLE SOLID Malware Communication"; flow:established, to_server; content:"solid"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-17,updated_at 2019-04-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184164;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURVED OUTCOME Malware Communication"; flow:established, to_server; content:"outcome"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-11-11,updated_at 2017-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184165;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIGHT DOUBT Malware Communication"; flow:established, to_server; content:"doubt"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-08-24,updated_at 2017-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184166;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PENDULUM Malware Communication"; flow:established,to_server; content:"pendulum"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-11-04,updated_at 2019-11-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184167;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPORTING FALLING-OUT Exploitation Attempt Seen"; flow:established, to_server; content:"falling-out"; priority:3; metadata:hostile src_ip,created_at 2019-05-12,capec_id 118,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-274029,protocols tcp; rev:1; sid:80184168;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PLEASANT CHIPMUNK Malware Communication"; flow:established,to_server; content:"chipmunk"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-02-07,updated_at 2017-02-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184169;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISTY PLANET Malware Communication"; flow:established,to_server; content:"planet"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-03-12,updated_at 2018-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184170;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STICKY BUTTER Malware Communication"; flow:established,to_server; content:"butter"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-06-06,updated_at 2018-06-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184171;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCESSIVE CASE Exploitation Attempt Seen"; flow:established,to_server; content:"case"; priority:2; metadata:cwe_id 79,hostile src_ip,created_at 2018-08-06,capec_id 63,updated_at 2018-08-11,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,attack_target http-server,cve 2018-726711,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:2; sid:80184172;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KEY BONSAI Malware Communication"; flow:established,to_server; content:"bonsai"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-11-24,updated_at 2019-11-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184173;) drop ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CREEPY VIOLENCE Exploitation Attempt Seen"; flow:established,to_server; content:"violence"; priority:2; metadata:cwe_id 284,hostile src_ip,created_at 2018-03-16,capec_id 17,updated_at 2018-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target ftp-server,attack_target server,cve 2016-5983124,cvss_v2_temporal 6.0,protocols ftp,protocols tcp; rev:2; sid:80184174;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELAXED EVOLUTION Malware Communication"; flow:established,to_client; content:"evolution"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-06-25,updated_at 2018-06-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80184175;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN EYEBALL Malware Communication"; flow:established,to_server; content:"eyeball"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-11-19,updated_at 2017-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184176;) drop tcp any any -> $HOME_NET any (msg:"Acme - QUICK ANYWHERE Exploitation Attempt Seen"; flow:established,to_server; content:"anywhere"; priority:2; metadata:cwe_id 77,hostile src_ip,created_at 2015-04-24,capec_id 248,updated_at 2015-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2015-1626616,cvss_v2_temporal 1.3,protocols tcp; rev:2; sid:80184177;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOVEL LOSS Malware Communication"; flow:established,to_server; content:"loss"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-05-08,updated_at 2019-05-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184178;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENDED PROMPT Malware Communication"; flow:established,to_server; content:"prompt"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-01-12,updated_at 2019-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184179;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIMY TATTOO Malware Communication"; flow:established,to_server; content:"tattoo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184180;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEGATIVE LUNCHEONETTE Malware Communication"; flow:established,to_server; content:"luncheonette"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-09-25,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184181;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISERABLE CUB Malware Communication"; flow:established,to_server; content:"cub"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-24,updated_at 2018-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184182;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROSPECTIVE IF Malware Communication"; flow:established,to_client; file_data; content:"if"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-02-18,updated_at 2017-02-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184183;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BICYCLE Malware Communication"; flow:established,to_server; content:"bicycle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-11,updated_at 2018-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184184;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FORWARD FEET Malware Communication"; flow:established, to_client; content:"feet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-02-24,updated_at 2016-02-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184185;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN FOOT Exploitation Attempt Seen"; flow:established,to_server; content:"foot"; priority:3; metadata:cwe_id 79,created_at 2019-05-17,capec_id 63,updated_at 2019-05-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,cve 2016-393941,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80184186;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWKWARD TEMPO Malware Communication"; flow:established,to_server; content:"tempo"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-16,updated_at 2019-02-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184187;) #alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INDIVIDUAL MUTT Exploitation Attempt Seen"; flow:established, to_server; content:"mutt"; priority:3; metadata:hostile src_ip,created_at 2016-11-09,capec_id 100,updated_at 2016-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-5987258,protocols ftp; rev:2; sid:80184188;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MOTIONLESS CAST Malware Communication"; flow:established,to_server; content:"cast"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-08-13,updated_at 2017-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184189;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCHANGED RIM Malware Communication"; flow:established,to_server; content:"rim"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-07-23,updated_at 2017-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184190;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPORTANT INTERACTION Malware Communication"; flow:established,to_server; content:"interaction"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-05,updated_at 2018-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184191;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORIGINAL LINE Exploitation Attempt Seen"; flow:established,to_server; content:"line"; priority:3; metadata:cwe_id 121,created_at 2019-03-03,capec_id 100,updated_at 2019-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2019-7120155,cvss_v2_temporal 8.8,protocols http,protocols tcp; rev:2; sid:80184192;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEPENDENT WELL Malware Communication"; flow:established, to_server; content:"well"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-03-14,updated_at 2019-03-26,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184193;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUTHERN FISHMONGER Exploitation Attempt Seen"; flow:established, to_client; content:"fishmonger"; priority:1; metadata:cwe_id 399,hostile src_ip,created_at 2019-08-02,updated_at 2019-08-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-8802184,cve 2017-8802184,cve 2017-8802184,protocols http,protocols tcp; rev:2; sid:80184194;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FOOT Exploitation Attempt Seen"; flow:established, to_client; content:"foot"; priority:1; metadata:cwe_id 399,hostile src_ip,created_at 2019-02-19,updated_at 2019-02-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-4571208,cve 2017-4571208,cve 2017-4571208,protocols http,protocols tcp; rev:2; sid:80184195;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - PRINCIPAL TWO Malware Communication"; flow:established,to_server; content:"two"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2017-06-10,updated_at 2017-06-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-6009651,cve 2016-6009651,cve 2016-6009651,protocols http,protocols tcp; rev:2; sid:80184196;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MONETARY TURNIP Traffic Detected"; flow:established,to_server; content:"turnip"; priority:1; metadata:hostile dest_ip,created_at 2015-01-18,updated_at 2015-01-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184197;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STEEP DANCING Malware Communication"; flow:established, to_server; content:"dancing"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-23,updated_at 2018-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184198;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEVOTED UNKNOWNDKILLER Malware Communication"; flow:established, to_server; content:"UNKNOWNdkiller"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-07,updated_at 2017-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184199;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOCAL INVOICE Malware Communication"; flow:established, to_server; content:"invoice"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-06,updated_at 2019-05-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184200;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUSICAL FUTURE Malware Communication"; flow:established,to_server; content:"future"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2015-07-15,updated_at 2015-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184201;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNCTIONAL HOBBY Malware Communication"; flow:established,to_client; content:"hobby"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-11-23,updated_at 2019-11-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184202;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DECENT KAZOO Malware Communication"; flow:established, to_server; content:"kazoo"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2016-03-05,updated_at 2016-03-20,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184203;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAPID UNKNOWN Malware Communication"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware download-attempt,created_at 2019-09-19,updated_at 2019-09-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184204;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN VEGETABLE Malware Communication"; flow:established,to_client; content:"vegetable"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2017-01-08,updated_at 2017-01-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184205;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNINTERESTED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-26,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184206;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPPOSED RECORDING Malware Communication"; flow:established,to_server; content:"recording"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-03-12,updated_at 2017-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184207;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILD HOBBIT Malware Communication"; flow:established, to_server; content:"hobbit"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-07,updated_at 2019-06-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184208;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOOLISH MOUNTAIN Malware Communication"; flow:established, to_server; content:"mountain"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-03-24,updated_at 2019-03-27,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184209;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURIOUS UMBRELLA Malware Communication"; flow:established, to_server; content:"umbrella"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2016-06-16,updated_at 2016-06-28,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184210;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN NOTE Malware Communication"; flow:established, to_client; content:"note"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-08-09,updated_at 2019-08-15,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184211;) alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PANICKY FLAG Traffic Detected"; flow:established,to_server; content:"flag"; priority:2; metadata:created_at 2019-08-23,capec_id 125,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:2; sid:80184212;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENDER UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-07-11,updated_at 2018-07-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184213;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHOCKED STALLION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"stallion"; priority:2; metadata:cwe_id 119,created_at 2017-04-25,capec_id 255,updated_at 2017-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cve 2017-8140064,protocols http,protocols tcp; rev:3; sid:80184214;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPECTACULAR FIX Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"fix"; priority:2; metadata:cwe_id 119,created_at 2017-03-26,capec_id 255,updated_at 2017-03-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.3,cve 2016-9874926,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80184215;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELIGHTFUL INSECT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"insect"; priority:2; metadata:cwe_id 693,created_at 2019-08-14,capec_id 253,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.9,cve 2019-2595146,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80184216;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOUD SOLID Malware Communication"; flow:established, to_server; content:"solid"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-21,updated_at 2017-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184217;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SPORTING STUMBLING Exploitation Attempt Seen"; flow:established,to_client; content:"stumbling"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2017-05-04,capec_id 123,updated_at 2017-05-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target client,cve 2015-2704588,cvss_v2_temporal 4.1,protocols tcp; rev:2; sid:80184218;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CENTRAL WOOLEN Malware Communication"; flow:established, to_server; content:"woolen"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2016-06-03,updated_at 2016-06-16,filename spyware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184219;) drop tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - PURPLE PHYSICAL Traffic Detected"; flow:established; content:"physical"; priority:2; metadata:cwe_id 506,created_at 2016-03-23,updated_at 2016-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80184220;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IDEAL RUCKUS Exploitation Attempt Seen"; flow:established,to_server; content:"ruckus"; priority:2; metadata:cwe_id 229,hostile src_ip,created_at 2017-08-09,capec_id 255,updated_at 2017-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,cve 2015-7359327,cvss_v2_temporal 3.0,protocols tcp; rev:4; sid:80184221;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANCY SUNDIAL Malware Communication"; flow:established,to_client; content:"sundial"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-05-10,updated_at 2019-05-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184222;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CONSCIOUS CATEGORY Malware Communication"; flow:established,to_client; content:"category"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-08-01,updated_at 2019-08-10,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184223;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DEAD LIER Malware Communication"; flow:established,to_client; content:"lier"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-03-16,updated_at 2019-03-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184224;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAD GAFFER Malware Communication"; flow:established, to_server; content:"gaffer"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-27,filename spyware.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184225;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - WELL-KNOWN CASE Malware Communication"; flow:established,to_server; content:"case"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-03-16,updated_at 2017-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184226;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENCHANTING ARCHEOLOGY Traffic Detected"; flow:established,to_client; content:"archeology"; priority:4; metadata:created_at 2019-07-26,updated_at 2019-07-28,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184227;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - LIVE NIGHTINGALE Malware Communication"; flow:established,to_server; content:"nightingale"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-04-01,updated_at 2018-04-02,filename adware.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184228;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CRUCIAL COMMUNICATION Malware Communication"; flow:established,to_server; content:"communication"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-13,updated_at 2016-10-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184229;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INVISIBLE COPY Malware Communication"; flow:established,to_server; content:"copy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-26,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184230;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - OPTIMISTIC ASTRONOMY Malware Communication"; flow:established,to_server; content:"astronomy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-27,updated_at 2017-08-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184231;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORGANISATIONAL CELERIAC Malware Communication"; flow:established, to_server; content:"celeriac"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-23,updated_at 2015-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:3; sid:80184232;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EFFECTIVE TOPIC Malware Communication"; flow:established, to_server; content:"topic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-06,updated_at 2018-11-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:3; sid:80184233;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNKLY MACHINE Malware Communication"; flow:established, to_server; content:"machine"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2017-01-25,updated_at 2017-01-26,filename spyware.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184234;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHALLOW SCHOOL Malware Communication"; flow:established,to_server; content:"school"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-06,updated_at 2019-09-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184235;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TRADITIONAL CHAMPION Malware Communication"; flow:established,to_server; content:"champion"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-22,updated_at 2018-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184236;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEW LAB Malware Communication"; flow:established,to_server; content:"lab"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-23,updated_at 2018-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184237;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHOSEN STAMP Malware Communication"; flow:established,to_server; content:"stamp"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-18,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184238;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIGHTENED PASSBOOK Malware Communication"; flow:established,to_server; content:"passbook"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-19,updated_at 2016-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184239;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVANCED LOCKER Malware Communication"; flow:established,to_server; content:"locker"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-25,updated_at 2018-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184240;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOVIET CAFE Malware Communication"; flow:established,to_server; content:"cafe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-20,updated_at 2018-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184241;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENERGETIC JAMES Malware Communication"; flow:established,to_client; content:"james"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-11-15,updated_at 2018-11-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184242;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNNY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:11; sid:80184243;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN E-READER Malware Communication"; flow:established, to_client; content:"e-reader"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-09,updated_at 2017-07-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184244;) drop http any any -> $HOME_NET any (msg:"Acme - STABLE CHEEK Malware Communication"; flow:established, to_server; content:"cheek"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-02-12,updated_at 2019-02-28,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184245;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DOMINANT CATSUP Malware Communication"; flow:established,to_server; content:"catsup"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-03-21,updated_at 2019-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184246;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHANGING EXTENSION Malware Communication"; flow:established,to_server; content:"extension"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-07-12,updated_at 2018-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184247;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORKING GRANDSON Traffic Detected"; flow:established,to_server; content:"grandson"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-08-19,capec_id 286,updated_at 2019-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80184248;) drop tcp any any -> any any (msg:"Acme - NEAR STENCIL Malware Communication"; flow:established, to_server; content:"stencil"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-04-06,updated_at 2019-04-25,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80184249;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURRENT FOB Malware Communication"; flow:established,to_server; content:"fob"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184250;) drop http any any -> $HOME_NET any (msg:"Acme - CHOSEN RADIATOR Traffic Detected"; flow:established,to_server; content:"radiator"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-04-02,capec_id 6,updated_at 2019-04-02,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80184251;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSTITUTIONAL BATTER Malware Communication"; flow:established,to_server; content:"batter"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-06-10,updated_at 2017-06-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184252;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CROWDED CANOPY Malware Communication"; flow:established,to_server; content:"canopy"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-08,updated_at 2019-02-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80184253;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - VAST COMBAT Malware Communication"; flow:established,to_server; content:"combat"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-13,updated_at 2019-03-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184254;) alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RICH FRIGATE Traffic Detected"; flow:established,to_server; content:"frigate"; priority:4; metadata:cwe_id 657,created_at 2018-08-27,updated_at 2018-08-28,filename acme.rules,priority info,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80184255;) drop http any any -> $HOME_NET any (msg:"Acme - POLISH GOSLING Traffic Detected"; flow:established,to_server; content:"gosling"; priority:2; metadata:hostile src_ip,created_at 2018-01-21,updated_at 2018-01-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184256;) drop http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNITED CARDBOARD Traffic Detected"; flow:established,to_server; content:"cardboard"; priority:2; metadata:hostile src_ip,created_at 2019-08-25,updated_at 2019-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80184257;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STEADY RY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"ry"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-12,capec_id 129,updated_at 2019-11-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target http-client,attack_target client,cve 2015-8576391,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80184258;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCEPTIONAL ACT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"act"; priority:2; metadata:cwe_id 843,hostile src_ip,created_at 2019-09-02,capec_id 255,updated_at 2019-09-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2017-8097770,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80184259;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RASPY PINT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"pint"; priority:2; metadata:cwe_id 843,hostile src_ip,created_at 2019-04-13,capec_id 129,updated_at 2019-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2019-7212214,cvss_v2_temporal 1.5,protocols http,protocols tcp; rev:2; sid:80184260;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRONG DILAPIDATION Traffic Detected"; flow:established,to_server; content:"dilapidation"; priority:2; metadata:hostile src_ip,created_at 2019-11-10,updated_at 2019-11-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184261;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMALL MARSHLAND Malware Communication"; flow:established, to_client; content:"marshland"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-11-02,updated_at 2015-11-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184262;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANAGING UNKNOWNSHIRT Malware Communication"; flow:established,to_server; content:"UNKNOWNshirt"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-24,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184263;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONDEMNED STUFF Malware Communication"; flow:established,to_server; content:"stuff"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-04-12,updated_at 2017-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184264;) drop http $HOME_NET any -> any any (msg:"Acme - ENCOURAGING PRESENT Malware Communication"; flow:established, to_server; content:"present"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-01,updated_at 2019-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184265;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RED RESALE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"resale"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2017-05-19,capec_id 255,updated_at 2017-05-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cve 2016-8563408,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80184266;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INCREASED SLICE Traffic Detected"; flow:established, to_server; content:"slice"; priority:2; metadata:hostile src_ip,created_at 2017-08-04,updated_at 2017-08-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184267;) #alert tcp any any -> any any (msg:"Acme - RESONANT TASSEL Traffic Detected"; flow:established,to_server; content:"tassel"; priority:3; metadata:created_at 2019-05-12,capec_id 286,updated_at 2019-05-13,filename scada.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80184268;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIABLE UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-02-24,updated_at 2018-02-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80184269;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISASTROUS METALLURGIST Malware Communication"; flow:established,to_server; content:"metallurgist"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-14,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184270;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIGHT FELONY Malware Communication"; flow:established,to_server; content:"felony"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-05-17,updated_at 2018-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184271;) drop http any any -> any $HTTP_PORTS (msg:"Acme - EXTERNAL SLEET Exploitation Attempt Seen"; flow:established,to_server; content:"sleet"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-07-27,capec_id 63,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,cve 2019-671679,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:3; sid:80184272;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIG EGGHEAD Malware Communication"; flow:established,to_server; content:"egghead"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-10-17,updated_at 2017-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184273;) drop http any any -> $HOME_NET any (msg:"Acme - EXACT SON Exploitation Attempt Seen"; flow:established,to_server; content:"son"; priority:3; metadata:cwe_id 256,cwe_id 276,hostile src_ip,created_at 2018-08-07,capec_id 118,updated_at 2018-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,attack_target http-server,cve 2018-2889072,cvss_v2_temporal 2.0,protocols http,protocols tcp; rev:2; sid:80184274;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOVELY DEW Exploitation Attempt Seen"; flow:established, to_server; content:"dew"; priority:3; metadata:hostile src_ip,created_at 2019-04-06,capec_id 175,updated_at 2019-04-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-1710548,protocols http,protocols tcp; rev:2; sid:80184275;) #alert tcp any any -> any any (msg:"Acme - YUMMY UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:created_at 2019-06-17,capec_id 286,updated_at 2019-06-23,filename scada.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80184276;) #alert tcp any any -> any any (msg:"Acme - BAD STAIRCASE Traffic Detected"; flow:established,to_server; content:"staircase"; priority:3; metadata:hostile src_ip,created_at 2019-09-21,capec_id 286,updated_at 2019-09-25,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184277;) #alert tcp any any -> any any (msg:"Acme - EVENTUAL KLEENEX Traffic Detected"; flow:established,to_server; content:"kleenex"; priority:3; metadata:hostile src_ip,created_at 2019-08-04,capec_id 286,updated_at 2019-08-09,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184278;) #alert tcp any any -> any any (msg:"Acme - PLAIN BREAKPOINT Traffic Detected"; flow:established,to_server; content:"breakpoint"; priority:3; metadata:hostile src_ip,created_at 2016-03-05,capec_id 286,updated_at 2016-03-06,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184279;) #alert tcp any any -> any any (msg:"Acme - LONG-TERM RETOUCH Traffic Detected"; flow:established,to_server; content:"retouch"; priority:3; metadata:hostile src_ip,created_at 2017-09-22,capec_id 286,updated_at 2017-09-23,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184280;) #alert tcp any any -> any any (msg:"Acme - ANXIOUS BACK Traffic Detected"; flow:established,to_server; content:"back"; priority:3; metadata:hostile src_ip,created_at 2019-09-06,capec_id 286,updated_at 2019-09-21,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184281;) #alert tcp any any -> any any (msg:"Acme - BROWN MARACA Traffic Detected"; flow:established,to_server; content:"maraca"; priority:3; metadata:hostile src_ip,created_at 2019-07-12,capec_id 286,updated_at 2019-07-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184282;) #alert tcp any any -> any any (msg:"Acme - NOISY ABBEY Traffic Detected"; flow:established,to_server; content:"abbey"; priority:3; metadata:hostile src_ip,created_at 2016-10-07,capec_id 286,updated_at 2016-10-24,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184283;) #alert tcp any any -> any any (msg:"Acme - LOUD LADYBUG Traffic Detected"; flow:established,to_server; content:"ladybug"; priority:3; metadata:hostile src_ip,created_at 2016-10-19,capec_id 286,updated_at 2016-10-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184284;) #alert tcp any any -> any any (msg:"Acme - LONG UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-11-06,capec_id 286,updated_at 2018-11-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184285;) #alert tcp any any -> any any (msg:"Acme - JUNIOR SEASON Traffic Detected"; flow:established,to_server; content:"season"; priority:3; metadata:hostile src_ip,created_at 2017-10-24,capec_id 286,updated_at 2017-10-24,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184286;) #alert tcp any any -> any any (msg:"Acme - MODERN PROPERTY Traffic Detected"; flow:established,to_server; content:"property"; priority:3; metadata:hostile src_ip,created_at 2018-09-05,capec_id 286,updated_at 2018-09-11,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184287;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN SCIENCE Traffic Detected"; flow:established,to_server; content:"science"; priority:3; metadata:hostile src_ip,created_at 2016-08-07,capec_id 286,updated_at 2016-08-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184288;) #alert tcp any any -> any any (msg:"Acme - IMPRESSED CUTICLE Traffic Detected"; flow:established,to_server; content:"cuticle"; priority:3; metadata:hostile src_ip,created_at 2019-03-20,capec_id 286,updated_at 2019-03-24,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184289;) #alert tcp any any -> any any (msg:"Acme - DELICIOUS UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-05-27,capec_id 286,updated_at 2019-05-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184290;) #alert tcp any any -> any any (msg:"Acme - SUBJECTIVE MOWER Traffic Detected"; flow:established,to_server; content:"mower"; priority:3; metadata:hostile src_ip,created_at 2019-11-11,capec_id 286,updated_at 2019-11-14,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184291;) #alert tcp any any -> any any (msg:"Acme - CAREFUL DAFFODIL Traffic Detected"; flow:established,to_server; content:"daffodil"; priority:3; metadata:hostile src_ip,created_at 2017-01-09,capec_id 286,updated_at 2017-01-16,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184292;) #alert tcp any any -> any any (msg:"Acme - SHORT RUSH Traffic Detected"; flow:established,to_server; content:"rush"; priority:3; metadata:hostile src_ip,created_at 2019-04-23,capec_id 286,updated_at 2019-04-23,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184293;) #alert tcp any any -> any any (msg:"Acme - POWERFUL BAMBOO Traffic Detected"; flow:established,to_server; content:"bamboo"; priority:3; metadata:hostile src_ip,created_at 2016-10-11,capec_id 286,updated_at 2016-10-23,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184294;) #alert tcp any any -> any any (msg:"Acme - UNCHANGED TRAM Traffic Detected"; flow:established,to_server; content:"tram"; priority:3; metadata:hostile src_ip,created_at 2019-11-24,capec_id 286,updated_at 2019-11-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184295;) #alert tcp any any -> any any (msg:"Acme - HOSTILE LARK Traffic Detected"; flow:established,to_server; content:"lark"; priority:3; metadata:hostile src_ip,created_at 2018-04-04,capec_id 286,updated_at 2018-04-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184296;) #alert tcp any any -> any any (msg:"Acme - MISSING ASTRONOMY Traffic Detected"; flow:established,to_server; content:"astronomy"; priority:3; metadata:hostile src_ip,created_at 2016-07-25,capec_id 286,updated_at 2016-07-28,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184297;) #alert tcp any any -> any any (msg:"Acme - FEDERAL TONE Traffic Detected"; flow:established,to_server; content:"tone"; priority:3; metadata:hostile src_ip,created_at 2019-01-04,capec_id 286,updated_at 2019-01-19,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184298;) #alert tcp any any -> any any (msg:"Acme - EVIDENT CALCIFICATION Traffic Detected"; flow:established,to_server; content:"calcification"; priority:3; metadata:hostile src_ip,created_at 2019-06-18,capec_id 286,updated_at 2019-06-21,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184299;) #alert tcp any any -> any any (msg:"Acme - PRICKLY UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2015-02-20,capec_id 286,updated_at 2015-02-22,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184300;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN ALMOND Traffic Detected"; flow:established,to_server; content:"almond"; priority:3; metadata:hostile src_ip,created_at 2019-01-05,capec_id 286,updated_at 2019-01-19,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184301;) #alert tcp any any -> any any (msg:"Acme - FOOLISH SAFETY Traffic Detected"; flow:established,to_server; content:"safety"; priority:3; metadata:hostile src_ip,created_at 2017-06-06,capec_id 286,updated_at 2017-06-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184302;) #alert tcp any any -> any any (msg:"Acme - READY CHOCOLATE Traffic Detected"; flow:established,to_server; content:"chocolate"; priority:3; metadata:hostile src_ip,created_at 2019-06-15,capec_id 286,updated_at 2019-06-17,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184303;) #alert tcp any any -> any any (msg:"Acme - COASTAL ADMINISTRATION Traffic Detected"; flow:established,to_server; content:"administration"; priority:3; metadata:hostile src_ip,created_at 2017-10-11,capec_id 286,updated_at 2017-10-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184304;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN DRESS Traffic Detected"; flow:established,to_server; content:"dress"; priority:3; metadata:hostile src_ip,created_at 2019-02-26,capec_id 286,updated_at 2019-02-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184305;) #alert tcp any any -> any any (msg:"Acme - DOUBLE MERCURY Traffic Detected"; flow:established,to_server; content:"mercury"; priority:3; metadata:hostile src_ip,created_at 2019-07-07,capec_id 286,updated_at 2019-07-16,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184306;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN ARGUMENT Traffic Detected"; flow:established,to_server; content:"argument"; priority:3; metadata:hostile src_ip,created_at 2018-04-13,capec_id 286,updated_at 2018-04-22,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184307;) #alert tcp any any -> any any (msg:"Acme - SUNKNOWNT BOWLER Traffic Detected"; flow:established,to_server; content:"bowler"; priority:3; metadata:hostile src_ip,created_at 2018-02-22,capec_id 286,updated_at 2018-02-25,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184308;) #alert tcp any any -> any any (msg:"Acme - CROOKED JEANS Traffic Detected"; flow:established,to_server; content:"jeans"; priority:3; metadata:hostile src_ip,created_at 2019-09-08,capec_id 286,updated_at 2019-09-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184309;) #alert tcp any any -> any any (msg:"Acme - WORRYING RELAXATION Traffic Detected"; flow:established,to_server; content:"relaxation"; priority:3; metadata:hostile src_ip,created_at 2019-07-03,capec_id 286,updated_at 2019-07-09,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184310;) #alert tcp any any -> any any (msg:"Acme - SURPRISING KNEEJERK Traffic Detected"; flow:established,to_server; content:"kneejerk"; priority:3; metadata:hostile src_ip,created_at 2019-01-07,capec_id 286,updated_at 2019-01-21,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184311;) #alert tcp any any -> any any (msg:"Acme - RARE PSYCHIATRIST Traffic Detected"; flow:established,to_server; content:"psychiatrist"; priority:3; metadata:hostile src_ip,created_at 2019-01-25,capec_id 286,updated_at 2019-01-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184312;) #alert tcp any any -> any any (msg:"Acme - SENIOR SENATOR Traffic Detected"; flow:established,to_server; content:"senator"; priority:3; metadata:hostile src_ip,created_at 2019-04-10,capec_id 286,updated_at 2019-04-15,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184313;) #alert tcp any any -> any any (msg:"Acme - PRACTICAL LOAN Traffic Detected"; flow:established,to_server; content:"loan"; priority:3; metadata:hostile src_ip,created_at 2019-03-10,capec_id 286,updated_at 2019-03-25,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184314;) #alert tcp any any -> any any (msg:"Acme - GOVERNING CLUE Traffic Detected"; flow:established,to_server; content:"clue"; priority:3; metadata:hostile src_ip,created_at 2018-11-14,capec_id 286,updated_at 2018-11-18,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184315;) #alert tcp any any -> any any (msg:"Acme - JOINT TYVEK Traffic Detected"; flow:established,to_server; content:"tyvek"; priority:3; metadata:hostile src_ip,created_at 2018-09-06,capec_id 286,updated_at 2018-09-28,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184316;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN DELIVERY Traffic Detected"; flow:established,to_server; content:"delivery"; priority:3; metadata:hostile src_ip,created_at 2019-03-25,capec_id 286,updated_at 2019-03-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184317;) #alert tcp any any -> any any (msg:"Acme - HUSHED LEVEL Traffic Detected"; flow:established,to_server; content:"level"; priority:3; metadata:hostile src_ip,created_at 2017-05-26,capec_id 286,updated_at 2017-05-28,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184318;) #alert http any any -> $HOME_NET any (msg:"Acme - ACTUAL INSPECTOR Exploitation Attempt Seen"; flow:established, to_server; content:"inspector"; priority:3; metadata:hostile dest_ip,created_at 2019-05-11,capec_id 248,updated_at 2019-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-4196851,protocols http; rev:2; sid:80184319;) #alert tcp any any -> any any (msg:"Acme - CRAZY CACTUS Traffic Detected"; flow:established,to_server; content:"cactus"; priority:3; metadata:hostile src_ip,created_at 2018-02-06,capec_id 286,updated_at 2018-02-13,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184320;) #alert tcp any any -> any any (msg:"Acme - DOMESTIC LANDMINE Traffic Detected"; flow:established,to_server; content:"landmine"; priority:3; metadata:hostile src_ip,created_at 2018-01-19,capec_id 286,updated_at 2018-01-25,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184321;) #alert tcp any any -> any any (msg:"Acme - RETAIL CLEAT Traffic Detected"; flow:established,to_server; content:"cleat"; priority:3; metadata:hostile src_ip,created_at 2017-06-17,capec_id 286,updated_at 2017-06-23,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184322;) #alert tcp any any -> any any (msg:"Acme - GLAMOROUS UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-07-27,capec_id 286,updated_at 2019-07-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184323;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN SHOVEL Traffic Detected"; flow:established,to_server; content:"shovel"; priority:3; metadata:hostile src_ip,created_at 2019-07-04,capec_id 286,updated_at 2019-07-06,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184324;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN WASH Traffic Detected"; flow:established,to_server; content:"wash"; priority:3; metadata:hostile src_ip,created_at 2019-03-23,capec_id 286,updated_at 2019-03-23,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184325;) #alert tcp any any -> any any (msg:"Acme - FUNDAMENTAL HURRICANE Traffic Detected"; flow:established,to_server; content:"hurricane"; priority:3; metadata:hostile src_ip,created_at 2018-09-20,capec_id 286,updated_at 2018-09-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184326;) #alert tcp any any -> any any (msg:"Acme - UNKNOWNPY OUTSIDE Traffic Detected"; flow:established,to_server; content:"outside"; priority:3; metadata:hostile src_ip,created_at 2017-05-10,capec_id 286,updated_at 2017-05-12,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184327;) #alert tcp any any -> any any (msg:"Acme - POLITICAL FACT Traffic Detected"; flow:established,to_server; content:"fact"; priority:3; metadata:hostile src_ip,created_at 2017-05-27,capec_id 286,updated_at 2017-05-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184328;) #alert tcp any any -> any any (msg:"Acme - BOLD GRANDDAUGHTER Traffic Detected"; flow:established,to_server; content:"granddaughter"; priority:3; metadata:hostile src_ip,created_at 2019-08-19,capec_id 286,updated_at 2019-08-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184329;) #alert tcp any any -> any any (msg:"Acme - RARE BOX Traffic Detected"; flow:established,to_server; content:"box"; priority:3; metadata:hostile src_ip,created_at 2018-10-08,capec_id 286,updated_at 2018-10-24,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184330;) #alert tcp any any -> any any (msg:"Acme - SPARKLING PASTA Traffic Detected"; flow:established,to_server; content:"pasta"; priority:3; metadata:hostile src_ip,created_at 2017-05-07,capec_id 286,updated_at 2017-05-24,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184331;) #alert tcp any any -> any any (msg:"Acme - MEAN HOSPICE Traffic Detected"; flow:established,to_server; content:"hospice"; priority:3; metadata:hostile src_ip,created_at 2019-08-03,capec_id 286,updated_at 2019-08-16,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184332;) #alert tcp any any -> any any (msg:"Acme - ADVANCED OPPORTUNIST Traffic Detected"; flow:established,to_server; content:"opportunist"; priority:3; metadata:hostile src_ip,created_at 2017-06-25,capec_id 286,updated_at 2017-06-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184333;) #alert tcp any any -> any any (msg:"Acme - SOLE CURRENCY Traffic Detected"; flow:established,to_server; content:"currency"; priority:3; metadata:hostile src_ip,created_at 2018-02-01,capec_id 286,updated_at 2018-02-22,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184334;) #alert tcp any any -> any any (msg:"Acme - STRIPED EMPLOY Traffic Detected"; flow:established,to_server; content:"employ"; priority:3; metadata:hostile src_ip,created_at 2016-07-27,capec_id 286,updated_at 2016-07-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184335;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN STEPDAUGHTER Traffic Detected"; flow:established,to_server; content:"stepdaughter"; priority:3; metadata:hostile src_ip,created_at 2018-05-16,capec_id 286,updated_at 2018-05-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184336;) #alert tcp any any -> any any (msg:"Acme - FOOLISH UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-11-27,capec_id 286,updated_at 2018-11-27,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184337;) #alert tcp any any -> any any (msg:"Acme - INSTITUTIONAL STRATEGY Traffic Detected"; flow:established,to_server; content:"strategy"; priority:3; metadata:hostile src_ip,created_at 2018-06-18,capec_id 286,updated_at 2018-06-20,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184338;) #alert tcp any any -> any any (msg:"Acme - COLORFUL FROG Traffic Detected"; flow:established,to_server; content:"frog"; priority:3; metadata:hostile src_ip,created_at 2019-01-26,capec_id 286,updated_at 2019-01-28,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184339;) #alert tcp any any -> any any (msg:"Acme - SIGNIFICANT CD Traffic Detected"; flow:established,to_server; content:"cd"; priority:3; metadata:hostile src_ip,created_at 2019-03-17,capec_id 286,updated_at 2019-03-21,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184340;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POLITE KILOGRAM Malware Communication"; flow:established,to_server; content:"kilogram"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-16,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184341;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILLY TOY Traffic Detected"; flow:established,to_server; content:"toy"; priority:3; metadata:created_at 2019-05-22,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184342;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - LOW PAIN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"pain"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2016-09-13,capec_id 255,updated_at 2016-09-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target http-client,attack_target client,cve 2016-818078,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80184343;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIGHT BEGINNER Traffic Detected"; flow:established, to_server; content:"beginner"; priority:2; metadata:created_at 2019-02-10,capec_id 175,updated_at 2019-02-22,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184344;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FIDDLE Traffic Detected"; flow:established, to_server; content:"fiddle"; priority:3; metadata:hostile src_ip,created_at 2016-07-19,capec_id 248,updated_at 2016-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184345;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MARRIED ANALYSIS Malware Communication"; flow:established, to_server; content:"analysis"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-19,updated_at 2017-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184346;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPOTLESS REWARD Malware Communication"; flow:established,to_server; content:"reward"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-06-11,updated_at 2017-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:8; sid:80184347;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THUNDERING PLAIN Malware Communication"; flow:established,to_client; file_data; content:"plain"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-15,updated_at 2019-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184348;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBLIGED TAM Malware Communication"; flow:established,to_server; urilen:>100; content:"tam"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-10,updated_at 2018-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184349;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HANDSOME GEOLOGY Malware Communication"; flow:established,to_server; urilen:>100; content:"geology"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184350;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLUE UNKNOWN Malware Communication"; flow:established,to_server; urilen:>100; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-13,updated_at 2017-06-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184351;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POOR HAND Malware Communication"; flow:established,to_client; content:"hand"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-27,updated_at 2019-06-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80184352;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WRITTEN DIGNITY Malware Communication"; flow:established,to_server; content:"dignity"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-18,updated_at 2018-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184353;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YELLOW PAST Traffic Detected"; flow:established, to_server; content:"past"; priority:3; metadata:hostile src_ip,created_at 2019-01-03,capec_id 118,updated_at 2019-01-03,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80184354;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINGUISTIC CARTLOAD Exploitation Attempt Seen"; flow:established, to_server; content:"cartload"; priority:3; metadata:hostile src_ip,created_at 2017-05-05,capec_id 118,updated_at 2017-05-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-3367184,protocols http,protocols tcp; rev:2; sid:80184355;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THOUGHTFUL APERITIF Malware Communication"; flow:established,to_client; file_data; content:"aperitif"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-03-26,updated_at 2018-03-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184356;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - GLORIOUS DETENTION Exploitation Attempt Seen"; flow:established, to_client; content:"detention"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-03,capec_id 100,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-3503862,protocols http,protocols tcp; rev:1; sid:80184357;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRETTY PILGRIMAGE Traffic Detected"; flow:established,to_server; content:"pilgrimage"; priority:2; metadata:hostile src_ip,created_at 2017-05-10,capec_id 193,updated_at 2017-05-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184358;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THICK TUTU Exploitation Attempt Seen"; flow:established, to_server; content:"tutu"; priority:3; metadata:hostile src_ip,created_at 2017-08-12,capec_id 100,updated_at 2017-08-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-8788713,protocols http,protocols tcp; rev:2; sid:80184359;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCOMFORTABLE FLASH Exploitation Attempt Seen"; flow:established, to_server; content:"flash"; priority:3; metadata:hostile src_ip,created_at 2019-02-27,capec_id 213,updated_at 2019-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-7630096,cve 2015-7630096,protocols http,protocols tcp; rev:2; sid:80184360;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGULATORY SALESMAN Malware Communication"; flow:established, to_server; urilen:>400; content:"salesman"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-18,updated_at 2019-01-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184361;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREFERRED UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:2; metadata:hostile src_ip,created_at 2019-01-06,updated_at 2019-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184362;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIANT AGLET Malware Communication"; flow:established,to_client; content:"aglet"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-11-02,updated_at 2018-11-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184363;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRIPED HOBBY Traffic Detected"; flow:established,to_server; content:"hobby"; priority:1; metadata:hostile dest_ip,created_at 2019-05-16,capec_id 223,updated_at 2019-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184364;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNAWARE VILLA Malware Communication"; flow:established,to_server; content:"villa"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-07,updated_at 2017-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184365;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPRESSIVE REMOTE Malware Communication"; flow:established,to_server; content:"remote"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-03,updated_at 2019-06-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184366;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRIPED EXPLANATION Malware Communication"; flow:established,to_server; content:"explanation"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-20,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184367;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CAVE Malware Communication"; flow:established,to_server; content:"cave"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-11-16,updated_at 2018-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184368;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BASIC UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-01-22,updated_at 2015-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184369;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OK NONDISCLOSURE Exploitation Attempt Seen"; flow:established,to_client; content:"nondisclosure"; priority:3; metadata:cwe_id 119,hostile dest_ip,created_at 2019-10-10,capec_id 255,updated_at 2019-10-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,attack_target http-server,cve 2017-4636530,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80184370;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE-EYED CONCRETE Malware Communication"; flow:established,to_client; content:"concrete"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-03-11,updated_at 2018-03-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80184371;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DUSTY BEAD Malware Communication"; flow:established,to_server; content:"bead"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-22,updated_at 2017-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:8; sid:80184372;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POOR FONDUE Malware Communication"; flow:established,to_client; content:"fondue"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-08-14,updated_at 2019-08-14,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184373;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BUSY CORNER Malware Communication"; flow:established,to_server; content:"corner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-05,updated_at 2017-05-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184374;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADJACENT SECRET Exploitation Attempt Seen"; flow:established, to_server; content:"secret"; priority:3; metadata:hostile src_ip,created_at 2016-09-25,capec_id 213,updated_at 2016-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-5182740,protocols http,protocols tcp; rev:1; sid:80184375;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STINGY TIP Exploitation Attempt Seen"; flow:established, to_server; content:"tip"; priority:3; metadata:hostile src_ip,created_at 2019-11-08,capec_id 213,updated_at 2019-11-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-4402817,protocols http,protocols tcp; rev:1; sid:80184376;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STANDARD DRIVE Exploitation Attempt Seen"; flow:established, to_client; content:"drive"; priority:2; metadata:hostile src_ip,created_at 2018-01-20,capec_id 248,updated_at 2018-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target client,cve 2018-5183766,cvss_v2_temporal 7.1,protocols tcp; rev:2; sid:80184377;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVISORY UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile dest_ip,created_at 2019-02-14,capec_id 255,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cve 2019-5135398,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80184378;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNFAIR FRAUDSTER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"fraudster"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-02-02,capec_id 118,updated_at 2018-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cve 2018-5021809,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80184379;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AGREEABLE ELLIPSE Malware Communication"; flow:established,to_client; file_data; content:"ellipse"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2019-02-18,updated_at 2019-02-21,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:6; sid:80184380;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRAIGHTFORWARD ORDER Malware Communication"; flow:established,to_client; content:"order"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-10-18,updated_at 2017-10-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80184381;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPER HERON Malware Communication"; flow:established,to_server; content:"heron"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-21,updated_at 2019-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184382;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRETTY CIRRUS Malware Communication"; flow:established,to_server; content:"cirrus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-18,updated_at 2019-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184383;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURPRISING VACUUM Malware Communication"; flow:established,to_server; content:"vacuum"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-04,updated_at 2017-11-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184384;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FREE UNEMPLOYMENT Malware Communication"; flow:established,to_server; content:"unemployment"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-06,updated_at 2017-05-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184385;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORIGINAL SNOWSUIT Traffic Detected"; flow:established,to_server; content:"snowsuit"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2016-02-08,capec_id 126,updated_at 2016-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target server,attack_target http-server,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80184386;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROASTED GUARD Malware Communication"; flow:established, to_client; content:"guard"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-03-20,updated_at 2019-03-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184387;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KIND TENSION Malware Communication"; flow:established,to_server; content:"tension"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-11-14,updated_at 2018-11-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184388;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - SUPREME STANDOFF Malware Communication"; flow:established,to_server; content:"standoff"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-04,updated_at 2017-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184389;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAINT BOBCAT Malware Communication"; flow:established,to_server; content:"bobcat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-23,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184390;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BOOT Malware Communication"; flow:established,to_server; content:"boot"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-09-09,updated_at 2019-09-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80184391;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DISGUSTED E-BOOK Exploitation Attempt Seen"; flow:established, to_client; content:"e-book"; priority:3; metadata:hostile src_ip,created_at 2017-10-05,capec_id 73,updated_at 2017-10-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,cve 2017-5596019,protocols ftp,protocols tcp; rev:2; sid:80184392;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOOLISH PUMPKIN Malware Communication"; flow:established,to_server; content:"pumpkin"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-09-08,updated_at 2018-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184393;) drop tcp $HOME_NET any -> any any (msg:"Acme - TAME PRESS Malware Communication"; flow:established,to_client; content:"press"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184394;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FEUNKNOWN UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:created_at 2018-10-04,updated_at 2018-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184395;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROUNKNOWN LEVERAGE Malware Communication"; flow:established,to_server; content:"leverage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-26,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184396;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRONG NEGATIVE Exploitation Attempt Seen"; flow:established,to_server; content:"negative"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2019-05-25,capec_id 248,updated_at 2019-05-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-208380,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80184397;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALIVE BIN Exploitation Attempt Seen"; flow:established,to_server; content:"bin"; priority:2; metadata:cwe_id 89,hostile src_ip,created_at 2019-09-26,capec_id 110,updated_at 2019-09-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cve 2018-623614,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:2; sid:80184398;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNNY COMBINE Exploitation Attempt Seen"; flow:established,to_server; content:"combine"; priority:2; metadata:cwe_id 89,hostile src_ip,created_at 2015-09-16,capec_id 110,updated_at 2015-09-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target server,attack_target http-server,cve 2015-3169723,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80184399;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUDDEN PAY Malware Communication"; flow:established,to_server; content:"pay"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-05,updated_at 2018-01-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184400;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURVIVING BUG Malware Communication"; flow:established,to_server; content:"bug"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-05-15,updated_at 2016-05-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184401;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRESH FIND Malware Communication"; flow:established,to_client; file_data; content:"find"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-05-04,updated_at 2017-05-07,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184402;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMOGGY BROAD Malware Communication"; flow:established, to_server; content:"broad"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-25,updated_at 2019-03-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184403;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIMAL GATE Malware Communication"; flow:established,to_server; content:"gate"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-07-01,updated_at 2016-07-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184404;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NET RADIOSONDE Malware Communication"; flow:established,to_client; content:"radiosonde"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-01-19,updated_at 2018-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184405;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PEPPER Malware Communication"; flow:established, to_client; content:"pepper"; priority:2; metadata:cwe_id 94,malware pre-infection,hostile src_ip,created_at 2018-06-18,updated_at 2018-06-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target http-client,attack_target client,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80184406;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTROVERSIAL TABBY Malware Communication"; flow:established, to_server; content:"tabby"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-22,updated_at 2018-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184407;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CROOKED AQUIFER Exploitation Attempt Seen"; flow:established,to_server; content:"aquifer"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2019-08-13,capec_id 115,updated_at 2019-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target server,attack_target http-server,cve 2015-5650837,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80184408;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OTHER SNUGGLE Traffic Detected"; flow:established, to_server; content:"snuggle"; priority:3; metadata:hostile src_ip,created_at 2019-06-15,capec_id 253,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184409;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN STRETCH Traffic Detected"; flow:established, to_server; content:"stretch"; priority:3; metadata:hostile src_ip,created_at 2017-01-10,capec_id 253,updated_at 2017-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184410;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AGRICULTURAL HURRY Traffic Detected"; flow:established, to_server; content:"hurry"; priority:3; metadata:hostile src_ip,created_at 2019-08-04,capec_id 253,updated_at 2019-08-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184411;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMFORTABLE BITTER Malware Communication"; flow:established,to_server; content:"bitter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-19,updated_at 2018-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184412;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANTASTIC OFFICE Malware Communication"; flow:established, to_server; content:"office"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-02-18,updated_at 2016-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184413;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY LOCOMOTIVE Malware Communication"; flow:established,to_server; content:"locomotive"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-15,updated_at 2018-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80184414;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROKEN DASHBOARD Malware Communication"; flow:established,to_server; content:"dashboard"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-18,updated_at 2019-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184415;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEMICAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-06,updated_at 2019-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184416;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY CHALICE Malware Communication"; flow:established,to_client; file_data; content:"chalice"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-08-08,updated_at 2016-08-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184417;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FOREIGN HURRY Traffic Detected"; flow:established,to_server; content:"hurry"; priority:3; metadata:hostile src_ip,created_at 2019-11-19,capec_id 110,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184418;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNPLEASANT CONIFER Traffic Detected"; flow:established,to_server; content:"conifer"; priority:3; metadata:hostile src_ip,created_at 2019-03-19,capec_id 110,updated_at 2019-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184419;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIFFICULT STORAGE Traffic Detected"; flow:established,to_server; content:"storage"; priority:3; metadata:hostile src_ip,created_at 2016-01-27,capec_id 110,updated_at 2016-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184420;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CRASH Traffic Detected"; flow:established,to_server; content:"crash"; priority:3; metadata:hostile src_ip,created_at 2019-09-03,capec_id 110,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184421;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTEGRAL VAULTING Traffic Detected"; flow:established,to_server; content:"vaulting"; priority:3; metadata:hostile src_ip,created_at 2017-03-05,capec_id 110,updated_at 2017-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184422;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - USUAL CRAZY Traffic Detected"; flow:established,to_server; content:"crazy"; priority:3; metadata:hostile src_ip,created_at 2017-01-05,capec_id 110,updated_at 2017-01-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184423;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUDICIAL GONDOLA Traffic Detected"; flow:established,to_server; content:"gondola"; priority:3; metadata:hostile src_ip,created_at 2016-08-20,capec_id 110,updated_at 2016-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184424;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREAT DELETE Malware Communication"; flow:established,to_client; content:"delete"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-02-22,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184425;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CULVERT Malware Communication"; flow:established,to_server; content:"culvert"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-13,updated_at 2019-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184426;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPICY FORCE Malware Communication"; flow:established,to_server; content:"force"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-04-27,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184427;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLD DISGUISE Exploitation Attempt Seen"; flow:established,to_server; content:"disguise"; priority:3; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2019-09-21,capec_id 253,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2019-7197462,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:5; sid:80184428;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRESENT STYLE Exploitation Attempt Seen"; flow:established,to_server; content:"style"; priority:3; metadata:cwe_id 94,cwe_id 231,hostile src_ip,created_at 2018-09-06,capec_id 248,updated_at 2018-09-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2015-7845742,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:2; sid:80184429;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - TERRITORIAL SUPPORTER Malware Communication"; flow:established,to_server; urilen:1,norm; content:"supporter"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-04-06,updated_at 2018-04-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184430;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HUSHED SPOON Malware Communication"; flow:established, to_client; content:"spoon"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2017-09-27,updated_at 2017-09-28,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184431;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPARENT QUADRANT Malware Communication"; flow:established,to_server; content:"quadrant"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-13,updated_at 2019-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184432;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WATERBED Malware Communication"; flow:established,to_server; content:"waterbed"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-10,updated_at 2019-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184433;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOTAL SINGER Malware Communication"; flow:established,to_server; content:"singer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-18,updated_at 2018-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80184434;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OVERSEAS LECTURE Traffic Detected"; flow:established, to_server; content:"lecture"; priority:3; metadata:created_at 2019-08-04,updated_at 2019-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184435;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PASSING CHARLATAN Malware Communication"; flow:established,to_server; content:"charlatan"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-18,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184436;) #alert http any any -> $HOME_NET any (msg:"Acme - YOUNG WEDDING Traffic Detected"; flow:established, to_client; file_data; content:"wedding"; priority:3; metadata:hostile src_ip,created_at 2018-07-06,updated_at 2018-07-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184437;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SACRED DRAW Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"draw"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-03-13,capec_id 129,updated_at 2019-03-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target http-client,attack_target client,cve 2017-8294468,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80184438;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PETITE BULL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"bull"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2016-06-11,capec_id 255,updated_at 2016-06-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cve 2016-5326826,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:2; sid:80184439;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PSYCHIATRIC PEACH Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"peach"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-14,capec_id 152,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2019-3487177,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80184440;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPER STEAM Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"steam"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-06,capec_id 152,updated_at 2019-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target http-client,attack_target client,cve 2019-6203332,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80184441;) alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MONETARY CERTIFICATION Malware Communication"; flow:established,to_client; content:"certification"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-03,updated_at 2019-06-23,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80184442;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPERATIONAL WALKWAY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"walkway"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2017-01-14,capec_id 255,updated_at 2017-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2015-2340712,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80184443;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUBLIC ELIXIR Malware Communication"; flow:established,to_server; content:"elixir"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-01-14,updated_at 2018-01-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184444;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLASSICAL ASHRAM Malware Communication"; flow:established,to_server; content:"ashram"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-03,updated_at 2018-07-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184445;) drop tcp any any -> $HOME_NET any (msg:"Acme - CAUTIOUS CURTAIN Exploitation Attempt Seen"; flow:established,to_server; content:"curtain"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2018-07-20,capec_id 248,updated_at 2018-07-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2017-6803423,cvss_v2_temporal 8.4,protocols tcp; rev:2; sid:80184446;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN NOUNKNOWN Malware Communication"; flow:established,to_server; content:"noUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-27,updated_at 2016-08-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184447;) alert http any any -> $HOME_NET any (msg:"Acme - WIDE POSSIBILITY Exploitation Attempt Seen"; flow:established,to_server; content:"possibility"; priority:2; metadata:cwe_id 259,hostile src_ip,created_at 2016-07-19,capec_id 49,updated_at 2016-07-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target server,attack_target http-server,cve 2015-775828,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80184448;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HURT SQUARE Malware Communication"; flow:established,to_client; content:"square"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-08-11,updated_at 2016-08-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80184449;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WICKED FISHERMAN Malware Communication"; flow:established,to_server; content:"fisherman"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-07,updated_at 2019-11-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184450;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCEPTIONAL GROUND Malware Communication"; flow:established,to_server; content:"ground"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-03-10,updated_at 2018-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184451;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMILING WEAPON Malware Communication"; flow:established,to_server; content:"weapon"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-06-13,updated_at 2019-06-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184452;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MELODIC FORTRESS Malware Communication"; flow:established,to_server; content:"fortress"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-06,updated_at 2018-06-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184453;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIOLENT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-05,updated_at 2019-02-09,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184454;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMALL HAVERSACK Malware Communication"; flow:established, to_server; content:"haversack"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-17,updated_at 2017-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184455;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAVE GUARANTEE Malware Communication"; flow:established, to_server; content:"guarantee"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-07,updated_at 2017-06-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184456;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INADEQUATE SANDWICH Malware Communication"; flow:established,to_server; content:"sandwich"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-16,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184457;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUN DIVISION Malware Communication"; flow:established,to_server; content:"division"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-10,updated_at 2019-02-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184458;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLOURED BLIGHT Traffic Detected"; flow:established,to_server; content:"blight"; priority:1; metadata:cwe_id 506,hostile dest_ip,created_at 2018-06-06,updated_at 2018-06-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184459;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIVINE SCULPTURE Malware Communication"; flow:established, to_server; content:"sculpture"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-21,updated_at 2019-10-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184460;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POSSIBLE SEARCH Malware Communication"; flow:established, to_server; content:"search"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-03,updated_at 2019-11-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184461;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOOSE SHOW-STOPPER Malware Communication"; flow:established, to_server; content:"show-stopper"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-02,updated_at 2018-02-06,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184462;) drop http any any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BLANK Malware Communication"; flow:established, to_server; content:"blank"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-07,updated_at 2018-01-19,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184463;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCRETE WOUND Malware Communication"; flow:established,to_client; content:"wound"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-14,updated_at 2019-03-19,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184464;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SENSITIVE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-10,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184465;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELICIOUS WORK Exploitation Attempt Seen"; flow:established,to_server; content:"work"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-09-13,capec_id 110,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target server,attack_target http-server,cve 2018-417180,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80184466;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BASIS Malware Communication"; flow:established,to_client; content:"basis"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-01-04,updated_at 2019-01-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184467;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAINT MANKIND Malware Communication"; flow:established,to_client; content:"mankind"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-04-25,updated_at 2019-04-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184468;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FISCAL TIMPANI Malware Communication"; flow:established,to_server; content:"timpani"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-23,updated_at 2018-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184469;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELECT SECTOR Malware Communication"; flow:established,to_client; content:"sector"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-19,updated_at 2019-10-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184470;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OASIS Traffic Detected"; flow:established,from_server; content:"oasis"; priority:2; metadata:hostile src_ip,created_at 2019-10-09,capec_id 255,updated_at 2019-10-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184471;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTIRE LUNGE Malware Communication"; flow:established, to_server; content:"lunge"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-15,updated_at 2018-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184472;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WRONG ASTRONOMY Malware Communication"; flow:established,to_client; content:"astronomy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-07-03,updated_at 2018-07-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80184473;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INITIAL POMPOM Malware Communication"; flow:established,to_server; content:"pompom"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-03-26,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184474;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPLICIT GRASS Malware Communication"; flow:established,to_server; content:"grass"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-11,updated_at 2017-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184475;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANGRY GROUND Traffic Detected"; flow:established, to_server; content:"ground"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-05-13,updated_at 2019-05-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184476;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVISORY TRANSLATION Malware Communication"; flow:established,to_server; content:"translation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-24,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184477;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAN EARTHWORM Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"earthworm"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-04-12,capec_id 152,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target http-client,attack_target client,cve 2019-7305787,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80184478;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TART SUGAR Malware Communication"; flow:established,to_server; content:"sugar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-27,updated_at 2018-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184479;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRITORIAL ROCKER Malware Communication"; flow:established,to_server; content:"rocker"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-15,updated_at 2019-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184480;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WRONG BEECH Malware Communication"; flow:established,to_server; content:"beech"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-20,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184481;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OKAY INPUT Malware Communication"; flow:established, to_server; content:"input"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-22,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184482;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVINCING PSYCHOANALYST Malware Communication"; flow:established,to_client; content:"psychoanalyst"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-10-05,updated_at 2018-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184483;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEANINGFUL STORY-TELLING Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"story-telling"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-01-07,capec_id 152,updated_at 2019-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2016-7741698,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80184484;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TERRIBLE MULTIMEDIA Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"multimedia"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-03-19,capec_id 152,updated_at 2019-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2019-2919280,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80184485;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CHESS Malware Communication"; flow:established,to_server; content:"chess"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-01,updated_at 2017-11-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184486;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISERABLE BAIL Malware Communication"; flow:established,to_client; content:"bail"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-14,updated_at 2016-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184487;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALLIED AIRFARE Malware Communication"; flow:established,to_client; content:"airfare"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-24,updated_at 2018-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184488;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSTITUTIONAL FERTILIZER Exploitation Attempt Seen"; flow:established,to_server; content:"fertilizer"; priority:2; metadata:cwe_id 79,hostile src_ip,created_at 2017-06-19,capec_id 63,updated_at 2017-06-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cve 2017-2447593,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80184489;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN KNEEJERK Malware Communication"; flow:established,to_server; urilen:3; content:"kneejerk"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-06-26,updated_at 2019-06-27,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184490;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLOW SAIL Malware Communication"; flow:established,to_client; content:"sail"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-08-07,updated_at 2017-08-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184491;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURRENT DROP Malware Communication"; flow:established,to_client; content:"drop"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-09-26,updated_at 2016-09-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80184492;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNDERLYING SUBROUTINE Malware Communication"; flow:established,to_client; content:"subroutine"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-26,updated_at 2019-07-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80184493;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNNECESSARY TRIAL Exploitation Attempt Seen"; flow:established,to_server; content:"trial"; priority:2; metadata:cwe_id 502,cvss_v3_base 7.4,hostile src_ip,created_at 2018-03-10,capec_id 184,updated_at 2018-03-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.0,cve 2018-4024069,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80184494;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWNEST FEELING Exploitation Attempt Seen"; flow:established,to_server; content:"feeling"; priority:2; metadata:cwe_id 502,cvss_v3_base 4.1,hostile src_ip,created_at 2019-01-23,capec_id 255,updated_at 2019-01-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 4.2,cve 2018-1470602,cvss_v2_temporal 4.2,protocols tcp; rev:2; sid:80184495;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCRAWNY UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-09-26,updated_at 2018-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-922292,cve 2018-922292,cve 2018-922292,cve 2018-922292,cve 2018-922292,protocols http,protocols tcp; rev:1; sid:80184496;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MOLECULAR RIVER Exploitation Attempt Seen"; flow:established, to_server; content:"river"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-06-03,capec_id 118,updated_at 2016-06-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-3318353,protocols http,protocols tcp; rev:2; sid:80184497;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PAUSE Exploitation Attempt Seen"; flow:established,to_server; content:"pause"; priority:2; metadata:cwe_id 502,cvss_v3_base 6.0,hostile src_ip,created_at 2019-04-09,capec_id 184,updated_at 2019-04-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 6.8,cve 2019-439719,cvss_v2_temporal 6.8,protocols tcp; rev:4; sid:80184498;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PEACEFUL ABUSE Malware Communication"; flow:established, to_server; content:"abuse"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-13,updated_at 2019-11-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184499;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ORCHID Exploitation Attempt Seen"; flow:established,to_client; content:"orchid"; priority:2; metadata:cwe_id 843,hostile src_ip,created_at 2019-08-21,capec_id 255,updated_at 2019-08-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target http-client,attack_target client,cve 2018-9498162,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80184500;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPONTANEOUS UNITY Malware Communication"; flow:established,to_server; content:"unity"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-27,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184501;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BUG Malware Communication"; flow:established,to_server; content:"bug"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-01,updated_at 2019-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184502;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INCREASED REVOLVER Malware Communication"; flow:established,to_client; content:"revolver"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-09-26,updated_at 2019-09-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80184503;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PEACEFUL BOOT Exploitation Attempt Seen"; flow:established; content:"boot"; priority:4; metadata:cwe_id 120,created_at 2019-01-11,capec_id 100,updated_at 2019-01-24,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.3,cve 2015-9876917,cvss_v2_temporal 8.0,protocols tcp; rev:3; sid:80184504;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EVOLUTIONARY UNKNOWN Exploitation Attempt Seen"; flow:established; content:"UNKNOWN"; priority:4; metadata:cwe_id 120,created_at 2019-07-27,capec_id 100,updated_at 2019-07-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.0,cve 2019-2770721,cvss_v2_temporal 7.6,protocols tcp; rev:3; sid:80184505;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSTANDING ROCK Exploitation Attempt Seen"; flow:established; content:"rock"; priority:4; metadata:cwe_id 120,created_at 2019-04-11,capec_id 100,updated_at 2019-04-23,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.1,cve 2019-9502173,cvss_v2_temporal 5.8,protocols tcp; rev:3; sid:80184506;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURIOUS JAR Exploitation Attempt Seen"; flow:established; content:"jar"; priority:4; metadata:cwe_id 120,created_at 2017-02-15,capec_id 100,updated_at 2017-02-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 4.7,cve 2016-4136882,cvss_v2_temporal 5.1,protocols tcp; rev:3; sid:80184507;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLOURFUL BANK Exploitation Attempt Seen"; flow:established; content:"bank"; priority:4; metadata:cwe_id 120,created_at 2019-01-24,capec_id 100,updated_at 2019-01-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.5,cve 2019-7107605,cvss_v2_temporal 4.0,protocols tcp; rev:3; sid:80184508;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIVATE CREATURE Exploitation Attempt Seen"; flow:established; content:"creature"; priority:4; metadata:cwe_id 120,created_at 2019-08-14,capec_id 100,updated_at 2019-08-18,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.6,cve 2018-6379686,cvss_v2_temporal 3.0,protocols tcp; rev:3; sid:80184509;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BUSY MAPLE Exploitation Attempt Seen"; flow:established; content:"maple"; priority:4; metadata:cwe_id 120,created_at 2019-05-27,capec_id 100,updated_at 2019-05-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.6,cve 2016-3182352,cvss_v2_temporal 1.9,protocols tcp; rev:3; sid:80184510;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUITABLE ASUNKNOWNLT Exploitation Attempt Seen"; flow:established; content:"asUNKNOWNlt"; priority:4; metadata:cwe_id 125,created_at 2019-08-02,capec_id 128,updated_at 2019-08-19,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.5,cve 2019-9275807,cvss_v2_temporal 3.0,protocols tcp; rev:2; sid:80184511;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THEORETICAL ATTITUDE Malware Communication"; flow:established,to_server; content:"attitude"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-05-24,updated_at 2015-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80184512;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSTRACT NOUGAT Traffic Detected"; flow:established,to_server; content:"nougat"; priority:1; metadata:hostile dest_ip,created_at 2019-11-16,updated_at 2019-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184513;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SIMILAR REFUSE Malware Communication"; flow:established,to_client; content:"refuse"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-11-08,updated_at 2018-11-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184514;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IDENTICAL INTERFEROMETER Malware Communication"; flow:established,to_server; content:"interferometer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-06,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184515;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COOPERATIVE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-21,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184516;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL LANTERN Malware Communication"; flow:established,to_client; content:"lantern"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-04-26,updated_at 2018-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184517;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HORIZONTAL DOGSLED Malware Communication"; flow:established,to_server; content:"dogsled"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-25,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184518;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WILD PRODUCER Malware Communication"; flow:established,to_client; content:"producer"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-06-10,updated_at 2019-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184519;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PHYSICAL SEAL Malware Communication"; flow:established,to_client; content:"seal"; priority:2; metadata:cwe_id 295,malware pre-infection,hostile src_ip,created_at 2016-11-07,updated_at 2016-11-11,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target tls-client,attack_target client,cvss_v2_temporal 5.8,protocols tls,protocols tcp; rev:4; sid:80184520;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BARE DUSTER Malware Communication"; flow:established,to_client; content:"duster"; priority:2; metadata:cwe_id 295,malware pre-infection,hostile src_ip,created_at 2019-10-04,updated_at 2019-10-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target tls-client,attack_target client,cvss_v2_temporal 4.7,protocols tls,protocols tcp; rev:3; sid:80184521;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FULL CULTIVATOR Malware Communication"; flow:established,to_server; content:"cultivator"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-23,updated_at 2019-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184522;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MYSTERIOUS UNKNOWNS Malware Communication"; flow:established,to_client; content:"UNKNOWNS"; priority:2; metadata:cwe_id 295,malware pre-infection,hostile src_ip,created_at 2019-05-05,updated_at 2019-05-06,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target client,cvss_v2_temporal 4.3,protocols tcp; rev:2; sid:80184523;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INVOLVED SOOT Malware Communication"; flow:established, to_server; content:"soot"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-05,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184524;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCORNFUL WINGTIP Traffic Detected"; flow:established, to_server; content:"wingtip"; priority:1; metadata:cwe_id 507,hostile src_ip,created_at 2019-08-02,updated_at 2019-08-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184525;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREPARED FOG Malware Communication"; flow:established, to_client; content:"fog"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile src_ip,created_at 2019-06-13,updated_at 2019-06-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184526;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAIR AMUSEMENT Malware Communication"; flow:established,to_server; content:"amusement"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-05,updated_at 2019-10-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184527;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDIRECT ERROR Malware Communication"; flow:established,to_server; content:"error"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-15,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184528;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEVEL JEEP Malware Communication"; flow:established,to_server; content:"jeep"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,created_at 2016-07-16,updated_at 2016-07-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184529;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAUSAL UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2015-03-26,capec_id 100,updated_at 2015-03-27,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2015-6323599,protocols smtp,protocols tcp; rev:1; sid:80184530;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAIR LEGAL Malware Communication"; flow:established, to_server; content:"legal"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2018-10-03,updated_at 2018-10-11,filename email.rules,priority low,rule_source acme-rule-factory,cve 2018-7768829,protocols smtp,protocols tcp; rev:1; sid:80184531;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FEUNKNOWN GRAM Exploitation Attempt Seen"; flow:established,to_server; content:"gram"; priority:2; metadata:cwe_id 502,hostile src_ip,created_at 2018-05-24,capec_id 6,updated_at 2018-05-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,attack_target http-server,cve 2016-5146298,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80184532;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GUITARIST Exploitation Attempt Seen"; flow:established,to_server; content:"guitarist"; priority:2; metadata:cwe_id 502,hostile src_ip,created_at 2017-03-27,capec_id 6,updated_at 2017-03-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target server,attack_target http-server,cve 2015-8425402,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:2; sid:80184533;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNACCEPTABLE DESTRUCTION Malware Communication"; flow:established,to_server; content:"destruction"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-05,updated_at 2018-08-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184534;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLIEST CLANK Malware Communication"; flow:established,to_server; content:"clank"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-03,updated_at 2019-04-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184535;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEDICAL BOARD Malware Communication"; flow:established,to_server; content:"board"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-02,updated_at 2019-05-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184536;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIT GUARANTEE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"guarantee"; priority:3; metadata:cwe_id 125,hostile src_ip,created_at 2017-06-16,capec_id 152,updated_at 2017-06-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cve 2015-8156953,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80184537;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STALE LADY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"lady"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-01-21,capec_id 152,updated_at 2018-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target http-client,attack_target client,cve 2018-2875821,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80184538;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALIVE CHARACTER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"character"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-09-03,capec_id 152,updated_at 2017-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target http-client,attack_target client,cve 2016-115258,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80184539;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUIET FISHNET Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"fishnet"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-06-06,capec_id 129,updated_at 2019-06-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2018-1454411,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80184540;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DANGEROUS INSCRIPTION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"inscription"; priority:3; metadata:cwe_id 269,hostile src_ip,created_at 2019-07-12,capec_id 19,updated_at 2019-07-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target http-client,attack_target client,cve 2019-6934801,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80184541;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIOR PRESSURE Malware Communication"; flow:established,to_server; content:"pressure"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-08,updated_at 2019-06-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184542;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNUSUAL TYPHOON Traffic Detected"; flow:established,to_client; file_data; content:"typhoon"; priority:3; metadata:cwe_id 284,cvss_v3_base 2.2,hostile src_ip,created_at 2019-01-08,capec_id 118,updated_at 2019-01-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target http-client,attack_target client,cvss_v3_temporal 2.4,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80184543;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROWN RETURN Traffic Detected"; flow:established, to_server; content:"return"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-02-12,capec_id 116,updated_at 2019-02-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184544;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECIFIED HOMEWORK Malware Communication"; flow:established,to_server; content:"homework"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-07-20,updated_at 2016-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184545;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POLITICAL PERIODICAL Malware Communication"; flow:established,to_server; content:"periodical"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-13,updated_at 2016-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184546;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN STUDIO Malware Communication"; flow:established,to_server; content:"studio"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-03-08,updated_at 2019-03-18,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184547;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN VISCOSE Malware Communication"; flow:established, to_server; content:"viscose"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-03,updated_at 2018-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184548;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENETIC MARKET Malware Communication"; flow:established,to_server; content:"market"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-01,updated_at 2019-09-23,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184549;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SIGNIFICANT SLASH Malware Communication"; flow:established,to_server; content:"slash"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-06,updated_at 2019-11-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184550;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEERFUL WRENCH Malware Communication"; flow:established,to_server; content:"wrench"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-11,updated_at 2017-02-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184551;) drop tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - SECONDARY PEAK Malware Communication"; flow:established; content:"peak"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-17,updated_at 2019-07-20,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80184552;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FELLOW UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-04-13,updated_at 2019-04-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80184553;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IDEOLOGICAL WARMTH Malware Communication"; flow:established,to_server; content:"warmth"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-08,updated_at 2019-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184554;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOTABLE LADDER Traffic Detected"; flow:established, to_server; content:"ladder"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-04-18,capec_id 116,updated_at 2019-04-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184555;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUCCESSFUL PUBLISHER Exploitation Attempt Seen"; flow:established,to_server; content:"publisher"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-06-25,capec_id 248,updated_at 2016-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target server,attack_target http-server,cve 2015-8086004,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:1; sid:80184556;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMERICAN CHAIRMAN Exploitation Attempt Seen"; flow:established,to_server; content:"chairman"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-09-21,capec_id 248,updated_at 2017-09-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,attack_target http-server,cve 2016-9731450,cvss_v2_temporal 8.4,protocols http,protocols tcp; rev:1; sid:80184557;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLINICAL UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-02-05,capec_id 248,updated_at 2018-02-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,attack_target http-server,cve 2016-9784088,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:1; sid:80184558;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REVOLUTIONARY EYELINER Exploitation Attempt Seen"; flow:established,to_server; content:"eyeliner"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-11-19,capec_id 248,updated_at 2016-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target server,attack_target http-server,cve 2016-9483563,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:1; sid:80184559;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMPTY INQUIRY Traffic Detected"; flow:established,to_server; content:"inquiry"; priority:3; metadata:hostile src_ip,created_at 2018-02-12,capec_id 248,updated_at 2018-02-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184560;) alert tcp $HOME_NET any -> any any (msg:"Acme - NEAT BANDANA Exploitation Attempt Seen"; flow:established,to_client; content:"bandana"; priority:4; metadata:cwe_id 912,hostile dest_ip,created_at 2015-02-19,capec_id 115,updated_at 2015-02-28,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2015-3843909,cvss_v2_temporal 8.4,protocols tcp; rev:1; sid:80184561;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOW MARKETING Exploitation Attempt Seen"; flow:established,to_client; content:"marketing"; priority:4; metadata:cwe_id 912,hostile dest_ip,created_at 2019-06-26,capec_id 115,updated_at 2019-06-28,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target ssh-server,attack_target server,cve 2016-1477753,cvss_v2_temporal 2.5,protocols ssh,protocols tcp; rev:2; sid:80184562;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SERIOUS NEGOTIATION Malware Communication"; flow:established,to_server; content:"negotiation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-09,updated_at 2018-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184563;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN RESIST Malware Communication"; flow:established,to_server; content:"resist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-10,updated_at 2018-03-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184564;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCERTAIN HIPPOPOTAMUS Malware Communication"; flow:established,to_server; content:"hippopotamus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-17,updated_at 2017-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184565;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UPSET DRAFT Malware Communication"; flow:established,to_server; content:"draft"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-16,updated_at 2017-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:2; sid:80184566;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WATERY BRANDY Malware Communication"; flow:established,to_server; content:"brandy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-03,updated_at 2019-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184567;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECIFIED BASS Malware Communication"; flow:established,to_server; content:"bass"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-06,updated_at 2019-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184568;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFUSED FIREWALL Malware Communication"; flow:established,to_server; content:"firewall"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-23,updated_at 2017-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184569;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BOILING SILLY Malware Communication"; flow:established,to_server; content:"silly"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-03,updated_at 2018-04-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184570;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXUBERANT INSULATION Malware Communication"; flow:established,to_server; content:"insulation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-23,updated_at 2017-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184571;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WISE IRONY Malware Communication"; flow:established,to_server; content:"irony"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-06-06,updated_at 2015-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184572;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEGITIMATE BREAD Traffic Detected"; flow:established,to_server; content:"bread"; priority:2; metadata:hostile dest_ip,created_at 2018-02-17,capec_id 404,updated_at 2018-02-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184573;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WRONG STORE Malware Communication"; flow:established,to_client; content:"store"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-09-10,updated_at 2019-09-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184574;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRIPED ROTATE Malware Communication"; flow:established,to_server; content:"rotate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-19,updated_at 2018-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184575;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRESENT FREIGHTER Malware Communication"; flow:established,to_server; content:"freighter"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-27,updated_at 2016-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184576;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE DOUBTER Malware Communication"; flow:established,to_server; content:"doubter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-02,updated_at 2017-03-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:10; sid:80184577;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELECTUNKNOWN TAP Traffic Detected"; flow:established,to_server; content:"tap"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2018-06-26,updated_at 2018-06-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:10; sid:80184578;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABUNDANT BIFOCALS Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"bifocals"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-16,capec_id 26,updated_at 2019-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-6513482,protocols http,protocols tcp; rev:2; sid:80184579;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY PEW Malware Communication"; flow:established,to_server; content:"pew"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-27,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80184580;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TROUBLED SILLY Malware Communication"; flow:established,to_server; content:"silly"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-15,updated_at 2018-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184581;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGIONAL WALKWAY Traffic Detected"; flow:established,to_server; content:"walkway"; priority:1; metadata:hostile dest_ip,created_at 2019-07-04,updated_at 2019-07-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184582;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCURATE PINK Traffic Detected"; flow:established,to_server; content:"pink"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-08-25,capec_id 310,updated_at 2019-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184583;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIVINE CARDIGAN Malware Communication"; flow:established,to_server; content:"cardigan"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-01-09,updated_at 2015-01-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184584;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCEPTABLE COUNCIL Malware Communication"; flow:established,to_server; content:"council"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-06,updated_at 2017-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184585;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEGITIMATE STALLION Malware Communication"; flow:established,to_server; content:"stallion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-14,updated_at 2017-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184586;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEVER FEDELINI Malware Communication"; flow:established,to_server; content:"fedelini"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-17,updated_at 2019-09-26,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184587;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THEORETICAL SECTOR Malware Communication"; flow:established,to_client; content:"sector"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-04-08,updated_at 2016-04-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184588;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUEALING CLOCK Malware Communication"; flow:established, to_server; content:"clock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-14,updated_at 2019-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184589;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAPID BALL Exploitation Attempt Seen"; flow:established,to_server; content:"ball"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-06-26,capec_id 213,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-6804415,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:1; sid:80184590;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARTIAL UNKNOWNWATCH Malware Communication"; flow:established,to_server; content:"UNKNOWNwatch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-04,updated_at 2017-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184591;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLONDE REPUBLIC Traffic Detected"; flow:established, to_server; content:"republic"; priority:1; metadata:cwe_id 506,hostile dest_ip,created_at 2019-07-18,updated_at 2019-07-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184592;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORMIDABLE CORD Malware Communication"; flow:established,to_server; content:"cord"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-19,updated_at 2018-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184593;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROUND HAIR Malware Communication"; flow:established,to_server; content:"hair"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-06,updated_at 2017-06-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184594;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEPRESSED STUDENT Malware Communication"; flow:established,to_server; content:"student"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-13,updated_at 2019-04-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184595;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN RUN Malware Communication"; flow:established,to_server; content:"run"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-25,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184596;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONCERNED CONCENTRATE Malware Communication"; flow:established,to_server; content:"concentrate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-05,updated_at 2017-02-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184597;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRINTED SETTLER Malware Communication"; flow:established,to_server; content:"settler"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-17,updated_at 2019-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184598;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ASLEEP VACUUM Malware Communication"; flow:established, to_client; content:"vacuum"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-11-15,updated_at 2019-11-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184599;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROYAL HYPHENATION Malware Communication"; flow:established,to_server; content:"hyphenation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-14,updated_at 2017-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184600;) drop ssh any any -> $HOME_NET any (msg:"Acme - WICKED BELIEF Exploitation Attempt Seen"; flow:established,to_client; content:"belief"; priority:2; metadata:cwe_id 401,hostile src_ip,created_at 2019-09-23,capec_id 123,updated_at 2019-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target ssh-client,attack_target client,cve 2019-506967,cve 2019-506967,cvss_v2_temporal 6.5,protocols ssh,protocols tcp; rev:2; sid:80184601;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LIQUID Malware Communication"; flow:established,to_server; content:"liquid"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-09,updated_at 2017-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184602;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALTERUNKNOWN GREAT-GRANDMOTHER Malware Communication"; flow:established,to_server; content:"great-grandmother"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-04-14,updated_at 2016-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:2; sid:80184603;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CRICKETER Malware Communication"; flow:established,to_server; content:"cricketer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-21,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184604;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUIET BOATYARD Malware Communication"; flow:established,to_server; content:"boatyard"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-05,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184605;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - COLD UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2015-02-17,updated_at 2015-02-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184606;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE-EYED CORD Malware Communication"; flow:established, to_server; content:"cord"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-03,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184607;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTELLIGENT FISHNET Malware Communication"; flow:established, to_server; content:"fishnet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-05,updated_at 2018-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184608;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BEWILDERED BOW Malware Communication"; flow:established,to_server; content:"bow"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-05-12,updated_at 2016-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184609;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGNIFICENT PUFFIN Malware Communication"; flow:established, to_server; content:"puffin"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-09-12,updated_at 2019-09-13,filename adware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184610;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ECONOMIC TRUTH Traffic Detected"; flow:established,to_server; content:"truth"; priority:3; metadata:hostile src_ip,created_at 2019-02-25,capec_id 228,updated_at 2019-02-28,filename ddos.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184611;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLUMSY WHOLE Malware Communication"; flow:established,to_server; content:"whole"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-05-21,updated_at 2015-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184612;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENTLE DISEASE Malware Communication"; flow:established,to_server; content:"disease"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184613;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RATTY BUG Traffic Detected"; flow:established,to_server; content:"bug"; priority:1; metadata:hostile dest_ip,created_at 2019-01-08,updated_at 2019-01-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184614;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COOPERATIVE SHEATH Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"sheath"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2016-02-15,capec_id 242,updated_at 2016-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target http-client,attack_target client,cve 2016-2060354,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80184615;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SECONDARY BIRDCAGE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"birdcage"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2017-04-15,capec_id 153,updated_at 2017-04-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target http-client,attack_target client,cve 2017-2486602,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80184616;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STABLE TRAPEZIUM Malware Communication"; flow:established,to_server; content:"trapezium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-05,updated_at 2018-02-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184617;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VERY ROCKET Malware Communication"; flow:established,to_server; content:"rocket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-08,updated_at 2019-01-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184618;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ONLY SAVE Malware Communication"; flow:established,to_server; content:"save"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-14,updated_at 2018-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184619;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENSE BIFOCALS Malware Communication"; flow:established,to_server; content:"bifocals"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-07,updated_at 2017-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184620;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BREEZY PLATFORM Malware Communication"; flow:established,to_server; urilen:>100; content:"platform"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-23,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184621;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCESSIBLE OFFER Malware Communication"; flow:established,to_server; urilen:>100; content:"offer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-01,updated_at 2019-10-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184622;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COGNITIVE UNKNOWN Malware Communication"; flow:established,to_server; urilen:>100; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-07,updated_at 2019-08-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184623;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRUNK BOTHER Traffic Detected"; flow:established,to_server; content:"bother"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-03-07,capec_id 286,updated_at 2019-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184624;) drop http $HOME_NET any -> $HOME_NET any (msg:"Acme - SUPPORTING PRESENT Traffic Detected"; flow:established,to_client; file_data; content:"present"; priority:2; metadata:cwe_id 79,created_at 2019-09-08,capec_id 255,updated_at 2019-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.8,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80184625;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPERB TILE Malware Communication"; flow:established,to_server; content:"tile"; priority:4; metadata:cwe_id 506,malware post-infection,created_at 2018-01-13,updated_at 2018-01-24,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:5; sid:80184626;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXACT UNKNOWNBOARD Malware Communication"; flow:established,to_server; content:"UNKNOWNboard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-06,updated_at 2019-03-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184627;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAD DESIGN Exploitation Attempt Seen"; flow:established,to_client; content:"design"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-01,capec_id 152,updated_at 2019-04-02,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4529096,protocols http,protocols tcp; rev:2; sid:80184628;) alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLEAMING UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-07-07,updated_at 2018-07-19,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target tls-client,attack_target client,protocols tls,protocols http,protocols tcp; rev:2; sid:80184629;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIMARY EPAULIERE Malware Communication"; flow:established,to_server; content:"epauliere"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-02,updated_at 2016-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184630;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FLU Malware Communication"; flow:established,to_server; urilen:11; content:"flu"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-26,updated_at 2018-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184631;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN SISTER-IN-LAW Malware Communication"; flow:established,to_server; urilen:8; content:"sister-in-law"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-04-09,updated_at 2015-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184632;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUAINT MENORAH Malware Communication"; flow:established,to_server; content:"menorah"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184633;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLOW ASK Malware Communication"; flow:established,to_server; content:"ask"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2018-05-21,updated_at 2018-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184634;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAD SAVING Malware Communication"; flow:established, to_server; content:"saving"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-03,updated_at 2019-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184635;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNLIKELY HOMOGENATE Malware Communication"; flow:established,to_client; content:"homogenate"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-06-11,updated_at 2019-06-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184636;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIDDLE MALLET Exploitation Attempt Seen"; flow:established,to_client; content:"mallet"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-10-07,capec_id 248,updated_at 2019-10-08,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cve 2019-3132065,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80184637;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VAGUE JEWEL Malware Communication"; flow:established,to_server; content:"jewel"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-12,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184638;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLUE FORMER Malware Communication"; flow:established,to_client; content:"former"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-05-18,updated_at 2017-05-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184639;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT CACAO Malware Communication"; flow:established,to_server; content:"cacao"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-05,updated_at 2019-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184640;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FULL SURGERY Malware Communication"; flow:established,to_server; content:"surgery"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-22,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184641;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - METROPOLITAN AMBASSADOR Malware Communication"; flow:established,to_server; content:"ambassador"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-10,updated_at 2019-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184642;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PASSIVE TRAPEZIUM Traffic Detected"; flow:established,to_server; content:"trapezium"; priority:1; metadata:hostile dest_ip,created_at 2019-11-27,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184643;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENVIRONMENTAL TOPSAIL Malware Communication"; flow:established,to_server; content:"topsail"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-06-04,updated_at 2016-06-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184644;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - YELLOW SEAT Malware Communication"; flow:established,to_server; content:"seat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-10,updated_at 2019-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184645;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - AMBITIOUS STATE Malware Communication"; flow:established,to_server; content:"state"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-23,updated_at 2018-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184646;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABLE PRUNER Malware Communication"; flow:established,to_server; content:"pruner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-16,updated_at 2019-01-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184647;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ARTISTIC WALL Malware Communication"; flow:established,to_server; content:"wall"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184648;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAVOURITE CASSOCK Malware Communication"; flow:established,to_server; content:"cassock"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-23,updated_at 2019-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184649;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLAT CHARGE Malware Communication"; flow:established,to_server; content:"charge"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-19,updated_at 2019-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184650;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPLICIT STORM Traffic Detected"; flow:established,to_server; content:"storm"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2016-01-03,updated_at 2016-01-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184651;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTINCT ANT Malware Communication"; flow:established,to_server; content:"ant"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-11,updated_at 2019-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184652;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBTLE STEAM Malware Communication"; flow:established,to_server; content:"steam"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-15,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184653;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENSE DASHBOARD Malware Communication"; flow:established,to_server; content:"dashboard"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-05-22,updated_at 2018-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184654;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SPECIFIED BAT Malware Communication"; flow:established,to_client; content:"bat"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-02-24,updated_at 2016-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184655;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - USEFUL SYRUP Exploitation Attempt Seen"; flow:established,to_server; content:"syrup"; priority:2; metadata:cwe_id 89,hostile src_ip,created_at 2018-06-07,capec_id 110,updated_at 2018-06-07,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target server,attack_target http-server,cve 2018-746098,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80184656;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEVERE FUNNY Malware Communication"; flow:established, to_server; content:"funny"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-20,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184657;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCERTAIN PERSONALITY Malware Communication"; flow:established,to_server; content:"personality"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-01-22,updated_at 2017-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184658;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT ASCOT Traffic Detected"; flow:established,to_server; content:"ascot"; priority:1; metadata:hostile dest_ip,created_at 2015-01-08,updated_at 2015-01-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:8; sid:80184659;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SIMILAR WAITRESS Traffic Detected"; flow:established, to_server; content:"waitress"; priority:3; metadata:hostile src_ip,created_at 2015-03-08,capec_id 213,updated_at 2015-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184660;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MATURE FELONY Malware Communication"; flow:established,to_client; content:"felony"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-05-07,updated_at 2018-05-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184661;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNNY PEARL Traffic Detected"; flow:established, to_server; content:"pearl"; priority:3; metadata:hostile src_ip,created_at 2019-11-12,capec_id 213,updated_at 2019-11-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184662;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELEGANT UNKNOWNOGRAPHY Malware Communication"; flow:established,to_server; content:"UNKNOWNography"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-13,updated_at 2019-05-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184663;) alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YELLOW LANAI Exploitation Attempt Seen"; flow:established,to_client; ssl_state:server_hello; ssl_version:sslv2; content:"lanai"; priority:3; metadata:cwe_id 327,hostile dest_ip,created_at 2019-11-01,capec_id 223,updated_at 2019-11-01,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target server,attack_target tls-server,cve 2019-3800128,cve 2019-3800128,cvss_v2_temporal 6.5,protocols tls,protocols tcp; rev:1; sid:80184664;) #alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ITCHY AUTHORISATION Exploitation Attempt Seen"; flow:established,to_client; content:"authorisation"; priority:3; metadata:cwe_id 327,created_at 2019-07-23,capec_id 210,updated_at 2019-07-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,cve 2019-3904744,cve 2019-3904744,cvss_v2_temporal 3.9,protocols tls,protocols tcp; rev:1; sid:80184665;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEERFUL SAILOR Malware Communication"; flow:established, to_server; content:"sailor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-06,updated_at 2019-01-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184666;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN STEP-UNCLE Malware Communication"; flow:established, to_server; content:"step-uncle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-05,updated_at 2018-10-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184667;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LARGE VEAL Malware Communication"; flow:established,to_server; urilen:>71; content:"veal"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-10-17,updated_at 2017-10-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184668;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLINICAL CHAINSTAY Exploitation Attempt Seen"; flow:established,to_client; content:"chainstay"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-18,capec_id 129,updated_at 2019-06-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2019-8832899,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80184669;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURPLE RESPOND Malware Communication"; flow:established,to_server; content:"respond"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-04,updated_at 2019-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184670;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL ROSE Exploitation Attempt Seen"; flow:established,to_client; content:"rose"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-12,capec_id 129,updated_at 2019-07-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target http-client,attack_target client,cve 2018-8948198,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80184671;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGNIFICENT NUT Traffic Detected"; flow:established,to_client; content:"nut"; priority:3; metadata:hostile src_ip,created_at 2019-08-14,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184672;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEAP UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-11-21,updated_at 2017-11-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184673;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONELY PUMPKIN Malware Communication"; flow:established, to_server; content:"pumpkin"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-06-19,updated_at 2018-06-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184674;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTINUED PANIC Malware Communication"; flow:established, to_server; urilen:33; content:"panic"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-05-18,updated_at 2016-05-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:8; sid:80184675;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PIONEER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pioneer"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-04-19,updated_at 2018-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-1265860,protocols http,protocols tcp; rev:2; sid:80184676;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CLOAKROOM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"cloakroom"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-11-21,updated_at 2017-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-4407184,protocols http,protocols tcp; rev:2; sid:80184677;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BURNING PROFIT Malware Communication"; flow:established,to_server; content:"profit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-06,updated_at 2019-10-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184678;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ILL RAVEN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"raven"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-17,capec_id 129,updated_at 2019-11-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cve 2018-1140540,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:2; sid:80184679;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIDDEN MANTUA Exploitation Attempt Seen"; flow:established,to_client; content:"mantua"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2016-05-24,capec_id 123,updated_at 2016-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target http-client,attack_target client,cve 2016-3307344,cvss_v2_temporal 1.6,protocols http,protocols tcp; rev:2; sid:80184680;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INHERENT SKATE Malware Communication"; flow:established,to_server; content:"skate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-18,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184681;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NATIONAL HYPHENATION Exploitation Attempt Seen"; flow:established, to_client; content:"hyphenation"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-12,capec_id 255,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cve 2019-4866715,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80184682;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HAPPY BALL Exploitation Attempt Seen"; flow:established, to_server; content:"ball"; priority:3; metadata:hostile src_ip,created_at 2019-04-06,capec_id 210,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-779065,cve 2015-779065,protocols http,protocols tcp; rev:2; sid:80184683;) alert ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUCCESSIVE SENATOR Exploitation Attempt Seen"; flow:established, to_server; content:"senator"; priority:3; metadata:cwe_id 255,hostile src_ip,created_at 2017-07-23,capec_id 225,updated_at 2017-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target ftp-server,attack_target server,cve 2015-973191,cvss_v2_temporal 2.6,protocols ftp,protocols tcp; rev:2; sid:80184684;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCHANGED CLOAKROOM Malware Communication"; flow:established,to_client; content:"cloakroom"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-03-23,updated_at 2019-03-24,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184685;) drop http any any -> $HOME_NET any (msg:"Acme - ADVANCED FEUNKNOWN Traffic Detected"; flow:established,to_server; content:"feUNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-09-07,capec_id 286,updated_at 2018-09-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184686;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DOUBTFUL UNKNOWN-UP Malware Communication"; flow:established,to_server; urilen:>12; content:"UNKNOWN-up"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-17,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184687;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORING UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:3; sid:80184688;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPECIAL MIMOSA Exploitation Attempt Seen"; flow:established, to_server; content:"mimosa"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-07-18,capec_id 118,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target server,attack_target http-server,cve 2019-492449,cvss_v2_temporal 1.7,protocols http,protocols tcp; rev:2; sid:80184689;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPERIMENTAL TWO Malware Communication"; flow:established,to_server; content:"two"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-12,updated_at 2019-01-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184690;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTITLED TACHOMETER Malware Communication"; flow:established,to_server; urilen:>71; content:"tachometer"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-08-14,updated_at 2018-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184691;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REALISTIC RIDDLE Malware Communication"; flow:established,to_server; content:"riddle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-10,updated_at 2019-02-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184692;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRESIDENTIAL FAN Malware Communication"; flow:established,to_server; content:"fan"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-27,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184693;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURIOUS DARE Malware Communication"; flow:established,to_server; content:"dare"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-17,updated_at 2019-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184694;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVELY EFFICIENCY Malware Communication"; flow:established,to_server; urilen:>60; content:"efficiency"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-01-18,updated_at 2015-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184695;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDIVIDUAL UNKNOWNK Malware Communication"; flow:established,to_server; urilen:>60; content:"UNKNOWNk"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184696;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIGHTY UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-07-24,updated_at 2018-07-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184697;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COSTLY DOORPOST Malware Communication"; flow:established,to_client; content:"doorpost"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-09-26,updated_at 2019-09-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184698;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FIERCE BIFOCALS Malware Communication"; flow:established, to_server; content:"bifocals"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-19,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184699;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURRING INSTUNKNOWNENT Malware Communication"; flow:established,to_server; content:"instUNKNOWNent"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-11,updated_at 2017-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80184700;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TART AGENDA Malware Communication"; flow:established,to_server; content:"agenda"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-02-16,updated_at 2015-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184701;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRIVING PROW Malware Communication"; flow:established,to_server; urilen:>75; content:"prow"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-01,updated_at 2019-01-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184702;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REAL KEY Malware Communication"; flow:established,to_server; content:"key"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-04,updated_at 2018-01-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:9; sid:80184703;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID CROSS Malware Communication"; flow:established, to_server; content:"cross"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-21,updated_at 2017-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184704;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURIOUS COMB Malware Communication"; flow:established,to_server; content:"comb"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-12,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184705;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TORY ATTENUATION Traffic Detected"; flow:established, to_server; content:"attenuation"; priority:1; metadata:hostile dest_ip,created_at 2019-06-05,updated_at 2019-06-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184706;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL SWEDISH Malware Communication"; flow:established,to_server; content:"swedish"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184707;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPLICATED LEATHER Malware Communication"; flow:established,to_client; content:"leather"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-10-25,updated_at 2017-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184708;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPLICIT MEN Malware Communication"; flow:established,to_server; content:"men"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-18,updated_at 2018-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184709;) drop http $HOME_NET any -> any any (msg:"Acme - METROPOLITAN CULTURE Malware Communication"; flow:established,to_server; content:"culture"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-02,updated_at 2017-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184710;) drop http $HOME_NET any -> any any (msg:"Acme - ANGRY CLANK Malware Communication"; flow:established,to_server; content:"clank"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-19,updated_at 2017-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184711;) drop http any any -> $HOME_NET any (msg:"Acme - TALL STACKING Malware Communication"; flow:established,to_server; content:"stacking"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-03-01,updated_at 2018-03-10,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80184712;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:hostile src_ip,created_at 2015-05-16,capec_id 152,updated_at 2015-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184713;) drop http any any -> $HOME_NET any (msg:"Acme - ORANGE UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:hostile src_ip,created_at 2019-09-26,capec_id 152,updated_at 2019-09-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184714;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BASIC ESTROGEN Exploitation Attempt Seen"; flow:established,to_server; content:"estrogen"; priority:3; metadata:hostile src_ip,created_at 2017-01-14,capec_id 115,updated_at 2017-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,cve 2017-4359514,protocols tcp; rev:1; sid:80184715;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY ZIPPER Malware Communication"; flow:established,to_server; content:"zipper"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-07-27,updated_at 2015-07-28,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184716;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TROUBLED NYLON Malware Communication"; flow:established,to_server; content:"nylon"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-03-08,updated_at 2015-03-21,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80184717;) drop http $HOME_NET any -> any any (msg:"Acme - ESTABLISHED SUBUNKNOWN Malware Communication"; flow:established,to_client; content:"subUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-14,updated_at 2019-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184718;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WELCOME DUGOUT Malware Communication"; flow:established, to_server; content:"dugout"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-13,updated_at 2018-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184719;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELATED CONIFER Malware Communication"; flow:established,to_server; content:"conifer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-03,updated_at 2019-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184720;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCRAWNY TELEVISION Malware Communication"; flow:established,to_server; content:"television"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-10,updated_at 2019-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184721;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPATIAL SAW Malware Communication"; flow:established,to_client; content:"saw"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-11-21,updated_at 2018-11-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184722;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRIBLE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-11,updated_at 2017-01-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80184723;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SQUARE UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-01-01,updated_at 2019-01-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184724;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTERNAL MEGALIAC Traffic Detected"; flow:established, to_server; content:"megaliac"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-02-16,updated_at 2019-02-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184725;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMPTY CORRUPTION Malware Communication"; flow:established,to_server; content:"corruption"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-06,updated_at 2019-05-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184726;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORWARD WILLOW Traffic Detected"; flow:established, to_server; content:"willow"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-08-14,updated_at 2019-08-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184727;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN REMINDER Traffic Detected"; flow:established,to_server; content:"reminder"; priority:1; metadata:cwe_id 506,hostile dest_ip,created_at 2018-07-12,updated_at 2018-07-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184728;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIKELY DULCIMER Malware Communication"; flow:established,to_server; content:"dulcimer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-01,updated_at 2019-06-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184729;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AUUNKNOWNATIC BLOWGUN Malware Communication"; flow:established, to_server; content:"blowgun"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-21,updated_at 2019-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184730;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUND TRINKET Malware Communication"; flow:established, to_server; content:"trinket"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-20,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184731;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CORRESPONDING PRESENTATION Malware Communication"; flow:established,to_client; content:"presentation"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-10-10,updated_at 2019-10-13,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184732;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JUST WEATHER Malware Communication"; flow:established,to_server; content:"weather"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-23,updated_at 2017-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184733;) drop tcp any any -> $HOME_NET any (msg:"Acme - HIGH AZIMUTH Malware Communication"; flow:established; content:"azimuth"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-09-23,updated_at 2016-09-25,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80184734;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELABORATE MONOCLE Malware Communication"; flow:established,to_server; content:"monocle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-02,updated_at 2019-09-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80184735;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CAREFUL NAIL Malware Communication"; flow:established,to_server; content:"nail"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-08-23,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80184736;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISUAL CONVECTION Malware Communication"; flow:established,to_server; content:"convection"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-23,updated_at 2019-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184737;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OPEN COMMUNICATION Malware Communication"; flow:established,to_server; urilen:37; content:"communication"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-06,updated_at 2019-02-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184738;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY SUNDIAL Malware Communication"; flow:established,to_server; content:"sundial"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-17,updated_at 2019-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80184739;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEEP SOUSAPUNKNOWNE Malware Communication"; flow:established,to_server; content:"sousapUNKNOWNe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-07,updated_at 2018-02-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184740;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RULING MITTEN Exploitation Attempt Seen"; flow:established,to_server; content:"mitten"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-06-17,capec_id 213,updated_at 2019-06-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-3879751,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:1; sid:80184741;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEAR FLINTLOCK Malware Communication"; flow:established,to_server; content:"flintlock"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-07-03,updated_at 2018-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184742;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIANT QUART Exploitation Attempt Seen"; flow:established, to_server; content:"quart"; priority:3; metadata:hostile src_ip,created_at 2019-09-13,updated_at 2019-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-3557684,protocols ftp,protocols tcp; rev:1; sid:80184743;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PART-TIME BENCH Exploitation Attempt Seen"; flow:established,to_client; content:"bench"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-09-25,capec_id 129,updated_at 2017-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target http-client,attack_target client,cve 2017-7277430,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80184744;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ELEGANT DICTAPUNKNOWNE Exploitation Attempt Seen"; flow:established, to_server; content:"dictapUNKNOWNe"; priority:3; metadata:hostile src_ip,created_at 2016-04-04,capec_id 119,updated_at 2016-04-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-9143839,protocols http,protocols tcp; rev:1; sid:80184745;) drop dcerpc any any -> $HOME_NET any (msg:"Acme - URBAN DIME Exploitation Attempt Seen"; flow:established,to_server; content:"dime"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2016-08-23,capec_id 228,updated_at 2016-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target dcerpc-server,attack_target rpc-server,attack_target server,cve 2016-5610937,cvss_v2_temporal 2.0,protocols rpc,protocols tcp,protocols dcerpc; rev:2; sid:80184746;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOXIC DERRICK Traffic Detected"; flow:established, to_server; content:"derrick"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-09-17,updated_at 2019-09-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184747;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCRAWNY SEMICOLON Malware Communication"; flow:established,to_server; content:"semicolon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184748;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRONT PIER Malware Communication"; flow:established,to_server; content:"pier"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-04,updated_at 2019-07-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184749;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIGANTIC REAR Malware Communication"; flow:established,to_server; content:"rear"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-05,updated_at 2017-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184750;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUTE PENTAGON Malware Communication"; flow:established,to_server; content:"pentagon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-09,updated_at 2019-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184751;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YOUNG CONSIST Traffic Detected"; flow:established, to_server; content:"consist"; priority:1; metadata:hostile dest_ip,created_at 2018-03-20,updated_at 2018-03-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184752;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POOR NETSUKE Traffic Detected"; flow:established, to_server; content:"netsuke"; priority:2; metadata:hostile src_ip,created_at 2018-11-11,updated_at 2018-11-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184753;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LARGE-SCALE UNKNOWNHOOD Malware Communication"; flow:established,to_client; content:"UNKNOWNhood"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-13,updated_at 2019-10-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184754;) alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELECT CARRIAGE Malware Communication"; flow:established,to_client; content:"carriage"; priority:2; metadata:cwe_id 657,malware post-infection,hostile src_ip,created_at 2018-08-23,updated_at 2018-08-26,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80184755;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLE CHAIRMAN Malware Communication"; flow:established, to_server; content:"chairman"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-10-08,updated_at 2016-10-12,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80184756;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BESTSELLER Malware Communication"; flow:established, to_server; content:"bestseller"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2018-10-25,updated_at 2018-10-27,filename email.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80184757;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWFUL SALARY Malware Communication"; flow:established,to_server; content:"salary"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-04-07,updated_at 2016-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184758;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURPLE SIZE Malware Communication"; flow:established,to_server; content:"size"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-21,updated_at 2019-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184759;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - DELICIOUS CUTOVER Exploitation Attempt Seen"; flow:established, to_server; content:"cutover"; priority:3; metadata:hostile src_ip,created_at 2015-11-11,capec_id 165,updated_at 2015-11-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-5126453,cve 2015-5126453,protocols http,protocols tcp; rev:1; sid:80184760;) alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SAFE LIVING Malware Communication"; flow:established,to_client; content:"living"; priority:2; metadata:cwe_id 657,malware post-infection,hostile src_ip,created_at 2019-02-06,updated_at 2019-02-07,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80184761;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIGHTY AZIMUTH Malware Communication"; flow:established,to_server; content:"azimuth"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-05-27,updated_at 2017-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184762;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEVOTED BEING Traffic Detected"; flow:established, to_server; content:"being"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-04-09,updated_at 2019-04-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184763;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWNS Malware Communication"; flow:established, to_server; content:"UNKNOWNs"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-21,updated_at 2018-08-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184764;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCOURAGING BIJOU Malware Communication"; flow:established,to_server; content:"bijou"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-16,updated_at 2019-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184765;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IRRELEVANT LEI Malware Communication"; flow:established,to_server; content:"lei"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-19,updated_at 2018-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184766;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRAZY DOWNFORCE Malware Communication"; flow:established,to_server; content:"downforce"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-07-14,updated_at 2015-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184767;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HAPPY BOBCAT Malware Communication"; flow:established,to_server; content:"bobcat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-16,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184768;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRANGE DOLMAN Malware Communication"; flow:established,to_server; content:"dolman"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-19,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184769;) alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN PHYSICS Exploitation Attempt Seen"; flow:established, to_server; content:"physics"; priority:3; metadata:hostile dest_ip,created_at 2019-08-25,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2019-8633060,protocols http,protocols tcp; rev:2; sid:80184770;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FEDERAL YEAST Malware Communication"; flow:established,to_server; urilen:>79; content:"yeast"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-07-03,updated_at 2018-07-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184771;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POWERFUL ASHRAM Malware Communication"; flow:established,to_server; content:"ashram"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-20,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184772;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CANCER Malware Communication"; flow:established,to_server; content:"cancer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-23,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184773;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAXIMUM PAPERBACK Malware Communication"; flow:established,to_server; content:"paperback"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-03,updated_at 2018-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184774;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TRIANGLE Malware Communication"; flow:established,to_server; content:"triangle"; priority:1; metadata:cwe_id 506,cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-05,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184775;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HOLLOW HATRED Malware Communication"; flow:established,to_server; content:"hatred"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-20,updated_at 2019-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184776;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIPE FOAM Malware Communication"; flow:established,to_server; content:"foam"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-21,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184777;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WHOLE SURVEY Exploitation Attempt Seen"; flow:established, to_server; content:"survey"; priority:3; metadata:hostile src_ip,created_at 2019-02-15,capec_id 310,updated_at 2019-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-8225430,protocols http,protocols tcp; rev:2; sid:80184778;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEW SPEAR Malware Communication"; flow:established,to_server; content:"spear"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-16,updated_at 2017-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80184779;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; urilen:8,norm; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-18,updated_at 2017-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184780;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROTECTIVE SHED Malware Communication"; flow:established,to_server; content:"shed"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-02,updated_at 2019-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184781;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HOMELY MACHINE Exploitation Attempt Seen"; flow:established, to_client; content:"machine"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-22,updated_at 2019-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-5256487,protocols http,protocols tcp; rev:2; sid:80184782;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HURT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-08,updated_at 2019-10-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184783;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THEORETICAL NEGOTIATION Malware Communication"; flow:established, to_server; content:"negotiation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-06,updated_at 2019-08-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184784;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMBARRASSING CALCIFICATION Malware Communication"; flow:established,to_server; content:"calcification"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-22,updated_at 2016-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184785;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMALL COPY Exploitation Attempt Seen"; flow:established,to_server; content:"copy"; priority:2; metadata:cwe_id 73,hostile src_ip,created_at 2018-10-03,capec_id 153,updated_at 2018-10-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target server,attack_target http-server,cve 2017-601149,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:3; sid:80184786;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIOLENT COLONY Malware Communication"; flow:established,to_server; content:"colony"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-18,updated_at 2019-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184787;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAMOUS PNEUMONIA Malware Communication"; flow:established,to_server; content:"pneumonia"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-14,updated_at 2019-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:8; sid:80184788;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POLITE UNKNOWN Malware Communication"; flow:established,to_server; urilen:14,norm; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2015-03-08,updated_at 2015-03-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184789;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELATED WORLD Malware Communication"; flow:established,to_client; content:"world"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2018-03-22,updated_at 2018-03-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184790;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND STONEWORK Exploitation Attempt Seen"; flow:established, to_server; content:"stonework"; priority:3; metadata:hostile src_ip,created_at 2017-11-25,capec_id 100,updated_at 2017-11-28,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2016-2691508,protocols smtp,protocols tcp; rev:1; sid:80184791;) #drop tcp any any -> $HOME_NET any (msg:"Acme - CRUCIAL INITIAL Exploitation Attempt Seen"; flow:established; content:"initial"; priority:3; metadata:created_at 2019-06-09,capec_id 100,updated_at 2019-06-24,filename email.rules,priority low,rule_source acme-rule-factory,cve 2017-7958360,protocols imap,protocols tcp; rev:1; sid:80184792;) alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TIRED PAWNSHOP Traffic Detected"; flow:established, to_server; content:"pawnshop"; priority:3; metadata:cwe_id 451,created_at 2019-01-22,capec_id 151,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:2; sid:80184793;) #drop tcp any any -> $HOME_NET any (msg:"Acme - HANDSOME VISION Exploitation Attempt Seen"; flow:established, to_client; content:"vision"; priority:3; metadata:created_at 2018-06-08,capec_id 100,updated_at 2018-06-09,filename email.rules,priority low,rule_source acme-rule-factory,cve 2016-1325241,protocols pop,protocols tcp; rev:1; sid:80184794;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MOTIONLESS FIRE Malware Communication"; flow:established, to_server; urilen:<40,norm; content:"fire"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-21,updated_at 2017-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184795;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLAMOROUS OFFICER Exploitation Attempt Seen"; flow:established,to_server; content:"officer"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2016-03-16,capec_id 248,updated_at 2016-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target server,attack_target http-server,cve 2016-2440161,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80184796;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CREEPY ISSUE Exploitation Attempt Seen"; flow:established,to_server; content:"issue"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-02-23,capec_id 248,updated_at 2018-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cve 2015-1499334,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80184797;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THOUGHTLESS GRANDDAUGHTER Exploitation Attempt Seen"; flow:established,to_client; content:"granddaughter"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-01-23,capec_id 255,updated_at 2018-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2015-5177363,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80184798;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPPORTING GARB Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"garb"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-26,capec_id 100,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-8096952,protocols http,protocols tcp; rev:2; sid:80184799;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERNATIONAL FIDDLE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"fiddle"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-03-12,capec_id 100,updated_at 2017-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-1276199,protocols http,protocols tcp; rev:2; sid:80184800;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FISCAL CASSEROLE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"casserole"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-08-11,capec_id 129,updated_at 2018-08-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target http-client,attack_target client,cve 2015-7624191,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80184801;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANNUAL FUTURE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"future"; priority:2; metadata:cwe_id 476,hostile src_ip,created_at 2019-06-10,capec_id 130,updated_at 2019-06-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target http-client,attack_target client,cve 2017-3611264,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80184802;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HORIZONTAL YELLOW Malware Communication"; flow:established,to_server; content:"yellow"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-14,updated_at 2017-05-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184803;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN SCIENCE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"science"; priority:2; metadata:cwe_id 908,hostile src_ip,created_at 2019-10-21,capec_id 129,updated_at 2019-10-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target http-client,attack_target client,cve 2019-1668807,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80184804;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADVANCED STEPS Exploitation Attempt Seen"; flow:established, to_server; content:"steps"; priority:3; metadata:hostile src_ip,created_at 2019-10-13,capec_id 248,updated_at 2019-10-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-7821294,protocols http,protocols tcp; rev:2; sid:80184805;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOVEL SUNBONNET Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"sunbonnet"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-10-16,capec_id 129,updated_at 2019-10-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cve 2019-8716636,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:2; sid:80184806;) #drop tcp any any -> $HOME_NET any (msg:"Acme - FREQUENT WILLOW Exploitation Attempt Seen"; flow:established, to_client; content:"willow"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2015-06-12,updated_at 2015-06-19,filename email.rules,priority low,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,cve 2015-2885949,protocols smtp,protocols tcp; rev:1; sid:80184807;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TECHNICAL BAIL Exploitation Attempt Seen"; flow:established, to_server; content:"bail"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2018-06-20,capec_id 242,updated_at 2018-06-25,filename email.rules,priority low,rule_source acme-rule-factory,cve 2017-2519906,protocols smtp,protocols tcp; rev:1; sid:80184808;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAVOURABLE EQUINOX Exploitation Attempt Seen"; flow:established, to_server; content:"equinox"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2018-04-21,updated_at 2018-04-21,filename email.rules,priority low,rule_source acme-rule-factory,cve 2018-6102005,protocols smtp,protocols tcp; rev:1; sid:80184809;) #drop tcp any any -> $HOME_NET any (msg:"Acme - PROFESSIONAL MONTH Exploitation Attempt Seen"; flow:established, to_client; content:"month"; priority:3; metadata:cwe_id 16,created_at 2019-06-05,updated_at 2019-06-11,filename email.rules,priority low,rule_source acme-rule-factory,cve 2019-7742469,protocols imap,protocols tcp; rev:1; sid:80184810;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPROPRIATE RICH Exploitation Attempt Seen"; flow:established, to_client; content:"rich"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2018-02-24,updated_at 2018-02-28,filename email.rules,priority low,rule_source acme-rule-factory,cve 2016-6018276,protocols imap,protocols tcp; rev:1; sid:80184811;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOVELY TEACHER Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"teacher"; priority:2; metadata:cwe_id 843,cvss_v3_base 8.0,hostile src_ip,created_at 2015-04-06,capec_id 44,updated_at 2015-04-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cvss_v3_temporal 7.3,cve 2015-1312045,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80184812;) #alert tcp any any -> $EXTERNAL_NET any (msg:"Acme - AGGRESSIVE POOF Exploitation Attempt Seen"; flow:established, to_client; content:"poof"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2019-04-23,updated_at 2019-04-24,filename email.rules,priority low,rule_source acme-rule-factory,cve 2019-6622238,protocols pop,protocols tcp; rev:1; sid:80184813;) drop tcp any any -> $HOME_NET any (msg:"Acme - STRIPED SUNKNOWNACH Malware Communication"; flow:established; content:"sUNKNOWNach"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-06-06,updated_at 2016-06-25,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:5; sid:80184814;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELUCTANT MEASLES Exploitation Attempt Seen"; flow:established,to_server; content:"measles"; priority:2; metadata:cwe_id 502,cvss_v3_base 7.9,hostile src_ip,created_at 2018-05-15,capec_id 184,updated_at 2018-05-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 7.8,cve 2016-6719747,cvss_v2_temporal 7.8,protocols tcp; rev:2; sid:80184815;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN RIDGE Malware Communication"; flow:established,to_server; content:"ridge"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2016-04-26,updated_at 2016-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184816;) drop tcp any any -> $HOME_NET any (msg:"Acme - VAST PRACTICE Exploitation Attempt Seen"; flow:established; content:"practice"; priority:2; metadata:cwe_id 119,created_at 2018-08-02,capec_id 44,updated_at 2018-08-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,cve 2017-4867992,cvss_v2_temporal 5.8,protocols tcp; rev:3; sid:80184817;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAME SIGN Malware Communication"; flow:established,to_server; content:"sign"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-07,updated_at 2019-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184818;) #alert http any any -> $HOME_NET any (msg:"Acme - UNKNOWN CALCIFICATION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"calcification"; priority:3; metadata:hostile src_ip,created_at 2018-05-22,capec_id 152,updated_at 2018-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-6500457,protocols http,protocols tcp; rev:2; sid:80184819;) #alert http any any -> $HOME_NET any (msg:"Acme - TESTY FACTORY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"factory"; priority:3; metadata:hostile src_ip,created_at 2018-05-23,capec_id 152,updated_at 2018-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-7224102,protocols http,protocols tcp; rev:2; sid:80184820;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMILIAR TERM Exploitation Attempt Seen"; flow:established,to_server; content:"term"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2018-08-08,capec_id 210,updated_at 2018-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cve 2018-6587331,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80184821;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELATIVE BOOSTER Exploitation Attempt Seen"; flow:established,to_server; content:"booster"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2017-08-07,capec_id 115,updated_at 2017-08-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cve 2016-646251,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80184822;) alert http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ROUND TENEMENT Exploitation Attempt Seen"; flow:established, to_server; content:"tenement"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2016-01-18,capec_id 165,updated_at 2016-01-21,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,attack_target http-server,cve 2016-5346606,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:1; sid:80184823;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HISTORIC DINOSAUR Exploitation Attempt Seen"; flow:established,to_server; content:"dinosaur"; priority:2; metadata:cwe_id 89,hostile src_ip,created_at 2019-03-04,capec_id 110,updated_at 2019-03-09,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,attack_target http-server,cve 2017-7742911,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80184824;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RAINSTORM Exploitation Attempt Seen"; flow:established,to_server; content:"rainstorm"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-07-24,capec_id 248,updated_at 2018-07-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target server,attack_target http-server,cve 2018-2695747,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80184825;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERNAL PERFUME Exploitation Attempt Seen"; flow:established,to_server; content:"perfume"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-09-21,capec_id 248,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,attack_target http-server,cve 2019-281137,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80184826;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORGANIC PAD Traffic Detected"; flow:established, to_server; content:"pad"; priority:3; metadata:hostile src_ip,created_at 2019-11-24,capec_id 115,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184827;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BITTER Malware Communication"; flow:established,to_server; content:"bitter"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-03,updated_at 2016-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184828;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD RUTH Exploitation Attempt Seen"; flow:established,to_server; content:"ruth"; priority:4; metadata:cwe_id 425,hostile src_ip,created_at 2019-06-05,capec_id 115,updated_at 2019-06-20,filename scada.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2018-7541529,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:1; sid:80184829;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TALL BUSH Traffic Detected"; flow:established, to_server; content:"bush"; priority:3; metadata:hostile src_ip,created_at 2019-09-24,capec_id 225,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184830;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CAMPANILE Exploitation Attempt Seen"; flow:established,to_server; content:"campanile"; priority:4; metadata:cwe_id 306,hostile src_ip,created_at 2016-10-22,capec_id 115,updated_at 2016-10-24,filename scada.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cve 2016-145086,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:1; sid:80184831;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORWARD GEARSHIFT Malware Communication"; flow:established,to_server; content:"gearshift"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-13,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184832;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DIRECT TIME Malware Communication"; flow:established,to_client; content:"time"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-02-26,updated_at 2019-02-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184833;) drop tcp any any -> $HOME_NET any (msg:"Acme - CONSERVATIVE CURRENT Malware Communication"; flow:established; content:"current"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-04-15,updated_at 2018-04-23,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:4; sid:80184834;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - EAGER UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184835;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN RETHINKING Malware Communication"; flow:established,to_server; content:"rethinking"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-09,updated_at 2017-09-13,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184836;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMATEUR JUDO Malware Communication"; flow:established,to_server; content:"judo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-15,updated_at 2018-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184837;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STALE DRAGSTER Exploitation Attempt Seen"; flow:established, to_server; content:"dragster"; priority:3; metadata:hostile src_ip,created_at 2019-06-01,capec_id 100,updated_at 2019-06-15,filename email.rules,priority low,rule_source acme-rule-factory,attack_target pop-server,attack_target server,cve 2018-2112470,protocols pop,protocols tcp; rev:1; sid:80184838;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEAR LARK Malware Communication"; flow:established,to_server; content:"lark"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-21,updated_at 2017-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184839;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIG FOAM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"foam"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-07-21,updated_at 2017-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-1591072,protocols http,protocols tcp; rev:2; sid:80184840;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFECTIVE STAR Malware Communication"; flow:established,to_client; content:"star"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-10-27,updated_at 2019-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184841;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIVEN PERCEPTION Malware Communication"; flow:established,to_client; content:"perception"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-01-12,updated_at 2019-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184842;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNKNOWNT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-02-17,updated_at 2018-02-21,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184843;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVENTIONAL SPOON Malware Communication"; flow:established, to_server; content:"spoon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-20,updated_at 2019-06-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184844;) alert http any any -> $HOME_NET any (msg:"Acme - SPARKLING WINGTIP Exploitation Attempt Seen"; flow:established,to_server; content:"wingtip"; priority:3; metadata:cwe_id 425,hostile src_ip,created_at 2016-07-24,capec_id 115,updated_at 2016-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cve 2015-8240053,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:1; sid:80184845;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DULCIMER Traffic Detected"; flow:established,to_server; content:"dulcimer"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-09-23,capec_id 213,updated_at 2019-09-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184846;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNLIKELY SPRUCE Traffic Detected"; flow:established,to_server; content:"spruce"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2018-07-11,capec_id 193,updated_at 2018-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target server,attack_target http-server,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:1; sid:80184847;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRANTIC FROG Traffic Detected"; flow:established,to_server; content:"frog"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2019-02-01,capec_id 193,updated_at 2019-02-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target server,attack_target http-server,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:1; sid:80184848;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CIVIL NEWS Malware Communication"; flow:established,to_server; content:"news"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-14,updated_at 2018-02-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184849;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLOUDY WALNUT Malware Communication"; flow:established,to_server; content:"walnut"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-04-22,updated_at 2016-04-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184850;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSENT DUFFEL Malware Communication"; flow:established,to_server; content:"duffel"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-27,updated_at 2017-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184851;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWAKE DREAM Malware Communication"; flow:established,to_server; content:"dream"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-03,updated_at 2019-07-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184852;) alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRAZY SIDESTREAM Traffic Detected"; flow:established,to_server; content:"sidestream"; priority:3; metadata:created_at 2019-05-08,capec_id 210,updated_at 2019-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:2; sid:80184853;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN JUMPSUIT Malware Communication"; flow:established,to_server; content:"jumpsuit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-17,updated_at 2018-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184854;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PRINCE Malware Communication"; flow:established,to_server; content:"prince"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-05,updated_at 2018-09-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184855;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INCLINED LICENSE Malware Communication"; flow:established,to_server; content:"license"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-09,updated_at 2018-07-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184856;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNY STOCK Malware Communication"; flow:established,to_server; content:"stock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-02,updated_at 2019-07-02,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184857;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILENT TERRACOTTA Exploitation Attempt Seen"; flow:established, to_server; content:"terracotta"; priority:2; metadata:cwe_id 502,hostile src_ip,created_at 2019-01-10,capec_id 248,updated_at 2019-01-10,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target server,attack_target http-server,cve 2019-587089,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80184858;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIRSTY CREME BRULEE Malware Communication"; flow:established,to_server; content:"creme"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-01,updated_at 2019-07-03,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184859;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTEGRAL BOOSTER Traffic Detected"; flow:established,to_server; content:"booster"; priority:3; metadata:cwe_id 657,created_at 2019-03-26,capec_id 118,updated_at 2019-03-27,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80184860;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREEK TENDENCY Malware Communication"; flow:established,to_server; content:"tendency"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-18,updated_at 2019-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:4; sid:80184861;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCREECHING BATHER Traffic Detected"; flow:established,to_server; content:"bather"; priority:1; metadata:hostile dest_ip,created_at 2018-06-03,updated_at 2018-06-07,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184862;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN OPPOSITE Malware Communication"; flow:established,to_server; content:"opposite"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-13,updated_at 2018-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184863;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMMENSE BALCONY Malware Communication"; flow:established,to_server; content:"balcony"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-06,updated_at 2018-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184864;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELIGHTFUL REPAIR Traffic Detected"; flow:established,to_server; content:"repair"; priority:1; metadata:hostile dest_ip,created_at 2019-05-14,updated_at 2019-05-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184865;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MATH Malware Communication"; flow:established,to_server; content:"math"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-21,updated_at 2017-06-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184866;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICK VELLUM Malware Communication"; flow:established,to_server; content:"vellum"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-04,updated_at 2018-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80184867;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIOR RETAILER Malware Communication"; flow:established,to_server; urilen:>100; content:"retailer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-01,updated_at 2017-05-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184868;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRACTICAL NETBALL Traffic Detected"; flow:established,to_server; content:"netball"; priority:4; metadata:created_at 2018-08-06,capec_id 148,updated_at 2018-08-17,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80184869;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFIDENT HATRED Traffic Detected"; flow:established,to_server; content:"hatred"; priority:4; metadata:created_at 2018-09-18,capec_id 148,updated_at 2018-09-21,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80184870;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRIGHTENED UNKNOWNBERRY Traffic Detected"; flow:established, to_client; content:"UNKNOWNberry"; priority:1; metadata:hostile src_ip,created_at 2018-10-18,updated_at 2018-10-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184871;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLEAMING TRIAL Exploitation Attempt Seen"; flow:established, to_server; content:"trial"; priority:3; metadata:cwe_id 693,hostile src_ip,created_at 2019-04-20,capec_id 63,updated_at 2019-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,attack_target http-server,cve 2016-216438,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80184872;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIKE FRINGE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"fringe"; priority:2; metadata:cwe_id 908,hostile src_ip,created_at 2019-05-13,capec_id 129,updated_at 2019-05-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2017-987289,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80184873;) drop http any any -> $HOME_NET any (msg:"Acme - CHARMING NICKEL Exploitation Attempt Seen"; flow:established,to_server; content:"nickel"; priority:2; metadata:cwe_id 352,hostile src_ip,created_at 2019-09-27,capec_id 152,updated_at 2019-09-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target server,attack_target http-server,cve 2019-996686,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:4; sid:80184874;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RENEWED MULTIMEDIA Malware Communication"; flow:established,to_server; content:"multimedia"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-10,updated_at 2018-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184875;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASLEEP AREA Malware Communication"; flow:established,to_server; content:"area"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80184876;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPARE COLISEUM Malware Communication"; flow:established,to_server; content:"coliseum"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-22,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184877;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUFFICIENT FAME Malware Communication"; flow:established,to_server; content:"fame"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-22,updated_at 2018-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184878;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMBARRASSING REDESIGN Exploitation Attempt Seen"; flow:established,to_client; content:"redesign"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-25,capec_id 44,updated_at 2019-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cve 2018-5032771,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80184879;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESULTING PERMAFROST Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"permafrost"; priority:2; metadata:cwe_id 346,hostile src_ip,created_at 2017-02-12,capec_id 113,updated_at 2017-02-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target http-client,attack_target client,cve 2017-4570334,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80184880;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PRINCIPAL Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"principal"; priority:3; metadata:cwe_id 693,hostile src_ip,created_at 2019-02-25,capec_id 210,updated_at 2019-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target http-client,attack_target client,cve 2019-4150887,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:2; sid:80184881;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - EXTREME LICENSE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"license"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-18,capec_id 118,updated_at 2019-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target http-client,attack_target client,cve 2017-7622159,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:4; sid:80184882;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DOUBTFUL DRUNK Malware Communication"; flow:established,to_server; content:"drunk"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-08-02,updated_at 2018-08-17,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184883;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRAIGHTFORWARD HUT Malware Communication"; flow:established,to_client; content:"hut"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-03,updated_at 2019-07-03,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184884;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAT CABINET Malware Communication"; flow:established,to_server; content:"cabinet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-01,updated_at 2018-05-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184885;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT WOOD Traffic Detected"; flow:established, to_client; content:"wood"; priority:2; metadata:hostile src_ip,created_at 2017-10-27,updated_at 2017-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184886;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ANXIOUS PUPA Exploitation Attempt Seen"; flow:established, to_server; content:"pupa"; priority:3; metadata:hostile src_ip,created_at 2018-04-16,capec_id 100,updated_at 2018-04-26,filename email.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,cve 2016-5041298,protocols imap,protocols tcp; rev:1; sid:80184887;) #alert tcp any any -> $HOME_NET any (msg:"Acme - CONSERVATION UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-01-08,capec_id 100,updated_at 2018-01-21,filename email.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,cve 2015-6705333,protocols imap,protocols tcp; rev:1; sid:80184888;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CHEERFUL DUSTER Malware Communication"; flow:established,to_server; content:"duster"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-08,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184889;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNAWARE PRODUCT Malware Communication"; flow:established,to_server; urilen:4<>33; content:"product"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-03-26,updated_at 2018-03-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184890;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTEMPORARY OFFICER Malware Communication"; flow:established,to_client; content:"officer"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-06-25,updated_at 2016-06-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184891;) drop http $HOME_NET any -> any any (msg:"Acme - UNKNOWNIVE TONE Traffic Detected"; flow:established,to_server; content:"tone"; priority:1; metadata:created_at 2019-04-08,updated_at 2019-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184892;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIVIL TRANSPORTATION Exploitation Attempt Seen"; flow:established, to_client; content:"transportation"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-10-09,capec_id 248,updated_at 2017-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-8250643,protocols http,protocols tcp; rev:1; sid:80184893;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POTENTIAL DULCIMER Malware Communication"; flow:established, to_server; content:"dulcimer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184894;) #alert http any any -> $HOME_NET any (msg:"Acme - COOL LATTE Traffic Detected"; flow:established, to_server; content:"latte"; priority:3; metadata:hostile src_ip,created_at 2018-07-10,capec_id 66,updated_at 2018-07-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184895;) #alert http any any -> $HOME_NET any (msg:"Acme - INNER SPASM Traffic Detected"; flow:established, to_server; content:"spasm"; priority:3; metadata:hostile src_ip,created_at 2019-06-10,capec_id 66,updated_at 2019-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184896;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ATTRACTIVE TRAIL Exploitation Attempt Seen"; flow:established, to_server; content:"trail"; priority:3; metadata:hostile src_ip,created_at 2019-04-17,capec_id 213,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-8051035,protocols http,protocols tcp; rev:2; sid:80184897;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ITCHY ANGUISH Malware Communication"; flow:established,to_client; content:"anguish"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-01-17,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184898;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLOODY HARP Malware Communication"; flow:established,to_server; urilen:9,norm; content:"harp"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-21,updated_at 2019-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184899;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FLYTRAP Malware Communication"; flow:established,to_server; content:"flytrap"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-19,updated_at 2016-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184900;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNAWARE GANDER Malware Communication"; flow:established,to_server; urilen:10,norm; content:"gander"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-11,updated_at 2018-09-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184901;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ZEALOUS CAKE Malware Communication"; flow:established,to_client; content:"cake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-04,updated_at 2019-06-14,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184902;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PSYCHOLOGICAL USHER Malware Communication"; flow:established,to_server; content:"usher"; priority:3; metadata:cwe_id 657,malware post-infection,created_at 2019-06-20,updated_at 2019-06-21,filename p2p.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184903;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANUAL LARK Malware Communication"; flow:established,to_server; urilen:1,norm; content:"lark"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-15,updated_at 2016-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184904;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HILARIOUS TERRACOTTA Malware Communication"; flow:established,to_server; content:"terracotta"; priority:4; metadata:cwe_id 506,malware post-infection,created_at 2019-11-19,updated_at 2019-11-19,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184905;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RAPID KNIFE-EDGE Malware Communication"; flow:established, to_server; content:"knife-edge"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-01-11,updated_at 2016-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184906;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTITLED POSSIBLE Malware Communication"; flow:established,to_server; content:"possible"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-04,updated_at 2017-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184907;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEPARATE TWISTER Malware Communication"; flow:established,to_client; content:"twister"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-01-03,updated_at 2018-01-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184908;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHIEF ENGINEERING Exploitation Attempt Seen"; flow:established,to_server; content:"engineering"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2016-06-04,capec_id 248,updated_at 2016-06-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cve 2015-1142797,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80184909;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REASONABLE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-14,updated_at 2017-06-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184910;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNEMPLOYED UNKNOWNEN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNen"; priority:3; metadata:hostile src_ip,created_at 2015-10-04,updated_at 2015-10-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-9696285,protocols http,protocols tcp; rev:3; sid:80184911;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TYPICAL STUDIO Exploitation Attempt Seen"; flow:established, to_server; content:"studio"; priority:3; metadata:hostile src_ip,created_at 2017-10-07,capec_id 213,updated_at 2017-10-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-2409224,protocols http,protocols tcp; rev:2; sid:80184912;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCOMFORTABLE AMBITION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"ambition"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2015-11-10,capec_id 100,updated_at 2015-11-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-3096514,protocols http,protocols tcp; rev:2; sid:80184913;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LITERARY BORDER Malware Communication"; flow:established,to_server; urilen:>5,norm; content:"border"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-08,updated_at 2019-07-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184914;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUNY OTHER Malware Communication"; flow:established,to_server; content:"other"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-16,updated_at 2019-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184915;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGISTERED NOUGAT Malware Communication"; flow:established,to_server; content:"nougat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-18,updated_at 2018-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184916;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - AVERAGE QUILT Malware Communication"; flow:established,to_server; content:"quilt"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-25,updated_at 2019-11-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184917;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIVERSE COMMERCIAL Malware Communication"; flow:established,to_server; content:"commercial"; priority:3; metadata:cwe_id 512,malware pre-infection,created_at 2019-08-18,updated_at 2019-08-25,filename adware.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80184918;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLUSHING DRIVEWAY Malware Communication"; flow:established,to_server; content:"driveway"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-18,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184919;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DANGEROUS HELO Malware Communication"; flow:established,to_server; content:"helo"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-17,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184920;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FISCAL UNKNOWNT Malware Communication"; flow:established,to_server; content:"UNKNOWNt"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-09-27,updated_at 2016-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80184921;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVAILABLE T-SHIRT Malware Communication"; flow:established,to_server; content:"t-shirt"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-11,updated_at 2017-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184922;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SATISFACTORY TUTU Malware Communication"; flow:established,to_server; content:"tutu"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-13,updated_at 2019-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184923;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARED JURY Malware Communication"; flow:established,to_server; content:"jury"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-07-09,updated_at 2017-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184924;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BOATYARD Malware Communication"; flow:established,to_client; content:"boatyard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-06-01,updated_at 2017-06-14,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184925;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN RACK Traffic Detected"; flow:established, to_server; content:"rack"; priority:3; metadata:hostile src_ip,created_at 2018-02-08,updated_at 2018-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80184926;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - HORRIBLE TIN Traffic Detected"; flow:established, to_server; content:"tin"; priority:3; metadata:hostile dest_ip,created_at 2019-10-20,capec_id 66,updated_at 2019-10-20,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80184927;) #alert http $HOME_NET any -> any any (msg:"Acme - SHARP SPRAY Traffic Detected"; flow:established, to_client; file_data; content:"spray"; priority:3; metadata:hostile dest_ip,created_at 2019-08-27,capec_id 66,updated_at 2019-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184928;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOOD EYELIDS Exploitation Attempt Seen"; flow:established, to_server; content:"eyelids"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-01-03,capec_id 213,updated_at 2017-01-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-9049142,protocols http,protocols tcp; rev:2; sid:80184929;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARYING KEYBOARDING Exploitation Attempt Seen"; flow:established, to_server; content:"keyboarding"; priority:3; metadata:hostile src_ip,created_at 2016-11-27,updated_at 2016-11-28,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2016-5311583,protocols smtp,protocols tcp; rev:1; sid:80184930;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LITERATURE Malware Communication"; flow:established,to_server; content:"literature"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2015-09-10,updated_at 2015-09-27,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80184931;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN POND Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"pond"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-18,capec_id 129,updated_at 2019-11-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cve 2018-4192696,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80184932;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADORABLE REST Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"rest"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-05-09,capec_id 130,updated_at 2019-05-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target http-client,attack_target client,cve 2017-5635048,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80184933;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REMARKABLE CYCLAMEN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"cyclamen"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-06,capec_id 255,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target http-client,attack_target client,cve 2016-4860135,cve 2016-4860135,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:2; sid:80184934;) #drop tcp any any -> $EXTERNAL_NET any (msg:"Acme - INQUISITIVE CALL Exploitation Attempt Seen"; flow:established, to_client; content:"call"; priority:3; metadata:hostile src_ip,created_at 2017-05-15,updated_at 2017-05-23,filename email.rules,priority low,rule_source acme-rule-factory,cve 2016-3516085,protocols pop,protocols tcp; rev:1; sid:80184935;) #alert http any any -> $HOME_NET any (msg:"Acme - INTEGRATED UNKNOWN-UP Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWN-up"; priority:3; metadata:hostile src_ip,created_at 2018-06-19,capec_id 253,updated_at 2018-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-9724763,protocols http,protocols tcp; rev:2; sid:80184936;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORMIDABLE SCRIPT Malware Communication"; flow:established,to_server; content:"script"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-18,updated_at 2019-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80184937;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENDER NETWORK Malware Communication"; flow:established,to_client; content:"network"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-04-25,updated_at 2017-04-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80184938;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NERVOUS BLAZER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"blazer"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-02-13,capec_id 129,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cve 2019-4352322,cvss_v2_temporal 7.7,protocols http,protocols tcp; rev:2; sid:80184939;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIRSTY UNKNOWNATO Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWNato"; priority:2; metadata:cwe_id 200,hostile dest_ip,created_at 2017-03-15,capec_id 48,updated_at 2017-03-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cve 2016-2246910,cvss_v2_temporal 1.5,protocols http,protocols tcp; rev:2; sid:80184940;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ILL KETTLEDUNKNOWN Exploitation Attempt Seen"; flow:established,to_client; content:"kettledUNKNOWN"; priority:2; metadata:cwe_id 200,hostile src_ip,created_at 2019-09-10,capec_id 48,updated_at 2019-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target http-client,attack_target client,cve 2016-7961827,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80184941;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELICIOUS BEET Exploitation Attempt Seen"; flow:established, to_server; content:"beet"; priority:3; metadata:hostile src_ip,created_at 2019-09-12,capec_id 248,updated_at 2019-09-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-6656711,protocols http,protocols tcp; rev:2; sid:80184942;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP HIGH Exploitation Attempt Seen"; flow:established, to_server; content:"high"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-07-09,capec_id 248,updated_at 2018-07-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-8641333,protocols http,protocols tcp; rev:2; sid:80184943;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PEACH Traffic Detected"; flow:established, to_server; content:"peach"; priority:1; metadata:hostile dest_ip,created_at 2019-09-26,updated_at 2019-09-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184944;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DOUBLE DOUBTER Traffic Detected"; flow:established,to_server; content:"doubter"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-03-14,capec_id 286,updated_at 2017-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184945;) #alert http any any -> $HOME_NET any (msg:"Acme - ORGANIC UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-04-25,capec_id 66,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184946;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELATED CROWN Malware Communication"; flow:established,to_server; content:"crown"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184947;) #alert http any any -> $HOME_NET any (msg:"Acme - SLIPPERY GREASE Traffic Detected"; flow:established, to_server; content:"grease"; priority:3; metadata:hostile src_ip,created_at 2019-02-19,capec_id 66,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184948;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOXIC MANDARIN Malware Communication"; flow:established,to_server; urilen:15,norm; content:"mandarin"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-04,updated_at 2019-04-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184949;) #alert http any any -> $HOME_NET any (msg:"Acme - USELESS ARMADILLO Traffic Detected"; flow:established, to_server; content:"armadillo"; priority:3; metadata:hostile src_ip,created_at 2015-04-13,capec_id 66,updated_at 2015-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184950;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTSTANDING SYMMETRY Traffic Detected"; flow:established,to_server; content:"symmetry"; priority:1; metadata:hostile dest_ip,created_at 2018-04-12,capec_id 118,updated_at 2018-04-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184951;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNFORTUNATE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-01,updated_at 2017-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80184952;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PATIENT MEASLES Malware Communication"; flow:established,to_server; content:"measles"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-22,updated_at 2019-04-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184953;) #alert http any any -> $HOME_NET any (msg:"Acme - DIRTY UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-07-17,capec_id 115,updated_at 2019-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-5549963,protocols http,protocols tcp; rev:2; sid:80184954;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALLIED WOOLEN Malware Communication"; flow:established,to_server; content:"woolen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-01,updated_at 2017-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184955;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BORING SHOPPER Exploitation Attempt Seen"; flow:established, to_server; content:"shopper"; priority:3; metadata:hostile src_ip,created_at 2017-09-21,capec_id 115,updated_at 2017-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-7929807,protocols http,protocols tcp; rev:1; sid:80184956;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOYAL OFFENCE Exploitation Attempt Seen"; flow:established,to_server; content:"offence"; priority:3; metadata:cwe_id 454,hostile src_ip,created_at 2019-11-06,capec_id 152,updated_at 2019-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cve 2018-5501653,cve 2018-5501653,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80184957;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TIRED DRIVING Exploitation Attempt Seen"; flow:established, to_server; content:"driving"; priority:3; metadata:hostile src_ip,created_at 2019-07-27,capec_id 115,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-2426517,protocols http,protocols tcp; rev:1; sid:80184958;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YOUNG CLOAK Malware Communication"; flow:established,to_server; content:"cloak"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-16,updated_at 2019-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184959;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOUD POLLUTION Malware Communication"; flow:established,to_server; content:"pollution"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-07-25,updated_at 2019-07-25,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184960;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NERVOUS INFLAMMATION Malware Communication"; flow:established,to_client; content:"inflammation"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-03-26,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80184961;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EAGER STRESS Malware Communication"; flow:established,to_client; content:"stress"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-10-13,updated_at 2019-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184962;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESULTING STEAMROLLER Malware Communication"; flow:established,to_server; content:"steamroller"; priority:2; metadata:cwe_id 434,malware download-attempt,hostile src_ip,created_at 2019-07-04,updated_at 2019-07-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184963;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TEMPORARY STEP-FATHER Traffic Detected"; flow:established,to_server; content:"step-father"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-08-17,capec_id 253,updated_at 2019-08-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184964;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STEEP SUSTAINMENT Exploitation Attempt Seen"; flow:established, to_server; content:"sustainment"; priority:3; metadata:hostile src_ip,created_at 2017-06-22,capec_id 248,updated_at 2017-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-3341643,protocols http,protocols tcp; rev:2; sid:80184965;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN EMERGENT Traffic Detected"; flow:established, to_server; content:"emergent"; priority:3; metadata:created_at 2015-02-08,updated_at 2015-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184966;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIATURE MARSH Malware Communication"; flow:established,to_server; content:"marsh"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-26,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184967;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DETAILED UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-01-08,capec_id 66,updated_at 2019-01-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80184968;) #alert http any any -> $HOME_NET any (msg:"Acme - STRANGE CAT Traffic Detected"; flow:established, to_server; content:"cat"; priority:4; metadata:hostile src_ip,created_at 2019-04-26,capec_id 66,updated_at 2019-04-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184969;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONELY BAKEWARE Traffic Detected"; flow:established, to_server; content:"bakeware"; priority:3; metadata:hostile src_ip,created_at 2015-07-14,capec_id 66,updated_at 2015-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184970;) #alert http any any -> $HOME_NET any (msg:"Acme - RULING CAPTION Traffic Detected"; flow:established, to_server; content:"caption"; priority:3; metadata:hostile src_ip,created_at 2019-08-27,capec_id 66,updated_at 2019-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184971;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NINEUNKNOWNTH-CENTURY SELF Traffic Detected"; flow:established, to_server; content:"self"; priority:3; metadata:hostile src_ip,created_at 2017-11-06,capec_id 66,updated_at 2017-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184972;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REDUNDANT WHIRLWIND Traffic Detected"; flow:established, to_server; content:"whirlwind"; priority:3; metadata:hostile src_ip,created_at 2018-03-02,capec_id 66,updated_at 2018-03-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184973;) #alert http any any -> $HOME_NET any (msg:"Acme - EXCESSIVE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-10-21,capec_id 66,updated_at 2018-10-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184974;) #alert http any any -> $HOME_NET any (msg:"Acme - STINGY SPLEEN Traffic Detected"; flow:established, to_server; content:"spleen"; priority:3; metadata:hostile src_ip,created_at 2017-08-01,capec_id 66,updated_at 2017-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184975;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN PAPER Traffic Detected"; flow:established, to_server; content:"paper"; priority:3; metadata:hostile src_ip,created_at 2019-06-19,capec_id 66,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184976;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUR MORTISE Traffic Detected"; flow:established, to_server; content:"mortise"; priority:3; metadata:hostile src_ip,created_at 2018-09-16,capec_id 66,updated_at 2018-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184977;) #alert http any any -> $HOME_NET any (msg:"Acme - EXTENDED SELL Traffic Detected"; flow:established, to_server; content:"sell"; priority:3; metadata:hostile src_ip,created_at 2016-11-24,capec_id 66,updated_at 2016-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184978;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNNY THING Traffic Detected"; flow:established, to_server; content:"thing"; priority:3; metadata:hostile src_ip,created_at 2016-05-20,capec_id 66,updated_at 2016-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184979;) #alert http any any -> $HOME_NET any (msg:"Acme - ALERT PERMISSION Traffic Detected"; flow:established, to_server; content:"permission"; priority:3; metadata:hostile src_ip,created_at 2018-01-24,capec_id 66,updated_at 2018-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184980;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUNIOR BUILDING Traffic Detected"; flow:established, to_server; content:"building"; priority:3; metadata:hostile src_ip,created_at 2019-03-20,capec_id 66,updated_at 2019-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184981;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEARY WALNUT Traffic Detected"; flow:established, to_server; content:"walnut"; priority:3; metadata:hostile src_ip,created_at 2017-09-22,capec_id 66,updated_at 2017-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184982;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COOING BIRD Traffic Detected"; flow:established, to_server; content:"bird"; priority:3; metadata:hostile src_ip,created_at 2017-10-15,capec_id 66,updated_at 2017-10-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184983;) #alert http any any -> $HOME_NET any (msg:"Acme - WONDERFUL EMPOWERMENT Traffic Detected"; flow:established, to_server; content:"empowerment"; priority:3; metadata:hostile src_ip,created_at 2018-10-03,capec_id 66,updated_at 2018-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184984;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPOSSIBLE CYLINDER Traffic Detected"; flow:established, to_server; content:"cylinder"; priority:3; metadata:hostile src_ip,created_at 2019-03-24,capec_id 66,updated_at 2019-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184985;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABOVE VAGRANT Malware Communication"; flow:established,to_server; content:"vagrant"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-08,updated_at 2019-06-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80184986;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FACILITIES Traffic Detected"; flow:established, to_server; content:"facilities"; priority:3; metadata:hostile src_ip,created_at 2019-06-19,capec_id 66,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184987;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIFFERENT SILKWORM Traffic Detected"; flow:established, to_server; content:"silkworm"; priority:3; metadata:hostile src_ip,created_at 2019-02-10,capec_id 66,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184988;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CRAZY PIE Traffic Detected"; flow:established, to_server; content:"pie"; priority:3; metadata:hostile dest_ip,created_at 2019-08-04,capec_id 66,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80184989;) #alert http any any -> $HOME_NET any (msg:"Acme - LOW HARBOUR Traffic Detected"; flow:established, to_server; content:"harbour"; priority:3; metadata:hostile src_ip,created_at 2018-11-11,capec_id 66,updated_at 2018-11-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184990;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JUNIOR RELATIVE Traffic Detected"; flow:established, to_server; content:"relative"; priority:3; metadata:hostile src_ip,created_at 2018-07-18,capec_id 66,updated_at 2018-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80184991;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROUND TIMBER Traffic Detected"; flow:established, to_client; file_data; content:"timber"; priority:3; metadata:created_at 2018-01-02,updated_at 2018-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80184992;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN COURT Malware Communication"; flow:established,to_server; content:"court"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80184993;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEDIEVAL POSSIBILITY Malware Communication"; flow:established,to_client; content:"possibility"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-09-22,updated_at 2019-09-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80184994;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPERIOR FLECK Malware Communication"; flow:established,to_server; content:"fleck"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-07,updated_at 2018-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184995;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVENIENT BARGE Malware Communication"; flow:established,to_server; content:"barge"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-23,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184996;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HUNGRY PLASTIC Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"plastic"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2018-06-02,capec_id 255,updated_at 2018-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6085953,protocols http,protocols tcp; rev:2; sid:80184997;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUR MAGAZINE Malware Communication"; flow:established,to_server; content:"magazine"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-19,updated_at 2016-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184998;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FATHER Malware Communication"; flow:established,to_server; content:"father"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-01,updated_at 2019-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80184999;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCIENTIFIC PERMAFROST Malware Communication"; flow:established,to_server; content:"permafrost"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-04-17,updated_at 2019-04-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185000;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TYPICAL DOCK Malware Communication"; flow:established,to_server; content:"dock"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-24,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185001;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LIST Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"list"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2017-08-17,capec_id 129,updated_at 2017-08-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target http-client,attack_target client,cve 2016-6190419,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80185002;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCESSIVE SHED Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"shed"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2017-04-22,capec_id 129,updated_at 2017-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2017-6907336,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80185003;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POOR INTERNET Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"internet"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2016-07-22,capec_id 255,updated_at 2016-07-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cve 2015-6359069,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80185004;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FEW FRUSTRATION Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"frustration"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2016-03-03,capec_id 129,updated_at 2016-03-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target http-client,attack_target client,cve 2016-9427183,cvss_v2_temporal 7.7,protocols http,protocols tcp; rev:2; sid:80185005;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - READY LEAVE Malware Communication"; flow:established,to_server; content:"leave"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185006;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNKNOWN COMPETITION Traffic Detected"; flow:established, to_server; content:"competition"; priority:3; metadata:hostile src_ip,created_at 2019-10-20,capec_id 241,updated_at 2019-10-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185007;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CHEAP MAIN Traffic Detected"; flow:established, to_server; content:"main"; priority:3; metadata:hostile src_ip,created_at 2017-09-16,capec_id 251,updated_at 2017-09-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185008;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - GLORIOUS BOOK Traffic Detected"; flow:established, to_server; content:"book"; priority:3; metadata:hostile src_ip,created_at 2019-11-15,capec_id 251,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185009;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - WILD BRASS Traffic Detected"; flow:established, to_server; content:"brass"; priority:3; metadata:hostile src_ip,created_at 2018-03-12,capec_id 251,updated_at 2018-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185010;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - COHERENT LIE Traffic Detected"; flow:established, to_server; content:"lie"; priority:3; metadata:hostile src_ip,created_at 2019-01-13,capec_id 251,updated_at 2019-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185011;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - INDIRECT STRAIT Traffic Detected"; flow:established, to_server; content:"strait"; priority:3; metadata:hostile src_ip,created_at 2017-06-05,capec_id 251,updated_at 2017-06-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185012;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - PROFITABLE MAGIC Traffic Detected"; flow:established, to_server; content:"magic"; priority:3; metadata:hostile src_ip,created_at 2018-03-23,capec_id 251,updated_at 2018-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185013;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - FAMILIAR YEW Traffic Detected"; flow:established, to_server; content:"yew"; priority:3; metadata:hostile src_ip,created_at 2017-04-03,capec_id 251,updated_at 2017-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185014;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - INNOVATIVE BASS Traffic Detected"; flow:established, to_server; content:"bass"; priority:3; metadata:hostile src_ip,created_at 2018-09-07,capec_id 251,updated_at 2018-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185015;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - MUSHY MODEM Traffic Detected"; flow:established, to_server; content:"modem"; priority:3; metadata:hostile src_ip,created_at 2018-08-11,capec_id 241,updated_at 2018-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185016;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CONSERVATIVE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-08-17,capec_id 251,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185017;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - OLYMPIC NONDISCLOSURE Traffic Detected"; flow:established, to_server; content:"nondisclosure"; priority:3; metadata:hostile src_ip,created_at 2018-10-01,capec_id 251,updated_at 2018-10-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185018;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - JOYOUS PINECONE Traffic Detected"; flow:established, to_server; content:"pinecone"; priority:3; metadata:hostile src_ip,created_at 2017-03-24,capec_id 251,updated_at 2017-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185019;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - INSTITUTIONAL SLEDGE Traffic Detected"; flow:established, to_server; content:"sledge"; priority:3; metadata:hostile src_ip,created_at 2018-08-18,capec_id 251,updated_at 2018-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185020;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - LIBERAL MILLISECOND Traffic Detected"; flow:established, to_server; content:"millisecond"; priority:3; metadata:hostile src_ip,created_at 2016-06-02,capec_id 251,updated_at 2016-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185021;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - DEAF DEER Traffic Detected"; flow:established, to_server; content:"deer"; priority:3; metadata:hostile src_ip,created_at 2018-07-11,capec_id 251,updated_at 2018-07-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185022;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - WEARY DANCE Traffic Detected"; flow:established, to_server; content:"dance"; priority:3; metadata:hostile src_ip,created_at 2015-06-08,capec_id 251,updated_at 2015-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185023;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - JOINT PRINCESS Traffic Detected"; flow:established, to_server; content:"princess"; priority:3; metadata:hostile src_ip,created_at 2018-02-13,capec_id 251,updated_at 2018-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185024;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - NUMEROUS TARD Traffic Detected"; flow:established, to_server; content:"tard"; priority:3; metadata:hostile src_ip,created_at 2016-03-25,capec_id 241,updated_at 2016-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185025;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CIVIC TOWER Malware Communication"; flow:established,to_server; content:"tower"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-23,updated_at 2017-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185026;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARALLEL TROUBLE Malware Communication"; flow:established,to_client; content:"trouble"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-04-11,updated_at 2018-04-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185027;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEAR FRIEND Traffic Detected"; flow:established, to_server; content:"friend"; priority:1; metadata:hostile dest_ip,created_at 2018-08-08,updated_at 2018-08-09,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185028;) #alert http any any -> $HOME_NET any (msg:"Acme - UNABLE UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile dest_ip,created_at 2019-09-20,capec_id 248,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-8669744,protocols http,protocols tcp; rev:2; sid:80185029;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REVOLUTIONARY WORKING Malware Communication"; flow:established,to_server; content:"working"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-02-24,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185030;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRACEFUL NURTURE Malware Communication"; flow:established,to_server; content:"nurture"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-10,updated_at 2018-09-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185031;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PARTY Traffic Detected"; flow:established,to_server; content:"party"; priority:2; metadata:hostile dest_ip,created_at 2019-07-12,capec_id 403,updated_at 2019-07-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185032;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXUBERANT ENTHUSIASM Malware Communication"; flow:established,to_server; stream_size:server,=,1; content:"enthusiasm"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-06,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185033;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCARY SKIN Traffic Detected"; flow:established,to_server; urilen:>68; content:"skin"; priority:2; metadata:hostile src_ip,created_at 2019-11-06,capec_id 153,updated_at 2019-11-15,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185034;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FLAT SKILL Traffic Detected"; flow:established, to_server; content:"skill"; priority:3; metadata:hostile src_ip,created_at 2019-05-10,capec_id 66,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185035;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WISDOM Traffic Detected"; flow:established, to_server; content:"wisdom"; priority:3; metadata:hostile src_ip,created_at 2019-10-17,capec_id 66,updated_at 2019-10-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185036;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLORIOUS PARTICIPANT Malware Communication"; flow:established, to_client; content:"participant"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2018-05-25,updated_at 2018-05-25,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185037;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE FEED Malware Communication"; flow:established,to_server; content:"feed"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-04,updated_at 2019-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185038;) #alert tcp $HOME_NET any -> any any (msg:"Acme - VIVID UNKNOWN Traffic Detected"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:hostile dest_ip,created_at 2019-09-09,updated_at 2019-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80185039;) drop http any any -> $HOME_NET any (msg:"Acme - MARKED PRINCIPLE Exploitation Attempt Seen"; flow:established,to_server; content:"principle"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-09-15,capec_id 100,updated_at 2019-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2018-2293410,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:1; sid:80185040;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAMMOTH UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-09,updated_at 2019-08-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185041;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLD HOMONYM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"homonym"; priority:3; metadata:hostile src_ip,created_at 2019-11-17,capec_id 100,updated_at 2019-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-178966,protocols http,protocols tcp; rev:2; sid:80185042;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURIOUS UNKNOWN Malware Communication"; flow:established,to_server; urilen:>200; content:"UNKNOWN"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile dest_ip,created_at 2018-03-02,updated_at 2018-03-19,filename adware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185043;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCESSIBLE OPERA Traffic Detected"; flow:established,to_client; content:"opera"; priority:3; metadata:created_at 2017-10-01,capec_id 403,updated_at 2017-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80185044;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AFRAID THAW Malware Communication"; flow:established,to_server; content:"thaw"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185045;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPEN WILDERNESS Traffic Detected"; flow:established,to_server; content:"wilderness"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2017-06-24,capec_id 6,updated_at 2017-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target server,attack_target http-server,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:1; sid:80185046;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCEPTUAL QUANTITY Exploitation Attempt Seen"; flow:established, to_server; content:"quantity"; priority:3; metadata:hostile src_ip,created_at 2017-04-11,capec_id 100,updated_at 2017-04-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-6438466,protocols http,protocols tcp; rev:1; sid:80185047;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SQUEALING COMPONENT Exploitation Attempt Seen"; flow:established, to_server; content:"component"; priority:3; metadata:hostile src_ip,created_at 2018-06-17,capec_id 310,updated_at 2018-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-5157464,protocols http,protocols tcp; rev:2; sid:80185048;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGNIFICENT KNITTING Traffic Detected"; flow:established,to_server; content:"knitting"; priority:3; metadata:hostile src_ip,created_at 2019-05-13,capec_id 100,updated_at 2019-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80185049;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEALTHY COT Malware Communication"; flow:established,to_server; content:"cot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-12,updated_at 2019-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185050;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCESSIVE UNKNOWNSHOP Malware Communication"; flow:established,to_server; content:"UNKNOWNshop"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-12,updated_at 2018-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80185051;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANCIENT PEOPLE Malware Communication"; flow:established,to_server; content:"people"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-18,updated_at 2018-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185052;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORLDWIDE GEOLOGY Malware Communication"; flow:established,to_server; content:"geology"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-27,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185053;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LABOUR WORKSHOP Traffic Detected"; flow:established,to_server; content:"workshop"; priority:3; metadata:hostile dest_ip,created_at 2017-01-08,capec_id 242,updated_at 2017-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:4; sid:80185054;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCHANGED FUNCTION Traffic Detected"; flow:established,to_server; content:"function"; priority:3; metadata:hostile dest_ip,created_at 2019-01-11,capec_id 242,updated_at 2019-01-12,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:4; sid:80185055;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INDIRECT TEMPLE Malware Communication"; flow:established,to_client; content:"temple"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-05-20,updated_at 2019-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185056;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NICE SUNKNOWNT Malware Communication"; flow:established,to_server; urilen:39<>60,norm; content:"sUNKNOWNt"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-13,updated_at 2019-03-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80185057;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPLENDID UNKNOWN Traffic Detected"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-06-02,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185058;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HORRIBLE TOGA Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"toga"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-26,capec_id 255,updated_at 2019-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cve 2018-1875167,cvss_v2_temporal 8.4,protocols http,protocols tcp; rev:2; sid:80185059;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHOCKED MANIAC Malware Communication"; flow:established,to_server; content:"maniac"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185060;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRECIOUS CONFLICT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"conflict"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-01-13,capec_id 129,updated_at 2019-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cve 2018-5596824,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80185061;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNAGE EEL Malware Communication"; flow:established,to_server; content:"eel"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-22,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185062;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIOR BESTSELLER Malware Communication"; flow:established,to_server; content:"bestseller"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-06-06,updated_at 2015-06-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185063;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOTAL SYNOD Traffic Detected"; flow:established, to_server; content:"synod"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2016-04-22,capec_id 286,updated_at 2016-04-23,filename scan.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185064;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMILIAR UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-27,capec_id 255,updated_at 2019-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cve 2015-8979206,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80185065;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCHANGED SECRETARY Malware Communication"; flow:established,to_server; content:"secretary"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-08-16,updated_at 2019-08-24,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185066;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISUAL WINNER Malware Communication"; flow:established,to_server; content:"winner"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-02-02,updated_at 2017-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185067;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPER WHALE Malware Communication"; flow:established,to_server; content:"whale"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-18,updated_at 2018-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185068;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BEETLE Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"beetle"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-25,capec_id 255,updated_at 2019-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target http-client,attack_target client,cve 2016-1294032,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80185069;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ROUND MIDI Traffic Detected"; flow:established, to_server; content:"midi"; priority:3; metadata:hostile src_ip,created_at 2017-03-12,capec_id 251,updated_at 2017-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185070;) #alert tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - DEFENSIVE QUADRANT Traffic Detected"; flow:established, to_server; content:"quadrant"; priority:3; metadata:hostile src_ip,created_at 2019-01-09,capec_id 175,updated_at 2019-01-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185071;) #alert http any any -> $HOME_NET any (msg:"Acme - DISASTROUS SNAKEBITE Traffic Detected"; flow:established, to_server; content:"snakebite"; priority:3; metadata:hostile src_ip,created_at 2019-07-12,capec_id 241,updated_at 2019-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185072;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ESTABLISHED FISH Traffic Detected"; flow:established, to_server; content:"fish"; priority:3; metadata:created_at 2016-09-13,capec_id 116,updated_at 2016-09-18,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185073;) #alert http any any -> $HOME_NET any (msg:"Acme - MARRIED KINDNESS Traffic Detected"; flow:established, to_server; content:"kindness"; priority:3; metadata:hostile src_ip,created_at 2019-04-16,capec_id 251,updated_at 2019-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185074;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASLEEP KICK-OFF Traffic Detected"; flow:established, to_server; content:"kick-off"; priority:3; metadata:hostile src_ip,created_at 2016-03-01,capec_id 251,updated_at 2016-03-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185075;) #alert http any any -> $HOME_NET any (msg:"Acme - GOOD UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-09-22,capec_id 241,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185076;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGIC HOLD Malware Communication"; flow:established, to_server; content:"hold"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-09,updated_at 2017-06-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185077;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVELY GROUPER Malware Communication"; flow:established, to_server; content:"grouper"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-14,updated_at 2018-10-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185078;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TROPICAL JUMPSUIT Traffic Detected"; flow:established, to_server; content:"jumpsuit"; priority:3; metadata:hostile dest_ip,created_at 2018-09-13,updated_at 2018-09-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185079;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT UNKNOWN Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"UNKNOWN"; priority:2; metadata:cwe_id 200,hostile src_ip,created_at 2017-01-10,capec_id 181,updated_at 2017-01-10,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target http-client,attack_target client,cve 2017-2792879,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80185080;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEAT BONE Malware Communication"; flow:established, to_server; content:"bone"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-20,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185081;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONELY BUY Malware Communication"; flow:established,to_server; urilen:>100,norm; content:"buy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-10,updated_at 2019-06-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80185082;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIVEN CAFTAN Malware Communication"; flow:established,to_server; content:"caftan"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-07,updated_at 2017-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185083;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL WRITER Malware Communication"; flow:established,to_server; content:"writer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-03,updated_at 2019-07-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185084;) drop tcp any any -> $HOME_NET any (msg:"Acme - PRIOR SUNGLASSES Exploitation Attempt Seen"; flow:established,to_server; content:"sunglasses"; priority:2; metadata:cwe_id 732,cwe_id 20,hostile src_ip,created_at 2015-05-26,capec_id 165,updated_at 2015-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target database-server,attack_target server,cve 2015-1854734,cvss_v2_temporal 7.6,protocols tcp; rev:2; sid:80185085;) drop tcp any any -> $HOME_NET any (msg:"Acme - EMOTIONAL SUNBEAM Exploitation Attempt Seen"; flow:established,to_server; content:"sunbeam"; priority:2; metadata:cwe_id 399,hostile src_ip,created_at 2019-11-04,capec_id 228,updated_at 2019-11-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target ldap-server,attack_target server,cve 2019-5368493,cvss_v2_temporal 2.6,protocols tcp,protocols ldap; rev:2; sid:80185086;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN ARMADILLO Traffic Detected"; flow:established, to_server; content:"armadillo"; priority:3; metadata:created_at 2019-10-25,capec_id 116,updated_at 2019-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80185087;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JITTERY AIRLINE Malware Communication"; flow:established,to_server; content:"airline"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-20,updated_at 2018-03-26,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185088;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CLEAN JEANS Traffic Detected"; flow:established, to_server; content:"jeans"; priority:3; metadata:created_at 2017-11-24,capec_id 116,updated_at 2017-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80185089;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN CYNIC Malware Communication"; flow:established, to_server; content:"cynic"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-21,updated_at 2018-07-22,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185090;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL IRIDESCENCE Malware Communication"; flow:established,to_server; content:"iridescence"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-17,updated_at 2019-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185091;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTRAORDINARY STAIR Malware Communication"; flow:established,to_client; content:"stair"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-07-04,updated_at 2016-07-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185092;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELIGIBLE EFFACEMENT Malware Communication"; flow:established,to_server; content:"effacement"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-26,updated_at 2017-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185093;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - COHERENT IF Traffic Detected"; flow:established,to_server; content:"if"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2016-03-24,updated_at 2016-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185094;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRINTED POET Malware Communication"; flow:established,to_client; content:"poet"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-11-13,updated_at 2018-11-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185095;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LARGE-SCALE LEMONADE Malware Communication"; flow:established,to_client; content:"lemonade"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-04-03,updated_at 2019-04-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185096;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RED LOCUST Malware Communication"; flow:established,to_server; content:"locust"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-03-15,updated_at 2018-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185097;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUARE GUESS Malware Communication"; flow:established,to_server; content:"guess"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-10,updated_at 2019-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185098;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LATE ERA Malware Communication"; flow:established,to_server; content:"era"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-02,updated_at 2017-03-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185099;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LEVER Malware Communication"; flow:established,to_client; content:"lever"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-10-01,updated_at 2017-10-12,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185100;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WISE WAVE Malware Communication"; flow:established,to_client; content:"wave"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-06-24,updated_at 2016-06-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185101;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCESSIBLE CAPTION Traffic Detected"; flow:established,to_server; content:"caption"; priority:2; metadata:hostile src_ip,created_at 2019-11-18,capec_id 88,updated_at 2019-11-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80185102;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UPSET HYPOTHERMIA Exploitation Attempt Seen"; flow:established, to_client; content:"hypothermia"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-24,capec_id 100,updated_at 2019-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-7745294,cve 2016-7745294,protocols http,protocols tcp; rev:1; sid:80185103;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAN WASTE Malware Communication"; flow:established,to_client; content:"waste"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-08,updated_at 2018-05-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185104;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - AGGRESSIVE HIRE Exploitation Attempt Seen"; flow:established, to_client; content:"hire"; priority:3; metadata:hostile src_ip,created_at 2017-05-13,capec_id 100,updated_at 2017-05-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-8904508,protocols http,protocols tcp; rev:1; sid:80185105;) drop http any any -> $HOME_NET any (msg:"Acme - WHISPERING CARTLOAD Exploitation Attempt Seen"; flow:established,to_server; content:"cartload"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2016-06-12,capec_id 88,updated_at 2016-06-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2016-3054277,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:1; sid:80185106;) drop http any any -> $HOME_NET any (msg:"Acme - THIN UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 94,hostile src_ip,created_at 2019-07-01,capec_id 88,updated_at 2019-07-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target server,attack_target http-server,cve 2019-2937254,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:1; sid:80185107;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN PEACH Exploitation Attempt Seen"; flow:established,to_server; content:"peach"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2019-04-04,capec_id 88,updated_at 2019-04-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,attack_target http-server,cve 2019-8394188,cve 2019-8394188,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:2; sid:80185108;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MOBILE DEEP Malware Communication"; flow:established,to_client; content:"deep"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-14,updated_at 2018-05-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185109;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENDLESS PUNCH Malware Communication"; flow:established,to_client; content:"punch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-03-19,updated_at 2017-03-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185110;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IDENTICAL DIRT Malware Communication"; flow:established,to_server; content:"dirt"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-04-04,updated_at 2015-04-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185111;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RISING LADDER Malware Communication"; flow:established,to_client; content:"ladder"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-07-22,updated_at 2016-07-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185112;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SENSIBLE SHANTY Malware Communication"; flow:established,to_server; content:"shanty"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-16,updated_at 2019-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185113;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GIANT CRUSH Malware Communication"; flow:established,to_client; content:"crush"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-03-19,updated_at 2018-03-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185114;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHOCKED QUARTZ Malware Communication"; flow:established,to_client; content:"quartz"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-01-08,updated_at 2018-01-08,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185115;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRAND UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-21,updated_at 2018-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185116;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAME OBSERVATORY Malware Communication"; flow:established,to_server; content:"observatory"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-12,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185117;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIGANTIC CUSTARD Malware Communication"; flow:established,to_server; content:"custard"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-23,updated_at 2018-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185118;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOVEL JUMPSUIT Malware Communication"; flow:established,to_server; content:"jumpsuit"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2015-04-21,updated_at 2015-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185119;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASHAMED ACTION Traffic Detected"; flow:established,to_server; content:"action"; priority:2; metadata:hostile src_ip,created_at 2016-05-07,capec_id 193,updated_at 2016-05-07,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185120;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVING TUNKNOWNG Traffic Detected"; flow:established,to_server; content:"tUNKNOWNg"; priority:2; metadata:hostile dest_ip,created_at 2019-06-25,capec_id 118,updated_at 2019-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185121;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPLETE PATTERN Traffic Detected"; flow:established,to_server; content:"pattern"; priority:2; metadata:hostile src_ip,created_at 2017-09-04,capec_id 193,updated_at 2017-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185122;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPRESSIVE BOLERO Traffic Detected"; flow:established,to_server; content:"bolero"; priority:2; metadata:hostile src_ip,created_at 2019-05-10,capec_id 175,updated_at 2019-05-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80185123;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALLEGED SCARECROW Exploitation Attempt Seen"; flow:established,to_server; content:"scarecrow"; priority:2; metadata:cwe_id 502,hostile src_ip,created_at 2016-07-03,capec_id 175,updated_at 2016-07-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target server,cve 2016-1422369,cvss_v2_temporal 3.4,protocols tcp; rev:2; sid:80185124;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - WIDESPREAD WISH Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"wish"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-14,capec_id 118,updated_at 2019-09-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2018-7771792,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80185125;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASHIONABLE EFFORT Traffic Detected"; flow:established,to_server; content:"effort"; priority:2; metadata:hostile src_ip,created_at 2018-09-12,capec_id 175,updated_at 2018-09-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80185126;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INSTANT NIGHTCLUB Traffic Detected"; flow:established,to_server; content:"nightclub"; priority:2; metadata:hostile src_ip,created_at 2018-05-22,capec_id 175,updated_at 2018-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80185127;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIRCULAR SATISFACTION Traffic Detected"; flow:established,to_server; content:"satisfaction"; priority:2; metadata:hostile src_ip,created_at 2019-05-03,capec_id 175,updated_at 2019-05-04,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80185128;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOLLY BUBBLE Traffic Detected"; flow:established,to_server; content:"bubble"; priority:2; metadata:hostile src_ip,created_at 2019-06-19,capec_id 175,updated_at 2019-06-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80185129;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INSTITUTIONAL LYNX Malware Communication"; flow:established,to_server; content:"lynx"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-04-27,updated_at 2016-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185130;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IDENTICAL HIPPODROME Exploitation Attempt Seen"; flow:established,to_client; content:"hippodrome"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-15,capec_id 255,updated_at 2019-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target http-client,attack_target client,cve 2016-1306745,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80185131;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEIRD INCH Exploitation Attempt Seen"; flow:established,to_client; content:"inch"; priority:3; metadata:cwe_id 843,hostile src_ip,created_at 2016-01-24,capec_id 255,updated_at 2016-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target http-client,attack_target client,cve 2016-7013999,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80185132;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNKLY PSYCHOANALYST Exploitation Attempt Seen"; flow:established,to_client; content:"psychoanalyst"; priority:3; metadata:cwe_id 843,hostile src_ip,created_at 2019-11-06,capec_id 255,updated_at 2019-11-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target http-client,attack_target client,cve 2018-6271488,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80185133;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBSTANTIAL DOORPOST Malware Communication"; flow:established,to_server; content:"doorpost"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-03-04,updated_at 2015-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185134;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIVEN ANTHROPOLOGY Malware Communication"; flow:established,to_server; content:"anthropology"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-11,updated_at 2017-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185135;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ISOLATED APPEAL Malware Communication"; flow:established,to_server; content:"appeal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-14,updated_at 2017-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185136;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL ANYUNKNOWN Malware Communication"; flow:established,to_server; content:"anyUNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-03,updated_at 2019-01-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185137;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RETAIL LIGHTING Malware Communication"; flow:established,to_client; content:"lighting"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-01-04,updated_at 2016-01-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185138;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEFINITE COFFEE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"coffee"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2019-10-22,capec_id 255,updated_at 2019-10-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target http-client,attack_target client,cve 2017-8265015,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80185139;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SAIL Malware Communication"; flow:established,to_server; urilen:34,norm; content:"sail"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-09-13,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185140;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELATIVE TUNKNOWNG Malware Communication"; flow:established,to_server; content:"tUNKNOWNg"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-05,updated_at 2018-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185141;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CREEPY SLED Malware Communication"; flow:established,to_server; content:"sled"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-11-14,updated_at 2015-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185142;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SORE TAM Malware Communication"; flow:established,to_server; content:"tam"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-11,updated_at 2019-02-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185143;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCONSCIOUS LIFE Malware Communication"; flow:established,to_client; content:"life"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-03-01,updated_at 2018-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185144;) drop tcp any any -> $HOME_NET any (msg:"Acme - HORIZONTAL SPELL Malware Communication"; flow:established; content:"spell"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-09-03,updated_at 2019-09-06,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185145;) drop tcp any any -> $HOME_NET any (msg:"Acme - THOUGHTLESS LOAN Malware Communication"; flow:established; content:"loan"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-22,updated_at 2019-05-24,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185146;) drop tcp any any -> $HOME_NET any (msg:"Acme - STICKY CHEQUE Malware Communication"; flow:established; content:"cheque"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-09-18,updated_at 2016-09-25,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185147;) drop tcp any any -> $HOME_NET any (msg:"Acme - OTHER CHRONOMETER Malware Communication"; flow:established; content:"chronometer"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-03-15,updated_at 2018-03-27,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185148;) drop tcp any any -> $HOME_NET any (msg:"Acme - POOR RUN Malware Communication"; flow:established; content:"run"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-04-10,updated_at 2019-04-16,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185149;) drop tcp any any -> $HOME_NET any (msg:"Acme - VARIOUS FEET Malware Communication"; flow:established; content:"feet"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-14,updated_at 2019-10-27,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185150;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NERVOUS CORRIDOR Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"corridor"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2017-08-09,capec_id 255,updated_at 2017-08-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target http-client,attack_target client,cve 2015-289314,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80185151;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRINTED ATTACHMENT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"attachment"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-10-23,capec_id 255,updated_at 2019-10-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2019-1110284,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80185152;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFUSED SAD Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"sad"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-18,capec_id 255,updated_at 2019-11-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cve 2016-5250646,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80185153;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INJURED SHOEMAKER Malware Communication"; flow:established,to_server; content:"shoemaker"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-02,updated_at 2019-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185154;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FELLOW SESSION Malware Communication"; flow:established,to_server; content:"session"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-07,updated_at 2019-07-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185155;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADMINISTRATIVE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-10,updated_at 2018-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185156;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNEVEN POWER Malware Communication"; flow:established,to_server; content:"power"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-20,updated_at 2018-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185157;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LTD UNION Malware Communication"; flow:established,to_server; content:"union"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185158;) drop http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - DIRTY RESOLUTION Traffic Detected"; flow:established,to_server; content:"resolution"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-02-06,capec_id 286,updated_at 2019-02-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185159;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LARGE-SCALE TRAPEZIUM Malware Communication"; flow:established,to_client; content:"trapezium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-04-03,updated_at 2019-04-15,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185160;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UPUNKNOWN OBJECTIVE Malware Communication"; flow:established,to_server; content:"objective"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-01,updated_at 2017-08-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185161;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIMY WIND-CHIME Malware Communication"; flow:established, to_server; content:"wind-chime"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-24,updated_at 2018-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185162;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLUE LET Malware Communication"; flow:established,to_server; urilen:6,norm; content:"let"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-06-02,updated_at 2017-06-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185163;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SHACK Malware Communication"; flow:established,to_server; content:"shack"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2017-09-15,updated_at 2017-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80185164;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROASTED UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:4; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-10,updated_at 2019-08-16,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185165;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMILING RECOMMENDATION Traffic Detected"; flow:established,to_server; content:"recommendation"; priority:2; metadata:hostile src_ip,created_at 2019-04-03,capec_id 262,updated_at 2019-04-03,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:4; sid:80185166;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OK WILDLIFE Traffic Detected"; flow:established,to_server; content:"wildlife"; priority:3; metadata:hostile dest_ip,created_at 2018-06-24,capec_id 253,updated_at 2018-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185167;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOLE HAT Malware Communication"; flow:established, to_server; content:"hat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-08-13,updated_at 2015-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185168;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANNOYED ASTROLOGY Malware Communication"; flow:established,to_server; content:"astrology"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-14,updated_at 2019-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185169;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MATHEMATICAL EAGLE Malware Communication"; flow:established,to_server; content:"eagle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-19,updated_at 2018-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185170;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICK SNOB Malware Communication"; flow:established, to_server; content:"snob"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-25,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185171;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CARGO Traffic Detected"; flow:established,to_server; content:"cargo"; priority:4; metadata:created_at 2015-01-14,capec_id 286,updated_at 2015-01-25,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185172;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVIDENT PRINCE Malware Communication"; flow:established,to_server; content:"prince"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-08,updated_at 2019-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185173;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AUTONOMOUS WAIT Malware Communication"; flow:established,to_server; content:"wait"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-09-21,updated_at 2018-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185174;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAVE PRUNER Traffic Detected"; flow:established,to_server; content:"pruner"; priority:3; metadata:hostile dest_ip,created_at 2019-11-15,capec_id 253,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185175;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANTASTIC SHOEHORN Malware Communication"; flow:established,to_server; content:"shoehorn"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-04,updated_at 2017-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185176;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANUAL CATTLE Exploitation Attempt Seen"; flow:established,to_client; content:"cattle"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-20,capec_id 123,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target http-client,attack_target client,cve 2016-9236802,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80185177;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORGANIC VALIDITY Exploitation Attempt Seen"; flow:established,to_client; content:"validity"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-03-22,capec_id 129,updated_at 2018-03-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target http-client,attack_target client,cve 2017-805065,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:2; sid:80185178;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN REWARD Exploitation Attempt Seen"; flow:established,to_client; content:"reward"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-19,capec_id 129,updated_at 2019-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target http-client,attack_target client,cve 2017-891781,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:2; sid:80185179;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENERAL LATEX Malware Communication"; flow:established,to_server; content:"latex"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-20,updated_at 2018-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185180;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEAN GONG Malware Communication"; flow:established,to_client; content:"gong"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-10-19,updated_at 2018-10-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185181;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANTASTIC SITAR Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"sitar"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-09-26,capec_id 129,updated_at 2018-09-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2018-9074951,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80185182;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POWERFUL STORY-TELLING Malware Communication"; flow:established,to_client; content:"story-telling"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-09-12,updated_at 2019-09-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185183;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RUNNING GUARD Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"guard"; priority:2; metadata:cwe_id 119,cvss_v3_base 5.0,hostile src_ip,created_at 2019-01-24,capec_id 255,updated_at 2019-01-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cvss_v3_temporal 4.4,cve 2017-7300720,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80185184;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLUMSY PLENTY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"plenty"; priority:2; metadata:cwe_id 119,cvss_v3_base 6.5,hostile src_ip,created_at 2018-03-12,capec_id 255,updated_at 2018-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cvss_v3_temporal 5.6,cve 2018-7692832,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80185185;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARMING CANAL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"canal"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-11-27,capec_id 129,updated_at 2018-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cve 2018-9588234,cvss_v2_temporal 2.0,protocols http,protocols tcp; rev:2; sid:80185186;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STATISTICAL PLASTIC Traffic Detected"; flow:established,to_server; content:"plastic"; priority:2; metadata:hostile dest_ip,created_at 2019-10-26,capec_id 403,updated_at 2019-10-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185187;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIMITED HAIL Malware Communication"; flow:established, to_server; content:"hail"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-07,updated_at 2018-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185188;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANXIOUS ECONOMY Malware Communication"; flow:established, to_server; content:"economy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-13,updated_at 2018-11-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185189;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WRITTEN STATION Malware Communication"; flow:established,to_client; content:"station"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-20,updated_at 2019-10-23,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185190;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WICKED CONSULATE Malware Communication"; flow:established,to_server; content:"consulate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-15,updated_at 2017-03-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185191;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PAINFUL PLOT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"plot"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2017-10-15,capec_id 255,updated_at 2017-10-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2016-3290182,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80185192;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INSUFFICIENT TERRITORY Malware Communication"; flow:established, to_server; content:"territory"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-13,updated_at 2019-07-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185193;) alert tcp any any -> $HOME_NET any (msg:"Acme - OLD MENTION Exploitation Attempt Seen"; flow:established,to_server; content:"mention"; priority:3; metadata:cwe_id 704,hostile src_ip,created_at 2019-08-10,capec_id 116,updated_at 2019-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target server,cve 2017-6684162,cvss_v2_temporal 5.0,protocols tcp; rev:2; sid:80185194;) alert tcp any any -> $HOME_NET any (msg:"Acme - PERSISTENT CONDOMINIUM Exploitation Attempt Seen"; flow:established,to_server; content:"condominium"; priority:3; metadata:cwe_id 704,hostile src_ip,created_at 2019-04-20,capec_id 116,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,cve 2018-619408,cvss_v2_temporal 5.9,protocols tcp; rev:2; sid:80185195;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMERICAN CHIME Malware Communication"; flow:established,to_server; content:"chime"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-11,updated_at 2017-06-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185196;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YOUNG INFLUENCE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"influence"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-07-12,capec_id 255,updated_at 2019-07-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target http-client,attack_target client,cve 2015-1803762,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:3; sid:80185197;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPARE RACK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"rack"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-03-07,capec_id 255,updated_at 2018-03-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2016-9257159,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80185198;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAIR TURRET Traffic Detected"; flow:established, to_client; content:"turret"; priority:1; metadata:hostile src_ip,created_at 2017-08-09,updated_at 2017-08-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185199;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPPORTING LITIGATION Traffic Detected"; flow:established, to_client; content:"litigation"; priority:1; metadata:hostile src_ip,created_at 2015-03-13,updated_at 2015-03-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185200;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERIM FOREVER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"forever"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2018-01-20,capec_id 255,updated_at 2018-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cve 2016-928602,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80185201;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NUTTY RAINSTORM Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"rainstorm"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2015-08-12,capec_id 232,updated_at 2015-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cve 2015-4932091,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80185202;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANY BAKERY Malware Communication"; flow:established,to_server; content:"bakery"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-04-17,updated_at 2019-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185203;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VARIED FIXTURE Malware Communication"; flow:established,to_server; content:"fixture"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-15,updated_at 2018-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185204;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ALUMINIUM Malware Communication"; flow:established,to_server; content:"aluminium"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-15,updated_at 2017-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185205;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEAP FLASH Malware Communication"; flow:established,to_client; content:"flash"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-09-09,updated_at 2019-09-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185206;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMOOTH CAREER Malware Communication"; flow:established,to_client; file_data; content:"career"; priority:3; metadata:cwe_id 416,malware pre-infection,hostile src_ip,created_at 2018-04-27,updated_at 2018-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target http-client,attack_target client,cve 2015-9858965,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80185207;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVINCED UNKNOWN Malware Communication"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 416,malware pre-infection,hostile src_ip,created_at 2015-02-23,updated_at 2015-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2015-3878134,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80185208;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANCY TOP-HAT Malware Communication"; flow:established,to_client; content:"top-hat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-07-09,updated_at 2016-07-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185209;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELECT CICADA Traffic Detected"; flow:established, to_server; content:"cicada"; priority:2; metadata:hostile src_ip,created_at 2019-03-27,updated_at 2019-03-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185210;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BETTER RUN Malware Communication"; flow:established, to_server; urilen:4; content:"run"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-08-07,updated_at 2019-08-27,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185211;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN HALF-BROTHER Malware Communication"; flow:established, to_server; content:"half-brother"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-18,updated_at 2019-10-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185212;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT RELISH Malware Communication"; flow:established,to_client; file_data; content:"relish"; priority:3; metadata:cwe_id 119,malware pre-infection,hostile src_ip,created_at 2018-09-26,updated_at 2018-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target http-client,attack_target client,cve 2018-7456279,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80185213;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCEPTABLE TATAMI Malware Communication"; flow:established,to_server; content:"tatami"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-15,updated_at 2019-06-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80185214;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCEPTED ASSOCIATE Malware Communication"; flow:established,to_client; content:"associate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-04-19,updated_at 2015-04-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185215;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWKWARD GARB Malware Communication"; flow:established,to_client; content:"garb"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-03,updated_at 2018-09-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185216;) alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANCIENT BELLOWS Malware Communication"; flow:established,to_client; content:"bellows"; priority:2; metadata:cwe_id 657,malware post-infection,hostile src_ip,created_at 2015-11-03,updated_at 2015-11-19,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185217;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOOD RAINCOAT Traffic Detected"; flow:established, to_server; content:"raincoat"; priority:3; metadata:hostile src_ip,created_at 2019-01-17,capec_id 100,updated_at 2019-01-26,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185218;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGNIFICENT EMERGENCY Traffic Detected"; flow:established, to_server; content:"emergency"; priority:3; metadata:hostile src_ip,created_at 2018-11-11,capec_id 100,updated_at 2018-11-28,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185219;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RED GENE Traffic Detected"; flow:established, to_server; content:"gene"; priority:3; metadata:hostile src_ip,created_at 2017-03-04,capec_id 100,updated_at 2017-03-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185220;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOYAL BOLERO Malware Communication"; flow:established, to_server; urilen:33,norm; content:"bolero"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-10-21,updated_at 2016-10-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185221;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - USEFUL DANCER Traffic Detected"; flow:established, to_server; content:"dancer"; priority:3; metadata:hostile src_ip,created_at 2019-05-06,capec_id 100,updated_at 2019-05-18,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185222;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADEQUATE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-04-05,capec_id 100,updated_at 2019-04-16,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185223;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YELLOW EMPLOYER Traffic Detected"; flow:established, to_server; content:"employer"; priority:3; metadata:hostile src_ip,created_at 2019-03-10,capec_id 100,updated_at 2019-03-28,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185224;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSTANT KOHLRABI Malware Communication"; flow:established, to_server; urilen:33,norm; content:"kohlrabi"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-10-08,updated_at 2016-10-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185225;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DAMAGED POUND Exploitation Attempt Seen"; flow:established,to_server; content:"pound"; priority:3; metadata:hostile src_ip,created_at 2017-06-07,capec_id 100,updated_at 2017-06-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-8898066,protocols http,protocols tcp; rev:2; sid:80185226;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMBITIOUS CAMP Malware Communication"; flow:established,to_server; content:"camp"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-25,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185227;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE CUP Malware Communication"; flow:established,to_server; content:"cup"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-06,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185228;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISITING ECCLESIA Malware Communication"; flow:established, to_server; content:"ecclesia"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2019-08-26,updated_at 2019-08-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185229;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OKAY MARK Malware Communication"; flow:established, to_server; content:"mark"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-19,updated_at 2018-05-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80185230;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SEWER Malware Communication"; flow:established,to_server; content:"sewer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185231;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSISTENT SPRING Malware Communication"; flow:established,to_server; content:"spring"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-21,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185232;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDUSTRIAL SWITCHBOARD Malware Communication"; flow:established,to_server; content:"switchboard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-27,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185233;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHY DILAPIDATION Malware Communication"; flow:established,to_server; content:"dilapidation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-20,updated_at 2018-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185234;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNFORTUNATE AUDIENCE Malware Communication"; flow:established,to_server; content:"audience"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-14,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185235;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRAVE BRONCHITIS Malware Communication"; flow:established,to_client; content:"bronchitis"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-02-24,updated_at 2018-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185236;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIRSTY STOPSIGN Malware Communication"; flow:established, to_server; content:"stopsign"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-21,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185237;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RAW UNKNOWNDRINK Malware Communication"; flow:established,to_client; content:"UNKNOWNdrink"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2018-07-27,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185238;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FINE REPARATION Malware Communication"; flow:established,to_client; content:"reparation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-11-13,updated_at 2019-11-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80185239;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CONFIDENCE Malware Communication"; flow:established,to_server; content:"confidence"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-13,updated_at 2019-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185240;) drop http $HOME_NET any -> any any (msg:"Acme - COMMERCIAL BASIS Malware Communication"; flow:established, to_server; content:"basis"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-04,updated_at 2019-07-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185241;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SKILLED LIVESTOCK Exploitation Attempt Seen"; flow:established,to_client; content:"livestock"; priority:2; metadata:cwe_id 399,hostile src_ip,created_at 2018-01-08,capec_id 263,updated_at 2018-01-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target http-client,attack_target client,cve 2018-5583429,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80185242;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELECTRONIC FRIDGE Exploitation Attempt Seen"; flow:established,to_client; content:"fridge"; priority:2; metadata:cwe_id 399,hostile src_ip,created_at 2016-02-26,capec_id 263,updated_at 2016-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2016-3037158,cvss_v2_temporal 7.9,protocols http,protocols tcp; rev:2; sid:80185243;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNIVE SEAGULL Traffic Detected"; flow:established,to_server; content:"seagull"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2019-11-15,capec_id 248,updated_at 2019-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target server,attack_target http-server,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:4; sid:80185244;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLONIAL GANDER Malware Communication"; flow:established,to_server; urilen:>100; content:"gander"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-18,updated_at 2018-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185245;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCONSCIOUS SKIRT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"skirt"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-08,capec_id 253,updated_at 2019-05-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target http-client,attack_target client,cve 2019-4764633,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80185246;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAD POWER Malware Communication"; flow:established,to_client; content:"power"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-01-21,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185247;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CORRECT LIMIT Malware Communication"; flow:established,to_client; content:"limit"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2018-06-22,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185248;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACUTE PROFESSIONAL Malware Communication"; flow:established,to_client; content:"professional"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2018-06-10,updated_at 2018-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185249;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY CRIMINAL Malware Communication"; flow:established,to_server; content:"criminal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-16,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185250;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VITAL UNKNOWNBALL Malware Communication"; flow:established,to_server; content:"UNKNOWNball"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-08,updated_at 2018-11-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185251;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLIEST FOOTREST Malware Communication"; flow:established,to_client; content:"footrest"; priority:1; metadata:cwe_id 829,malware post-infection,hostile dest_ip,created_at 2018-03-21,updated_at 2018-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185252;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRAGILE OUTPUT Exploitation Attempt Seen"; flow:established,to_client; content:"output"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2016-01-19,capec_id 118,updated_at 2016-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target http-client,attack_target client,cve 2015-8714135,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80185253;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN REINDEER Exploitation Attempt Seen"; flow:established,to_server; content:"reindeer"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-05-15,capec_id 242,updated_at 2018-05-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.2,cve 2018-8961456,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:2; sid:80185254;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ECONOMIC TUNKNOWNG Exploitation Attempt Seen"; flow:established,to_client; content:"tUNKNOWNg"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-07-11,capec_id 100,updated_at 2018-07-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target http-client,attack_target client,cve 2018-5109628,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80185255;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MINOR FALL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"fall"; priority:2; metadata:cwe_id 416,hostile src_ip,created_at 2017-07-10,capec_id 255,updated_at 2017-07-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target http-client,attack_target client,cve 2017-9573316,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80185256;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-26,updated_at 2018-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185257;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STABLE PUSHER Malware Communication"; flow:established,to_server; content:"pusher"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-14,updated_at 2017-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185258;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ITCHY AUTHORITY Malware Communication"; flow:established,to_server; content:"authority"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-06,updated_at 2019-08-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185259;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VOICELESS FERRYBOAT Malware Communication"; flow:established,to_server; content:"ferryboat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-01,updated_at 2018-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185260;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBJECTIVE TAILSPIN Malware Communication"; flow:established,to_server; content:"tailspin"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-14,updated_at 2017-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185261;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPER PROPANE Exploitation Attempt Seen"; flow:established,to_client; content:"propane"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-09,capec_id 172,updated_at 2019-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target http-client,attack_target client,cve 2019-6976061,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:3; sid:80185262;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREVIOUS COMPULSION Malware Communication"; flow:established,to_server; content:"compulsion"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-06,updated_at 2019-01-09,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185263;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JITTERY CHAPEL Malware Communication"; flow:established, to_server; content:"chapel"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2019-09-17,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185264;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIXED IMPULSE Malware Communication"; flow:established,to_client; content:"impulse"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2017-08-05,updated_at 2017-08-08,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185265;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TINY IRONY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"irony"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2018-04-09,capec_id 255,updated_at 2018-04-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2017-7464494,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80185266;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERFECT EYELINER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"eyeliner"; priority:2; metadata:cwe_id 120,hostile src_ip,created_at 2018-09-16,capec_id 46,updated_at 2018-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2017-3473397,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80185267;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLAIN INNERVATION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"innervation"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-13,capec_id 255,updated_at 2019-03-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cve 2018-49893,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80185268;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOTAL RESOLUTION Traffic Detected"; flow:established, to_server; content:"resolution"; priority:3; metadata:cwe_id 89,created_at 2018-05-21,updated_at 2018-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185269;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFICIENT INDIGENCE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"indigence"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-20,capec_id 100,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cve 2018-5709761,cvss_v2_temporal 1.4,protocols http,protocols tcp; rev:2; sid:80185270;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HOMELY DEPOSIT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"deposit"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-08-25,capec_id 255,updated_at 2016-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2015-5383079,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80185271;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEPARATE TAXICAB Malware Communication"; flow:established,to_server; content:"taxicab"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-02,updated_at 2019-09-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185272;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LITTLE RICH Malware Communication"; flow:established,to_server; content:"rich"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-27,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185273;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PHILOSOPHICAL RESPOND Traffic Detected"; flow:established, to_server; content:"respond"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-08-17,capec_id 66,updated_at 2019-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185274;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WHISPERING STEAM Exploitation Attempt Seen"; flow:established,to_client; content:"steam"; priority:3; metadata:cwe_id 416,hostile src_ip,created_at 2019-09-12,capec_id 123,updated_at 2019-09-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target http-client,attack_target client,cve 2015-764589,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80185275;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOTAL IMAGINATION Traffic Detected"; flow:established, to_server; content:"imagination"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2017-10-27,capec_id 66,updated_at 2017-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185276;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SAFE HIGH Malware Communication"; flow:established,to_server; content:"high"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-04,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185277;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RESIDENTIAL DRESS Malware Communication"; flow:established,to_server; content:"dress"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-10-21,updated_at 2018-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185278;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONDEMNED HOMEWORK Malware Communication"; flow:established,to_server; content:"homework"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-11-09,updated_at 2018-11-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185279;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANCY IT Malware Communication"; flow:established,to_server; content:"it"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-08-02,updated_at 2017-08-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185280;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIFFICULT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-02-19,updated_at 2019-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185281;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOOD MONGER Malware Communication"; flow:established,to_client; content:"monger"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-10,updated_at 2018-05-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185282;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCOURAGING ACOUSTICS Traffic Detected"; flow:established,to_server; content:"acoustics"; priority:2; metadata:hostile dest_ip,created_at 2017-09-08,capec_id 118,updated_at 2017-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185283;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVAILABLE MISPUNKNOWNMENT Malware Communication"; flow:established,to_server; content:"mispUNKNOWNment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-14,updated_at 2016-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185284;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPECIFIC STEP-SISTER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"step-sister"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2019-05-10,capec_id 255,updated_at 2019-05-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cve 2019-7969109,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80185285;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP EVENT Exploitation Attempt Seen"; flow:established,to_client; content:"event"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2018-08-13,capec_id 152,updated_at 2018-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cve 2015-5335002,cvss_v2_temporal 8.4,protocols http,protocols tcp; rev:3; sid:80185286;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCATTERED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-27,updated_at 2018-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185287;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVINCING ROYAL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"royal"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2018-08-19,capec_id 255,updated_at 2018-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target http-client,attack_target client,cve 2018-8518174,cvss_v2_temporal 1.9,protocols http,protocols tcp; rev:3; sid:80185288;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRIPED RESIST Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"resist"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2019-05-27,capec_id 255,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cve 2017-2687703,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:3; sid:80185289;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLOODY ZIPPER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"zipper"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2017-02-05,capec_id 255,updated_at 2017-02-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cve 2017-4055344,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:3; sid:80185290;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STALE BOWLING Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"bowling"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-01-02,capec_id 152,updated_at 2017-01-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target http-client,attack_target client,cve 2017-6640468,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80185291;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISITING UNKNOWNMOTHER Malware Communication"; flow:established,to_server; content:"UNKNOWNmother"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-01-23,updated_at 2019-01-25,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185292;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AFRAID STEP-DAUGHTER Malware Communication"; flow:established, to_server; content:"step-daughter"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-24,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185293;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CENTRAL MANTUA Malware Communication"; flow:established,to_server; content:"mantua"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-08,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185294;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINIATURE BEHAVIOR Malware Communication"; flow:established,to_server; content:"behavior"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-12,updated_at 2019-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185295;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RED SPUR Malware Communication"; flow:established,to_server; content:"spur"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-15,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185296;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARTICULAR RANK Malware Communication"; flow:established,to_server; content:"rank"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-08,updated_at 2016-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185297;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOLUNTARY USUAL Malware Communication"; flow:established, to_client; file_data; content:"usual"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-09-16,updated_at 2019-09-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185298;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY VILLA Malware Communication"; flow:established,to_client; file_data; content:"villa"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-08-15,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185299;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OTHER ALCOVE Malware Communication"; flow:established,to_client; content:"alcove"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-05-13,updated_at 2019-05-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185300;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACUTE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-10,updated_at 2018-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185301;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREVIOUS AGENDA Malware Communication"; flow:established,to_server; content:"agenda"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-10-04,updated_at 2019-10-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185302;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIPLOMATIC DINGHY Malware Communication"; flow:established, to_server; content:"dinghy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-04,updated_at 2019-03-04,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185303;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CENTRAL JUNK Malware Communication"; flow:established,to_client; content:"junk"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-02-22,updated_at 2019-02-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185304;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MENTAL LATTE Malware Communication"; flow:established, to_client; file_data; content:"latte"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-07,updated_at 2019-03-24,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185305;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NICE VERDICT Malware Communication"; flow:established,to_server; content:"verdict"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-11-27,updated_at 2019-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185306;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ARTISTIC MULE Malware Communication"; flow:established,to_server; content:"mule"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-20,updated_at 2018-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185307;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPERIOR SCORN Malware Communication"; flow:established,to_client; content:"scorn"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-20,updated_at 2019-06-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185308;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBLIGED LIP Malware Communication"; flow:established,to_server; content:"lip"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-20,updated_at 2015-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185309;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELEGANT STOCK-IN-TRADE Malware Communication"; flow:established,to_server; content:"stock-in-trade"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-14,updated_at 2018-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185310;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MARVELLOUS ADAPTER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"adapter"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-02-02,capec_id 118,updated_at 2018-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-8765220,cve 2017-8765220,protocols http,protocols tcp; rev:2; sid:80185311;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGNIFICENT UPPER Malware Communication"; flow:established,to_client; content:"upper"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-04-13,updated_at 2019-04-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185312;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILENT POCKETBOOK Malware Communication"; flow:established,to_client; content:"pocketbook"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-07-12,updated_at 2016-07-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185313;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREAT PITCHING Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pitching"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2018-10-06,updated_at 2018-10-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-4946174,protocols http,protocols tcp; rev:2; sid:80185314;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WASTEFUL LOFT Malware Communication"; flow:established,to_server; content:"loft"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-05-19,updated_at 2016-05-21,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185315;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIDDEN NORTH Traffic Detected"; flow:established, to_client; file_data; content:"north"; priority:3; metadata:hostile src_ip,created_at 2019-11-04,capec_id 128,updated_at 2019-11-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185316;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREFERRED LET Malware Communication"; flow:established,to_server; content:"let"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-09,updated_at 2018-03-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185317;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIPLOMATIC SHAME Malware Communication"; flow:established,to_server; content:"shame"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-02,updated_at 2019-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185318;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STANDARD MARBLE Traffic Detected"; flow:established,to_client; content:"marble"; priority:2; metadata:hostile src_ip,created_at 2018-06-20,capec_id 152,updated_at 2018-06-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185319;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UGLIEST PIANO Malware Communication"; flow:established, to_server; content:"piano"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-10-14,updated_at 2018-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-180999,protocols http,protocols tcp; rev:1; sid:80185320;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STICKY HEARTWOOD Malware Communication"; flow:established,to_server; content:"heartwood"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-26,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:2; sid:80185321;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROAD ABILITY Malware Communication"; flow:established,to_server; urilen:12,norm; content:"ability"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-05-26,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185322;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GOLDEN ENERGY Malware Communication"; flow:established,to_server; urilen:11,norm; content:"energy"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-11-14,updated_at 2019-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185323;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREEN PIANIST Malware Communication"; flow:established,to_server; urilen:12,norm; content:"pianist"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-09-09,updated_at 2018-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185324;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - WANDERING CAT Traffic Detected"; flow:established, to_server; content:"cat"; priority:3; metadata:hostile src_ip,created_at 2016-08-21,updated_at 2016-08-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185325;) drop tcp any any -> $HOME_NET any (msg:"Acme - GIGANTIC GEESE Malware Communication"; flow:established; content:"geese"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-11-07,updated_at 2019-11-18,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185326;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN XYLOPUNKNOWNE Malware Communication"; flow:established,to_server; urilen:12,norm; content:"xylopUNKNOWNe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-11,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185327;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBEDIENT MEAL Malware Communication"; flow:established,to_client; content:"meal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-18,updated_at 2019-03-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185328;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REPULSIVE PRECEDENT Malware Communication"; flow:established,to_client; content:"precedent"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-08-26,updated_at 2018-08-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185329;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - JOINT ROCKET Exploitation Attempt Seen"; flow:established, to_client; content:"rocket"; priority:3; metadata:cwe_id 119,cvss_v3_base 4.2,hostile src_ip,created_at 2019-01-16,updated_at 2019-01-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target http-client,attack_target client,cvss_v3_temporal 3.1,cve 2018-5783690,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:1; sid:80185330;) drop http any any -> $HOME_NET any (msg:"Acme - VARYING SHADOW Exploitation Attempt Seen"; flow:established,to_server; content:"shadow"; priority:2; metadata:cwe_id 200,hostile src_ip,created_at 2019-04-12,capec_id 50,updated_at 2019-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target server,attack_target http-server,cve 2019-9432023,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80185331;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - PERFECT CHIT-CHAT Traffic Detected"; flow:established,from_server; file_data; content:"chit-chat"; priority:3; metadata:hostile dest_ip,created_at 2018-01-05,updated_at 2018-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185332;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ROUTE Exploitation Attempt Seen"; flow:established,to_client; content:"route"; priority:2; metadata:cwe_id 120,cvss_v3_base 7.0,hostile src_ip,created_at 2019-07-27,capec_id 100,updated_at 2019-07-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target smb-client,attack_target client,cvss_v3_temporal 6.4,cve 2019-232432,cvss_v2_temporal 6.4,protocols smb,protocols tcp; rev:3; sid:80185333;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASHIONABLE EVALUATOR Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"evaluator"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-04-13,capec_id 175,updated_at 2018-04-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-1585971,protocols http,protocols tcp; rev:2; sid:80185334;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOGICAL ADVERTISING Traffic Detected"; flow:established, to_server; content:"advertising"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2016-02-12,capec_id 213,updated_at 2016-02-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185335;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PETITE CROSS-STITCH Malware Communication"; flow:established,to_server; content:"cross-stitch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-27,updated_at 2018-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:3; sid:80185336;) drop http any any -> $HOME_NET any (msg:"Acme - SERIOUS QUAIL Traffic Detected"; flow:established,to_server; urilen:>4000,raw; content:"quail"; priority:2; metadata:hostile src_ip,created_at 2017-01-17,capec_id 100,updated_at 2017-01-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185337;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WEALTH Traffic Detected"; flow:established,to_server; content:"wealth"; priority:1; metadata:hostile dest_ip,created_at 2019-04-18,updated_at 2019-04-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185338;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNOCENT LOTION Exploitation Attempt Seen"; flow:established,to_server; content:"lotion"; priority:2; metadata:cwe_id 264,cvss_v3_base 5.3,hostile src_ip,created_at 2019-04-20,capec_id 113,updated_at 2019-04-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,attack_target http-server,cvss_v3_temporal 5.8,cve 2015-9320198,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:4; sid:80185339;) drop tcp any any -> $HOME_NET any (msg:"Acme - WILD HORSE Traffic Detected"; flow:established,to_server; content:"horse"; priority:2; metadata:hostile src_ip,created_at 2017-08-10,capec_id 100,updated_at 2017-08-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185340;) drop tcp any any -> $HOME_NET any (msg:"Acme - VERBAL RAIL Traffic Detected"; flow:established,to_server; content:"rail"; priority:2; metadata:hostile src_ip,created_at 2018-06-07,capec_id 210,updated_at 2018-06-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185341;) drop tcp any any -> $HOME_NET any (msg:"Acme - GRAND CONSEQUENCE Traffic Detected"; flow:established,to_server; content:"consequence"; priority:2; metadata:hostile src_ip,created_at 2018-02-24,capec_id 210,updated_at 2018-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185342;) drop tcp any any -> $HOME_NET any (msg:"Acme - LENGTHY ELEVATOR Traffic Detected"; flow:established,to_server; content:"elevator"; priority:2; metadata:hostile src_ip,created_at 2019-09-14,capec_id 210,updated_at 2019-09-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185343;) drop tcp any any -> $HOME_NET any (msg:"Acme - BLANK HAMBURGER Traffic Detected"; flow:established,to_server; content:"hamburger"; priority:2; metadata:hostile src_ip,created_at 2016-06-05,capec_id 210,updated_at 2016-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185344;) drop tcp any any -> $HOME_NET any (msg:"Acme - UPSET LEAVE Traffic Detected"; flow:established,to_server; content:"leave"; priority:2; metadata:hostile src_ip,created_at 2019-04-04,capec_id 118,updated_at 2019-04-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185345;) drop tcp any any -> $HOME_NET any (msg:"Acme - ELECTRIC MODE Traffic Detected"; flow:established,to_server; content:"mode"; priority:2; metadata:hostile src_ip,created_at 2017-08-16,capec_id 118,updated_at 2017-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185346;) drop tcp any any -> $HOME_NET any (msg:"Acme - ENCOURAGING SURFBOARD Traffic Detected"; flow:established,to_server; content:"surfboard"; priority:2; metadata:hostile src_ip,created_at 2018-10-18,capec_id 118,updated_at 2018-10-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185347;) drop tcp any any -> $HOME_NET any (msg:"Acme - FRESH WRAP Traffic Detected"; flow:established,to_server; content:"wrap"; priority:2; metadata:hostile src_ip,created_at 2018-10-27,capec_id 210,updated_at 2018-10-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185348;) drop tcp any any -> $HOME_NET any (msg:"Acme - FURIOUS BADGE Traffic Detected"; flow:established,to_server; content:"badge"; priority:2; metadata:hostile dest_ip,created_at 2018-04-05,capec_id 210,updated_at 2018-04-08,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80185349;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN RUGBY Traffic Detected"; flow:established,to_server; content:"rugby"; priority:2; metadata:hostile src_ip,created_at 2019-01-12,capec_id 228,updated_at 2019-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185350;) drop tcp any any -> $HOME_NET any (msg:"Acme - SORE CLOGS Traffic Detected"; flow:established,to_server; content:"clogs"; priority:2; metadata:hostile src_ip,created_at 2019-05-04,capec_id 228,updated_at 2019-05-04,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:3; sid:80185351;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BURGLAR Malware Communication"; flow:established,to_server; content:"burglar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-26,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185352;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERMANENT ATELIER Exploitation Attempt Seen"; flow:established,to_client; content:"atelier"; priority:3; metadata:cwe_id 843,cvss_v3_base 6.2,hostile src_ip,created_at 2018-10-22,capec_id 210,updated_at 2018-10-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target http-client,attack_target client,cvss_v3_temporal 5.6,cve 2018-5881286,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:3; sid:80185353;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BOILING SEA Traffic Detected"; flow:established, to_server; content:"sea"; priority:3; metadata:hostile src_ip,created_at 2019-09-19,capec_id 255,updated_at 2019-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:1; sid:80185354;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRY OBLIGATION Exploitation Attempt Seen"; flow:established,to_client; content:"obligation"; priority:3; metadata:cwe_id 119,cvss_v3_base 5.6,hostile src_ip,created_at 2018-09-13,capec_id 128,updated_at 2018-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target client,cvss_v3_temporal 4.4,cve 2018-622993,cvss_v2_temporal 4.4,protocols tcp; rev:2; sid:80185355;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCEPTIONAL COMFORT Malware Communication"; flow:established,to_server; content:"comfort"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-02,updated_at 2017-08-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185356;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SENIOR FORMAT Malware Communication"; flow:established,to_server; content:"format"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-20,updated_at 2018-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185357;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCURATE PEPPER Malware Communication"; flow:established,to_server; content:"pepper"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-20,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185358;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IRRELEVANT AIRPLANE Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"airplane"; priority:2; metadata:cwe_id 119,cvss_v3_base 1.9,hostile src_ip,created_at 2016-09-06,capec_id 118,updated_at 2016-09-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target http-client,attack_target client,cvss_v3_temporal 2.7,cve 2016-4785457,cvss_v2_temporal 2.7,protocols http,protocols tcp; rev:2; sid:80185359;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ENCOURAGING PRIESTHOOD Exploitation Attempt Seen"; flow:established,from_server; content:"priesthood"; priority:2; metadata:cwe_id 119,cvss_v3_base 5.4,hostile src_ip,created_at 2019-03-09,capec_id 255,updated_at 2019-03-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cvss_v3_temporal 6.5,cve 2019-8428022,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80185360;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRINCIPAL SHOEUNKNOWN Malware Communication"; flow:established,to_client; content:"shoeUNKNOWN"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-11-21,updated_at 2018-11-28,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185361;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY UNKNOWNDY Malware Communication"; flow:established,to_client; content:"UNKNOWNdy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-11-17,updated_at 2018-11-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185362;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STILL WEAR Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"wear"; priority:2; metadata:cwe_id 119,cvss_v3_base 3.7,hostile src_ip,created_at 2016-02-25,capec_id 129,updated_at 2016-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cvss_v3_temporal 4.9,cve 2016-4276564,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:2; sid:80185363;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEALTHY UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:2; metadata:cwe_id 119,cvss_v3_base 4.1,hostile src_ip,created_at 2019-10-04,capec_id 129,updated_at 2019-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cvss_v3_temporal 3.0,cve 2019-2988846,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80185364;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OFFICIAL JOT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"jot"; priority:2; metadata:cwe_id 843,cvss_v3_base 6.9,hostile src_ip,created_at 2018-02-16,capec_id 124,updated_at 2018-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cvss_v3_temporal 7.5,cve 2018-2283613,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80185365;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GAME Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"game"; priority:2; metadata:cwe_id 416,cvss_v3_base 2.6,hostile src_ip,created_at 2019-06-02,capec_id 262,updated_at 2019-06-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target http-client,attack_target client,cvss_v3_temporal 1.7,cve 2018-1064349,cvss_v2_temporal 1.7,protocols http,protocols tcp; rev:3; sid:80185366;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLOW CAT Exploitation Attempt Seen"; flow:established,to_server; content:"cat"; priority:3; metadata:cwe_id 287,cvss_v3_base 5.2,hostile src_ip,created_at 2018-06-08,capec_id 115,updated_at 2018-06-10,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 4.1,cve 2016-1108062,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80185367;) #alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PHILOSOPHICAL VIRTUE Exploitation Attempt Seen"; flow:established,to_server; ssl_state:client_hello; ssl_version:tls1.0,tls1.1,tls1.2; content:"virtue"; priority:3; metadata:cwe_id 200,cvss_v3_base 6.2,hostile src_ip,created_at 2019-03-01,capec_id 255,updated_at 2019-03-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target server,attack_target tls-server,cvss_v3_temporal 6.0,cve 2019-4292544,cvss_v2_temporal 6.0,protocols tls,protocols tcp; rev:1; sid:80185368;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNER CANDELABRA Traffic Detected"; flow:established, to_client; file_data; content:"candelabra"; priority:3; metadata:hostile src_ip,created_at 2019-10-01,updated_at 2019-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185369;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ULTIMATE BEDROOM Exploitation Attempt Seen"; flow:established,to_server; content:"bedroom"; priority:3; metadata:cwe_id 284,cvss_v3_base 4.6,hostile src_ip,created_at 2018-04-21,capec_id 115,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cvss_v3_temporal 4.2,cve 2015-2063192,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80185370;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ORGANISATIONAL SANDWICH Traffic Detected"; flow:established, to_client; content:"sandwich"; priority:3; metadata:hostile src_ip,created_at 2018-01-16,capec_id 119,updated_at 2018-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185371;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JITTERY TWILIGHT Exploitation Attempt Seen"; flow:established,to_client; content:"twilight"; priority:3; metadata:cwe_id 119,cvss_v3_base 2.2,hostile src_ip,created_at 2019-06-07,capec_id 255,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target http-client,attack_target client,cvss_v3_temporal 2.1,cve 2019-7337363,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:2; sid:80185372;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURIOUS FOREHEAD Exploitation Attempt Seen"; flow:established,to_client; content:"forehead"; priority:3; metadata:cwe_id 119,cvss_v3_base 3.6,hostile src_ip,created_at 2016-08-11,capec_id 152,updated_at 2016-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target http-client,attack_target client,cvss_v3_temporal 3.6,cve 2015-4646517,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80185373;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY POP Exploitation Attempt Seen"; flow:established, to_server; content:"pop"; priority:3; metadata:hostile src_ip,created_at 2018-09-24,capec_id 213,updated_at 2018-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target dns-server,attack_target server,cve 2018-9143786,protocols dns,protocols tcp; rev:1; sid:80185374;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPATIBLE TRANSMISSION Malware Communication"; flow:established,to_server; content:"transmission"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-02-23,updated_at 2019-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185375;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLOSSAL COLD Malware Communication"; flow:established,to_server; content:"cold"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-10-14,updated_at 2019-10-27,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185376;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SHAPE Malware Communication"; flow:established,to_client; content:"shape"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-08-13,updated_at 2018-08-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185377;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOST WASTEBASKET Malware Communication"; flow:established,to_server; content:"wastebasket"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-05,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185378;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIVAL SHORE Malware Communication"; flow:established,to_server; content:"shore"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-19,updated_at 2018-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185379;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWNHOOD Malware Communication"; flow:established,to_server; content:"UNKNOWNhood"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-05,updated_at 2017-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185380;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TIRED MUSCLE Malware Communication"; flow:established,to_server; content:"muscle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-16,updated_at 2018-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185381;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURRING BARSTOOL Malware Communication"; flow:established,to_server; content:"barstool"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-10,updated_at 2019-11-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185382;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ABROAD Malware Communication"; flow:established,to_server; content:"abroad"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-09,updated_at 2019-03-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185383;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDEPENDENT PAJAMA Malware Communication"; flow:established,to_server; content:"pajama"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-11,updated_at 2017-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185384;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPER AMBITION Malware Communication"; flow:established,to_server; content:"ambition"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-03,updated_at 2018-09-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185385;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLAIN MAGAZINE Traffic Detected"; flow:established, to_server; content:"magazine"; priority:3; metadata:hostile src_ip,created_at 2018-06-03,capec_id 100,updated_at 2018-06-03,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:1; sid:80185386;) #alert smb $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VICTORIOUS TYVEK Traffic Detected"; flow:established, to_server; content:"tyvek"; priority:3; metadata:hostile src_ip,created_at 2019-11-12,capec_id 100,updated_at 2019-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:2; sid:80185387;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILENT CHRONOGRAPH Malware Communication"; flow:established,to_server; content:"chronograph"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-10-07,updated_at 2018-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185388;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIZZY CUTOVER Malware Communication"; flow:established, to_server; content:"cutover"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2017-05-06,updated_at 2017-05-09,filename email.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80185389;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HORROR Traffic Detected"; flow:established,to_client; content:"horror"; priority:2; metadata:hostile src_ip,created_at 2019-01-12,updated_at 2019-01-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185390;) alert http $HOME_NET any -> any any (msg:"Acme - BITTER REINDEER Malware Communication"; flow:established, to_server; content:"reindeer"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-04-22,updated_at 2019-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols imap,protocols tcp; rev:3; sid:80185391;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CASUAL DIPLOMA Traffic Detected"; flow:established, to_client; file_data; content:"diploma"; priority:1; metadata:cwe_id 507,hostile src_ip,created_at 2019-07-19,updated_at 2019-07-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185392;) alert tcp $HOME_NET any -> any any (msg:"Acme - SLEEPY OPINION Traffic Detected"; flow:established, to_server; content:"opinion"; priority:3; metadata:hostile src_ip,created_at 2017-01-05,capec_id 116,updated_at 2017-01-08,filename acme.rules,priority low,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:2; sid:80185393;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICATE HAIL Malware Communication"; flow:established,to_server; content:"hail"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-05-14,updated_at 2015-05-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185394;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENTLE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-01-26,capec_id 310,updated_at 2017-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185395;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-06,updated_at 2018-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185396;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE GOSSIP Traffic Detected"; flow:established, to_server; content:"gossip"; priority:3; metadata:created_at 2019-06-22,capec_id 63,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185397;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FISCAL CLOUDBURST Traffic Detected"; flow:established, to_server; content:"cloudburst"; priority:3; metadata:hostile src_ip,created_at 2019-01-24,capec_id 110,updated_at 2019-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185398;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE TAMBOUR Exploitation Attempt Seen"; flow:established, to_server; content:"tambour"; priority:3; metadata:hostile src_ip,created_at 2019-11-02,capec_id 100,updated_at 2019-11-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-4840688,protocols ftp,protocols tcp; rev:1; sid:80185399;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PUT Malware Communication"; flow:established,to_server; content:"put"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-11-05,updated_at 2016-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185400;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UGLY UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-05-16,updated_at 2018-05-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185401;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUNY MARXISM Traffic Detected"; flow:established,to_server; content:"marxism"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2018-07-04,updated_at 2018-07-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185402;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHY OBI Malware Communication"; flow:established,to_server; content:"obi"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-01,updated_at 2018-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185403;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBLIGED LYE Malware Communication"; flow:established,to_server; content:"lye"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185404;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UPSET TENOR Malware Communication"; flow:established,to_server; content:"tenor"; priority:4; metadata:cwe_id 506,malware pre-infection,created_at 2019-03-16,updated_at 2019-03-23,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185405;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OCCUPATIONAL KILOMETER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"kilometer"; priority:3; metadata:cwe_id 200,cvss_v3_base 6.3,hostile src_ip,created_at 2019-11-04,capec_id 48,updated_at 2019-11-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target http-client,attack_target client,cvss_v3_temporal 6.9,cve 2015-1314516,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80185406;) drop http any any -> $HOME_NET any (msg:"Acme - TOP ASTROLOGER Exploitation Attempt Seen"; flow:established,to_server; content:"astrologer"; priority:2; metadata:cwe_id 78,cvss_v3_base 7.1,hostile src_ip,created_at 2018-03-07,capec_id 152,updated_at 2018-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target server,attack_target http-server,cvss_v3_temporal 7.6,cve 2015-1986533,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:1; sid:80185407;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSOLUTE COLUMN Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"column"; priority:2; metadata:cwe_id 119,cvss_v3_base 6.0,hostile src_ip,created_at 2016-04-20,capec_id 255,updated_at 2016-04-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cvss_v3_temporal 4.8,cve 2015-93342,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80185408;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRIGHT LOTION Malware Communication"; flow:established,to_client; file_data; content:"lotion"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-08-22,updated_at 2018-08-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185409;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESIDENTIAL BACKGROUND Traffic Detected"; flow:established, to_client; file_data; content:"background"; priority:3; metadata:hostile src_ip,created_at 2019-09-22,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185410;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOISY FORGERY Malware Communication"; flow:established, to_client; file_data; content:"forgery"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-04-19,updated_at 2019-04-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185411;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHY DIRT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"dirt"; priority:2; metadata:cwe_id 119,cvss_v3_base 4.6,hostile src_ip,created_at 2017-11-14,capec_id 129,updated_at 2017-11-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target http-client,attack_target client,cvss_v3_temporal 3.3,cve 2016-4058411,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:2; sid:80185412;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNER LION Exploitation Attempt Seen"; flow:established,from_server; content:"lion"; priority:3; metadata:cwe_id 119,cvss_v3_base 2.0,hostile src_ip,created_at 2019-08-17,capec_id 255,updated_at 2019-08-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target http-client,attack_target client,cvss_v3_temporal 3.5,cve 2017-5278311,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80185413;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FERRY Exploitation Attempt Seen"; flow:established, to_server; content:"ferry"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-25,capec_id 100,updated_at 2019-04-28,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-1287196,cve 2019-1287196,cve 2019-1287196,cve 2019-1287196,cve 2019-1287196,cve 2019-1287196,cve 2019-1287196,cve 2019-1287196,protocols ftp,protocols tcp; rev:1; sid:80185414;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPLEX THRONE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"throne"; priority:2; metadata:cwe_id 416,cvss_v3_base 7.5,hostile src_ip,created_at 2019-04-02,capec_id 255,updated_at 2019-04-09,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cvss_v3_temporal 7.1,cve 2019-661998,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80185415;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAD WOOLEN Exploitation Attempt Seen"; flow:established, to_server; content:"woolen"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-01-23,capec_id 100,updated_at 2017-01-25,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-1026147,cve 2015-1026147,cve 2015-1026147,cve 2015-1026147,cve 2015-1026147,cve 2015-1026147,cve 2015-1026147,cve 2015-1026147,protocols ftp,protocols tcp; rev:1; sid:80185416;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STATIC BADGE Exploitation Attempt Seen"; flow:established, to_server; content:"badge"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-24,capec_id 100,updated_at 2019-02-25,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-803138,cve 2019-803138,cve 2019-803138,cve 2019-803138,cve 2019-803138,cve 2019-803138,cve 2019-803138,cve 2019-803138,protocols ftp,protocols tcp; rev:1; sid:80185417;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMMON SIGNAL Exploitation Attempt Seen"; flow:established, to_server; content:"signal"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-26,capec_id 100,updated_at 2019-11-27,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2018-8898014,cve 2018-8898014,cve 2018-8898014,cve 2018-8898014,cve 2018-8898014,cve 2018-8898014,cve 2018-8898014,cve 2018-8898014,protocols ftp,protocols tcp; rev:1; sid:80185418;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHARP MILLIMETER Exploitation Attempt Seen"; flow:established, to_server; content:"millimeter"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-05-05,capec_id 100,updated_at 2017-05-17,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2016-4816437,cve 2016-4816437,cve 2016-4816437,cve 2016-4816437,cve 2016-4816437,cve 2016-4816437,cve 2016-4816437,cve 2016-4816437,protocols ftp,protocols tcp; rev:1; sid:80185419;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROTTEN SEGMENT Exploitation Attempt Seen"; flow:established, to_server; content:"segment"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-09-14,capec_id 100,updated_at 2017-09-19,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2016-7024227,cve 2016-7024227,cve 2016-7024227,cve 2016-7024227,cve 2016-7024227,cve 2016-7024227,cve 2016-7024227,cve 2016-7024227,protocols ftp,protocols tcp; rev:1; sid:80185420;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVAILABLE MUSIC-MAKING Malware Communication"; flow:established,to_server; content:"music-making"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-10-01,updated_at 2019-10-03,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185421;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WICKED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-09-12,updated_at 2015-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185422;) drop tcp any any -> $HOME_NET any (msg:"Acme - SHEER SCHEME Exploitation Attempt Seen"; flow:established,to_server; content:"scheme"; priority:3; metadata:cwe_id 78,cvss_v3_base 4.2,hostile dest_ip,created_at 2018-03-01,capec_id 213,updated_at 2018-03-07,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,cvss_v3_temporal 4.1,cve 2017-7368421,cvss_v2_temporal 4.1,protocols tcp; rev:2; sid:80185423;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLOURED SPOT Exploitation Attempt Seen"; flow:established, to_server; content:"spot"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-17,capec_id 100,updated_at 2019-07-18,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2017-7723043,cve 2017-7723043,cve 2017-7723043,cve 2017-7723043,cve 2017-7723043,cve 2017-7723043,cve 2017-7723043,cve 2017-7723043,protocols ftp,protocols tcp; rev:1; sid:80185424;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INFORMAL SALAD Exploitation Attempt Seen"; flow:established, to_server; content:"salad"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-23,capec_id 100,updated_at 2019-06-28,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2016-7562554,cve 2016-7562554,cve 2016-7562554,cve 2016-7562554,cve 2016-7562554,cve 2016-7562554,cve 2016-7562554,cve 2016-7562554,protocols ftp,protocols tcp; rev:1; sid:80185425;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HORIZONTAL HIGH-RISE Malware Communication"; flow:established,to_server; content:"high-rise"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-18,updated_at 2018-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185426;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAR GAZEBO Exploitation Attempt Seen"; flow:established, to_server; content:"gazebo"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-11-16,capec_id 100,updated_at 2019-11-25,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-2857026,cve 2019-2857026,cve 2019-2857026,cve 2019-2857026,cve 2019-2857026,cve 2019-2857026,cve 2019-2857026,cve 2019-2857026,protocols ftp,protocols tcp; rev:1; sid:80185427;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WELL-KNOWN STEEL Malware Communication"; flow:established,to_server; content:"steel"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-06-15,updated_at 2016-06-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185428;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEVOTED CALCULATOR Malware Communication"; flow:established,to_server; content:"calculator"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-10,updated_at 2019-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185429;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GOLDEN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-10,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185430;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY SELL Malware Communication"; flow:established,to_server; content:"sell"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-07,updated_at 2019-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185431;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STORMY SUNBONNET Malware Communication"; flow:established,to_server; content:"sunbonnet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-17,updated_at 2018-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185432;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMAGIUNKNOWN BUILDING Malware Communication"; flow:established,to_server; content:"building"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-21,updated_at 2018-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185433;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUDE LOCATION Malware Communication"; flow:established,to_server; content:"location"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-27,updated_at 2018-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185434;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RARE MINOR-LEAGUE Traffic Detected"; flow:established,to_server; content:"minor-league"; priority:2; metadata:hostile dest_ip,created_at 2016-04-01,capec_id 403,updated_at 2016-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185435;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENVIRONMENTAL PALM Malware Communication"; flow:established,to_server; content:"palm"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-07-27,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185436;) drop http any any -> $HOME_NET any (msg:"Acme - MANY CREATIVE Exploitation Attempt Seen"; flow:established,to_server; content:"creative"; priority:2; metadata:cwe_id 78,cvss_v3_base 2.7,hostile src_ip,created_at 2018-09-25,capec_id 152,updated_at 2018-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target server,attack_target http-server,cvss_v3_temporal 2.5,cve 2018-2132314,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:3; sid:80185437;) #alert http any any -> $HOME_NET any (msg:"Acme - CUDDLY DOUBLE Traffic Detected"; flow:established, to_server; content:"double"; priority:3; metadata:hostile dest_ip,created_at 2017-07-07,capec_id 66,updated_at 2017-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185438;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLONIAL DUE Traffic Detected"; flow:established, to_server; content:"due"; priority:3; metadata:hostile src_ip,created_at 2018-01-11,capec_id 66,updated_at 2018-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185439;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ISOLATED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-18,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185440;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCARY RUNNER Malware Communication"; flow:established,to_server; urilen:9; content:"runner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185441;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTREME UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 657,malware post-infection,hostile dest_ip,created_at 2017-03-09,updated_at 2017-03-16,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185442;) drop tcp any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - BLOODY SHARK Exploitation Attempt Seen"; flow:established,to_server; content:"shark"; priority:2; metadata:cwe_id 120,cvss_v3_base 2.4,hostile src_ip,created_at 2018-06-27,capec_id 100,updated_at 2018-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cvss_v3_temporal 2.3,cve 2018-2216876,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:1; sid:80185443;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DINOSAUR Malware Communication"; flow:established,to_server; content:"dinosaur"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-10,updated_at 2019-02-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185444;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASHAMED PRIZEFIGHT Malware Communication"; flow:established,to_server; content:"prizefight"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-16,updated_at 2018-03-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185445;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP BREASTPLATE Malware Communication"; flow:established,from_server; content:"breastplate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-04-09,updated_at 2016-04-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185446;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCELLENT DEEP Traffic Detected"; flow:established, to_client; file_data; content:"deep"; priority:3; metadata:hostile src_ip,created_at 2018-06-18,capec_id 100,updated_at 2018-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185447;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASSOCIATED LEGGING Exploitation Attempt Seen"; flow:established; content:"legging"; priority:3; metadata:cwe_id 693,cvss_v3_base 3.0,created_at 2018-03-10,capec_id 232,updated_at 2018-03-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,cvss_v3_temporal 3.2,cve 2018-5344713,cvss_v2_temporal 3.2,protocols tcp; rev:3; sid:80185448;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPEN UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-02-08,updated_at 2016-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185449;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HELPFUL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-03,updated_at 2019-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185450;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPONTANEOUS UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-06-22,updated_at 2019-06-24,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185451;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALERT CHUG Malware Communication"; flow:established,to_server; content:"chug"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-08-27,updated_at 2015-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185452;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESPONSIBLE WHISKEY Malware Communication"; flow:established,to_client; content:"whiskey"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-04-20,updated_at 2019-04-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185453;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN COLUMNIST Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"columnist"; priority:2; metadata:cwe_id 269,cvss_v3_base 5.3,hostile src_ip,created_at 2019-06-26,capec_id 63,updated_at 2019-06-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target http-client,attack_target client,cvss_v3_temporal 5.5,cve 2019-2680991,cvss_v2_temporal 5.5,protocols http,protocols tcp; rev:2; sid:80185454;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS RESOURCE Malware Communication"; flow:established,to_client; content:"resource"; priority:2; metadata:cwe_id 657,malware post-infection,hostile src_ip,created_at 2019-02-20,updated_at 2019-02-23,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185455;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND BARBER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"barber"; priority:3; metadata:cwe_id 122,cvss_v3_base 4.6,hostile src_ip,created_at 2018-06-05,capec_id 232,updated_at 2018-06-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cvss_v3_temporal 5.9,cve 2015-4739137,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80185456;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUSTY MICROWAVE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"microwave"; priority:2; metadata:cwe_id 416,cvss_v3_base 1.6,hostile src_ip,created_at 2018-03-05,capec_id 255,updated_at 2018-03-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target http-client,attack_target client,cvss_v3_temporal 2.8,cve 2015-2386263,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80185457;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAD HOBBY Malware Communication"; flow:established,to_server; content:"hobby"; priority:1; metadata:cwe_id 506,malware download-attempt,created_at 2016-07-21,updated_at 2016-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185458;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT REPLY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"reply"; priority:2; metadata:cwe_id 119,cvss_v3_base 3.5,hostile src_ip,created_at 2019-05-23,capec_id 44,updated_at 2019-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target http-client,attack_target client,cvss_v3_temporal 3.5,cve 2019-3126022,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80185459;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCOURAGING MATTRESS Malware Communication"; flow:established,to_server; content:"mattress"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-04,updated_at 2018-07-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185460;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SURVEY Malware Communication"; flow:established,to_server; content:"survey"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-08,updated_at 2016-08-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185461;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCHANGED PICKET Malware Communication"; flow:established,to_server; content:"picket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-02,updated_at 2019-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80185462;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCHANGED PUZZLE Malware Communication"; flow:established,to_server; content:"puzzle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-22,updated_at 2019-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185463;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RENEWED STOPWATCH Malware Communication"; flow:established,to_server; content:"stopwatch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-10,updated_at 2018-05-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185464;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPUNKNOWNLE GEOGRAPHY Malware Communication"; flow:established,to_server; content:"geography"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-19,updated_at 2018-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185465;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROAD UNKNOWNOREE Traffic Detected"; flow:established,to_server; content:"UNKNOWNoree"; priority:2; metadata:hostile dest_ip,created_at 2019-03-07,capec_id 118,updated_at 2019-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185466;) drop tcp any any -> $HOME_NET any (msg:"Acme - LOST FORESTRY Traffic Detected"; flow:established,to_server; content:"forestry"; priority:2; metadata:hostile src_ip,created_at 2018-04-12,capec_id 100,updated_at 2018-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:2; sid:80185467;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN TWO Traffic Detected"; flow:established,to_server; content:"two"; priority:2; metadata:hostile src_ip,created_at 2018-08-22,capec_id 100,updated_at 2018-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,protocols rpc,protocols tcp; rev:2; sid:80185468;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCUSED CAUTION Malware Communication"; flow:established,to_client; content:"caution"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-09-17,updated_at 2017-09-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185469;) drop smb any any -> $HOME_NET any (msg:"Acme - CHARACTERISTIC EMPOWERMENT Traffic Detected"; flow:established, to_server; content:"empowerment"; priority:2; metadata:cwe_id 507,hostile src_ip,created_at 2019-05-14,capec_id 286,updated_at 2019-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:2; sid:80185470;) drop smb any any -> $HOME_NET any (msg:"Acme - NICE COOKIE Exploitation Attempt Seen"; flow:established, to_server; content:"cookie"; priority:2; metadata:cvss_v3_base 2.3,hostile src_ip,created_at 2019-01-14,capec_id 255,updated_at 2019-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target smb-server,attack_target server,cvss_v3_temporal 2.5,cve 2019-5443172,cvss_v2_temporal 2.5,protocols smb,protocols tcp; rev:5; sid:80185471;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAVOURABLE TYPE Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"type"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-16,updated_at 2019-07-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:25; sid:80185472;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRUNK PETTICOAT Traffic Detected"; flow:established,to_server; content:"petticoat"; priority:3; metadata:cwe_id 657,created_at 2018-10-07,capec_id 118,updated_at 2018-10-12,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80185473;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAD DRIVE Malware Communication"; flow:established,to_server; content:"drive"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-22,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185474;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAN SILK Malware Communication"; flow:established,to_server; content:"silk"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-03,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185475;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MARGINAL YURT Malware Communication"; flow:established,to_server; content:"yurt"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-16,updated_at 2019-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185476;) drop tcp any any -> $HOME_NET any (msg:"Acme - BASIC EFFORT Traffic Detected"; flow:established, to_server; content:"effort"; priority:2; metadata:hostile dest_ip,created_at 2019-11-07,capec_id 255,updated_at 2019-11-12,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:2; sid:80185477;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COGNITIVE RUTH Traffic Detected"; flow:established,to_server; content:"ruth"; priority:2; metadata:hostile dest_ip,created_at 2018-09-20,capec_id 403,updated_at 2018-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185478;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN COMFORTABLE Traffic Detected"; flow:established,to_server; content:"comfortable"; priority:2; metadata:hostile dest_ip,created_at 2017-11-27,capec_id 118,updated_at 2017-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185479;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PAYABLE VIBRAPUNKNOWNE Malware Communication"; flow:established,to_server; content:"vibrapUNKNOWNe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-14,updated_at 2019-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185480;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FURIOUS SNOWSUIT Malware Communication"; flow:established,to_server; content:"snowsuit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-21,updated_at 2018-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185481;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBJECTIVE MEASUREMENT Malware Communication"; flow:established,to_server; content:"measurement"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-10,updated_at 2019-09-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185482;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REAL DIVAN Malware Communication"; flow:established,to_server; content:"divan"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-08,updated_at 2018-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80185483;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND BOTHER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"bother"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2016-05-26,capec_id 129,updated_at 2016-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cve 2016-2885227,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:3; sid:80185484;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUITABLE ELECTRICITY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"electricity"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-05,capec_id 100,updated_at 2019-05-07,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cve 2016-2894509,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80185485;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEW JOINT Malware Communication"; flow:established,to_server; content:"joint"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-08-16,updated_at 2018-08-22,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185486;) drop tcp $HOME_NET $HTTP_PORTS -> any any (msg:"Acme - UNKNOWN WRONG Exploitation Attempt Seen"; flow:established,to_client; content:"wrong"; priority:2; metadata:cwe_id 264,cvss_v3_base 2.9,hostile src_ip,created_at 2018-07-03,capec_id 225,updated_at 2018-07-11,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,cvss_v3_temporal 2.9,cve 2017-4702910,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80185487;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABOVE CONFERENCE Malware Communication"; flow:established,to_server; content:"conference"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-19,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185488;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OVERWHELMING CONGRESSPERSON Malware Communication"; flow:established,to_client; content:"congressperson"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-04-21,updated_at 2019-04-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80185489;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRIEVING LOFT Traffic Detected"; flow:established,to_server; content:"loft"; priority:3; metadata:hostile src_ip,created_at 2018-02-11,capec_id 110,updated_at 2018-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185490;) drop tcp any any -> $HOME_NET any (msg:"Acme - GENERAL SEASON Exploitation Attempt Seen"; flow:established,to_server; content:"season"; priority:2; metadata:cwe_id 264,cvss_v3_base 4.9,hostile src_ip,created_at 2015-03-18,capec_id 115,updated_at 2015-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 5.9,cve 2015-1583376,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80185491;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SEAGULL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"seagull"; priority:3; metadata:cwe_id 119,cvss_v3_base 6.7,hostile src_ip,created_at 2018-05-01,capec_id 152,updated_at 2018-05-04,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cvss_v3_temporal 5.2,cve 2015-3091469,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80185492;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MELODIC BITE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"bite"; priority:2; metadata:cwe_id 119,cvss_v3_base 2.0,hostile src_ip,created_at 2018-07-17,capec_id 255,updated_at 2018-07-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cvss_v3_temporal 1.8,cve 2018-1971657,cvss_v2_temporal 1.8,protocols http,protocols tcp; rev:2; sid:80185493;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREPARED GONG Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"gong"; priority:2; metadata:cwe_id 119,cvss_v3_base 8.1,hostile src_ip,created_at 2015-03-17,capec_id 262,updated_at 2015-03-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target http-client,attack_target client,cvss_v3_temporal 7.2,cve 2015-8854846,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:2; sid:80185494;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN KNIFE-EDGE Malware Communication"; flow:established,to_server; urilen:4,norm; content:"knife-edge"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-07-18,updated_at 2018-07-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185495;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUITABLE ELECTION Traffic Detected"; flow:established,to_server; content:"election"; priority:3; metadata:hostile src_ip,created_at 2018-02-24,capec_id 110,updated_at 2018-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185496;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - READY TRIP Malware Communication"; flow:established,to_server; content:"trip"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-27,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185497;) alert smb any any -> $HOME_NET any (msg:"Acme - UNKNOWN GLOCKENSPIEL Exploitation Attempt Seen"; flow:established,to_server; content:"glockenspiel"; priority:4; metadata:cvss_v3_base 2.9,hostile src_ip,created_at 2017-03-16,capec_id 310,updated_at 2017-03-23,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target smb-server,attack_target server,cvss_v3_temporal 3.1,cve 2016-168417,cvss_v2_temporal 3.1,protocols smb,protocols tcp; rev:1; sid:80185498;) alert smb any any -> $HOME_NET any (msg:"Acme - SLOW STATION-WAGON Exploitation Attempt Seen"; flow:established,to_server; content:"station-wagon"; priority:4; metadata:cvss_v3_base 6.0,hostile src_ip,created_at 2019-07-03,capec_id 310,updated_at 2019-07-03,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target smb-server,attack_target server,cvss_v3_temporal 7.4,cve 2018-7120468,cvss_v2_temporal 7.4,protocols smb,protocols tcp; rev:2; sid:80185499;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWNDOWN Malware Communication"; flow:established,to_server; content:"UNKNOWNdown"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-14,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185500;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNAGE BIRDHOUSE Malware Communication"; flow:established,to_server; urilen:>50,norm; content:"birdhouse"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2017-03-03,updated_at 2017-03-23,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185501;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MILD DUNE BUGGY Malware Communication"; flow:established,to_server; content:"dune"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-05,updated_at 2017-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185502;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CUDDLY PAINT Malware Communication"; flow:established,to_server; content:"paint"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-21,updated_at 2018-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185503;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - USED FISHNET Malware Communication"; flow:established,to_server; content:"fishnet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-03,updated_at 2016-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185504;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAINY BREEZE Malware Communication"; flow:established,to_server; content:"breeze"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-01-01,updated_at 2016-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185505;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LENGTHY COMBINE Exploitation Attempt Seen"; flow:established,to_server; content:"combine"; priority:2; metadata:cwe_id 89,cvss_v3_base 6.3,hostile src_ip,created_at 2019-02-11,capec_id 66,updated_at 2019-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,attack_target http-server,cvss_v3_temporal 6.0,cve 2019-5853856,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80185506;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARTICULAR TURTLE Exploitation Attempt Seen"; flow:established,to_server; content:"turtle"; priority:2; metadata:cwe_id 89,cvss_v3_base 3.2,hostile src_ip,created_at 2019-11-23,capec_id 66,updated_at 2019-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cvss_v3_temporal 2.9,cve 2017-8043334,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80185507;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUSICAL COWBOY Malware Communication"; flow:established,to_client; content:"cowboy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-26,updated_at 2019-10-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80185508;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBJECTIVE GIT Malware Communication"; flow:established,to_server; content:"git"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-25,updated_at 2017-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185509;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENSIVE URN Malware Communication"; flow:established,to_server; content:"urn"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-06,updated_at 2017-05-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185510;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COOL CURVE Malware Communication"; flow:established,to_server; content:"curve"; priority:4; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-13,updated_at 2019-08-26,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185511;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN HALF-SISTER Malware Communication"; flow:established,to_server; content:"half-sister"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-13,updated_at 2019-08-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185512;) drop http any any -> $HOME_NET any (msg:"Acme - ENCHANTING HUMOR Exploitation Attempt Seen"; flow:established,to_server; content:"humor"; priority:3; metadata:cwe_id 384,cwe_id 113,cvss_v3_base 6.3,hostile src_ip,created_at 2016-05-09,capec_id 225,updated_at 2016-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,attack_target http-server,cvss_v3_temporal 5.7,cve 2015-2174228,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:3; sid:80185513;) alert smb any any -> $HOME_NET any (msg:"Acme - COLLECTIVE SPRUCE Exploitation Attempt Seen"; flow:established,to_server; content:"spruce"; priority:4; metadata:cwe_id 284,cvss_v3_base 3.6,hostile src_ip,created_at 2019-09-21,capec_id 248,updated_at 2019-09-24,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target smb-server,attack_target server,cvss_v3_temporal 4.1,cve 2015-3229614,cvss_v2_temporal 4.1,protocols smb,protocols tcp; rev:2; sid:80185514;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PAVEMENT Traffic Detected"; flow:established,to_server; content:"pavement"; priority:2; metadata:hostile dest_ip,created_at 2017-03-18,capec_id 118,updated_at 2017-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185515;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTELLECTUAL PARTICLE Malware Communication"; flow:established,to_client; content:"particle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-07-01,updated_at 2019-07-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185516;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WELCOME Malware Communication"; flow:established,to_server; content:"welcome"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-09-08,updated_at 2018-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185517;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURRING UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-10-14,updated_at 2019-10-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185518;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROPOSED MIGHT Traffic Detected"; flow:established,to_server; content:"might"; priority:2; metadata:created_at 2019-02-02,capec_id 118,updated_at 2019-02-05,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80185519;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIGHTY FINANCE Malware Communication"; flow:established,to_server; content:"finance"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-03,updated_at 2016-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185520;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUDDEN DEFORMATION Malware Communication"; flow:established,to_client; content:"deformation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-10-20,updated_at 2018-10-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185521;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VERBAL STAIN Malware Communication"; flow:established,to_client; content:"stain"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-05-07,updated_at 2019-05-10,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185522;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANXIOUS EXTERNAL Malware Communication"; flow:established,to_client; content:"external"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2016-08-01,updated_at 2016-08-08,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185523;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRAIGHTFORWARD HYDROFOIL Exploitation Attempt Seen"; flow:established,to_server; content:"hydrofoil"; priority:3; metadata:hostile src_ip,created_at 2017-01-25,capec_id 255,updated_at 2017-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2017-1863203,protocols tcp; rev:2; sid:80185524;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SPEED Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"speed"; priority:3; metadata:cwe_id 20,cvss_v3_base 3.3,hostile src_ip,created_at 2018-11-15,capec_id 255,updated_at 2018-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cvss_v3_temporal 4.0,cve 2016-8175515,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:3; sid:80185525;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORKING EXPOSITION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"exposition"; priority:3; metadata:cwe_id 843,cvss_v3_base 8.7,hostile src_ip,created_at 2019-02-05,capec_id 262,updated_at 2019-02-06,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cvss_v3_temporal 7.6,cve 2017-968242,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:3; sid:80185526;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAD DOMAIN Malware Communication"; flow:established,to_server; content:"domain"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185527;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUDE STRENGTH Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"strength"; priority:3; metadata:cwe_id 119,cvss_v3_base 7.8,hostile src_ip,created_at 2016-04-14,capec_id 262,updated_at 2016-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target http-client,attack_target client,cvss_v3_temporal 7.0,cve 2015-8358005,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80185528;) drop tcp any any -> $HOME_NET any (msg:"Acme - FINANCIAL SOULMATE Exploitation Attempt Seen"; flow:established, to_server; content:"soulmate"; priority:3; metadata:cwe_id 399,cvss_v3_base 2.1,hostile src_ip,created_at 2017-05-08,capec_id 255,updated_at 2017-05-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target smb-server,attack_target server,cvss_v3_temporal 1.1,cve 2016-7800422,cvss_v2_temporal 1.1,protocols smb,protocols tcp; rev:2; sid:80185529;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PROTOCOL Traffic Detected"; flow:established,to_server; content:"protocol"; priority:1; metadata:hostile dest_ip,created_at 2019-02-01,updated_at 2019-02-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185530;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DREADFUL EXTERNAL Malware Communication"; flow:established,to_server; content:"external"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-08,updated_at 2019-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80185531;) drop tcp any any -> any any (msg:"Acme - FELLOW CANDLE Traffic Detected"; flow:established,to_server; content:"candle"; priority:2; metadata:cwe_id 507,hostile dest_ip,created_at 2019-03-05,updated_at 2019-03-09,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185532;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BREAKABLE REPLICATION Malware Communication"; flow:established,to_server; content:"replication"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-25,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185533;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PEACEFUL CONFECTIONERY Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"confectionery"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-06-18,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185534;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CERTAIN DETAINMENT Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"detainment"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-06-15,updated_at 2017-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185535;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL CUTTING Malware Communication"; flow:established,from_server; content:"cutting"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-04-02,updated_at 2019-04-02,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80185536;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRAINY STREETCAR Malware Communication"; flow:established,to_client; content:"streetcar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-07-06,updated_at 2019-07-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185537;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FISCAL PERIODICAL Malware Communication"; flow:established,to_server; content:"periodical"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-05-01,updated_at 2016-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185538;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRADUAL STEP-UNCLE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"step-uncle"; priority:3; metadata:cwe_id 284,cvss_v3_base 6.6,hostile src_ip,created_at 2015-10-26,capec_id 129,updated_at 2015-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target http-client,attack_target client,cvss_v3_temporal 5.9,cve 2015-5037832,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80185539;) drop tcp any any -> $HOME_NET any (msg:"Acme - CLEAN WISEGUY Traffic Detected"; flow:established,to_server; content:"wiseguy"; priority:3; metadata:hostile src_ip,created_at 2018-08-22,capec_id 152,updated_at 2018-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80185540;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POSITIVE LISTEN Malware Communication"; flow:established, to_server; content:"listen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-17,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185541;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NORMAL LAMP Malware Communication"; flow:established, to_server; content:"lamp"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-01,updated_at 2018-08-03,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185542;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POOR PRECEDENT Malware Communication"; flow:established,to_server; content:"precedent"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-24,updated_at 2019-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185543;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCESS DOUBT Exploitation Attempt Seen"; flow:established,to_server; content:"doubt"; priority:2; metadata:cwe_id 88,hostile src_ip,created_at 2018-06-08,capec_id 248,updated_at 2018-06-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target server,attack_target http-server,cve 2016-7781320,cve 2016-7781320,cve 2016-7781320,cve 2016-7781320,cve 2016-7781320,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80185544;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAR DEPUTY Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"deputy"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-18,updated_at 2018-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185545;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ANALOG Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"analog"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-03-18,updated_at 2018-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185546;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACTUAL LOTION Traffic Detected"; flow:established,to_server; content:"lotion"; priority:3; metadata:hostile src_ip,created_at 2019-01-25,capec_id 100,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185547;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCITING HYDROGEN Malware Communication"; flow:established,to_server; content:"hydrogen"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-07-26,updated_at 2018-07-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185548;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KIND WALL Traffic Detected"; flow:established, to_server; content:"wall"; priority:3; metadata:hostile src_ip,created_at 2019-06-23,capec_id 110,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185549;) alert tcp any any -> any any (msg:"Acme - PRETTY ATTENTION Malware Communication"; flow:established; content:"attention"; priority:3; metadata:cwe_id 506,malware download-attempt,created_at 2018-08-08,updated_at 2018-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185550;) drop http any any -> $HOME_NET any (msg:"Acme - PRACTICAL PUNKNOWN Malware Communication"; flow:established,to_server; content:"pUNKNOWN"; priority:2; metadata:cwe_id 657,malware post-infection,created_at 2019-11-19,updated_at 2019-11-28,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185551;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPENSIVE MONSTER Malware Communication"; flow:established, to_client; content:"monster"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile src_ip,created_at 2018-04-22,updated_at 2018-04-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80185552;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPLICABLE CHICK Malware Communication"; flow:established,to_server; content:"chick"; priority:2; metadata:cwe_id 657,malware post-infection,created_at 2019-11-12,updated_at 2019-11-22,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185553;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANTASTIC POPSICLE Malware Communication"; flow:established,to_server; content:"popsicle"; priority:2; metadata:cwe_id 657,malware post-infection,created_at 2018-07-14,updated_at 2018-07-20,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185554;) alert tcp any any -> any any (msg:"Acme - CRUCIAL PEACH Malware Communication"; flow:established; content:"peach"; priority:3; metadata:cwe_id 506,malware download-attempt,created_at 2019-02-03,updated_at 2019-02-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185555;) alert tcp any any -> any any (msg:"Acme - OVERSEAS TROMBONE Malware Communication"; flow:established; content:"trombone"; priority:3; metadata:cwe_id 506,malware download-attempt,created_at 2019-10-05,updated_at 2019-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185556;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PUZZLED BEAM Traffic Detected"; flow:established,to_server; content:"beam"; priority:2; metadata:hostile src_ip,created_at 2016-07-12,capec_id 66,updated_at 2016-07-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185557;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLASSIC POUNDING Malware Communication"; flow:established,to_server; content:"pounding"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-08,updated_at 2018-09-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185558;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOLID CREEK Malware Communication"; flow:established, to_server; content:"creek"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-15,updated_at 2018-11-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185559;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LINGUISTIC SWIM Malware Communication"; flow:established, to_server; content:"swim"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-04,updated_at 2018-01-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185560;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CREATIVE BROOCH Malware Communication"; flow:established, to_server; content:"brooch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-11,updated_at 2019-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185561;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPUNKNOWNLE CARDBOARD Exploitation Attempt Seen"; flow:established,to_server; content:"cardboard"; priority:2; metadata:cwe_id 434,cvss_v3_base 6.9,hostile src_ip,created_at 2018-10-18,capec_id 240,updated_at 2018-10-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target server,attack_target http-server,cvss_v3_temporal 7.6,cve 2016-5806964,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80185562;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLORIOUS WHORL Malware Communication"; flow:established,to_server; content:"whorl"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-08,updated_at 2018-07-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185563;) drop http any any -> $HOME_NET any (msg:"Acme - TINY TUBA Exploitation Attempt Seen"; flow:established,to_server; content:"tuba"; priority:2; metadata:cwe_id 352,cvss_v3_base 4.6,hostile src_ip,created_at 2019-07-18,capec_id 88,updated_at 2019-07-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target server,attack_target http-server,cvss_v3_temporal 4.3,cve 2019-3968380,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:1; sid:80185564;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PANTOLOGY Exploitation Attempt Seen"; flow:established, to_server; content:"pantology"; priority:3; metadata:hostile src_ip,created_at 2018-06-04,capec_id 153,updated_at 2018-06-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2787392,protocols http,protocols tcp; rev:2; sid:80185565;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOUDY CONTROL Traffic Detected"; flow:established,to_server; content:"control"; priority:2; metadata:hostile src_ip,created_at 2019-02-14,capec_id 110,updated_at 2019-02-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185566;) drop http any any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ARTISTIC BACKBONE Traffic Detected"; flow:established,to_server; content:"backbone"; priority:3; metadata:hostile src_ip,created_at 2019-10-01,capec_id 232,updated_at 2019-10-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185567;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROYAL BALANCE Exploitation Attempt Seen"; flow:established, to_server; content:"balance"; priority:2; metadata:cwe_id 78,cvss_v3_base 8.7,hostile src_ip,created_at 2018-04-26,capec_id 242,updated_at 2018-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.0,cve 2016-3592191,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80185568;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ARITHMETIC Malware Communication"; flow:established,to_server; content:"arithmetic"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-11-26,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185569;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DEAD Exploitation Attempt Seen"; flow:established, to_server; content:"dead"; priority:3; metadata:cwe_id 425,cwe_id 522,cvss_v3_base 7.5,hostile src_ip,created_at 2019-08-20,capec_id 115,updated_at 2019-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target server,attack_target http-server,cvss_v3_temporal 6.6,cve 2019-4579134,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80185570;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMPTY BRUSHING Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"brushing"; priority:2; metadata:cwe_id 119,cvss_v3_base 4.9,hostile src_ip,created_at 2019-06-14,capec_id 255,updated_at 2019-06-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target http-client,attack_target client,cvss_v3_temporal 4.4,cve 2019-2310233,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80185571;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIGH RECORD Malware Communication"; flow:established,to_server; content:"record"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-17,updated_at 2017-06-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185572;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SENSIBLE SEAGULL Malware Communication"; flow:established,to_client; content:"seagull"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2017-02-16,updated_at 2017-02-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185573;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WAIT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"wait"; priority:3; metadata:cwe_id 119,cvss_v3_base 6.1,hostile src_ip,created_at 2016-09-18,capec_id 262,updated_at 2016-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cvss_v3_temporal 5.6,cve 2015-6101951,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80185574;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMBARRASSING BAND Malware Communication"; flow:established,to_server; content:"band"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-08-11,updated_at 2016-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185575;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KNOWN FOUNKNOWN Malware Communication"; flow:established,to_server; content:"foUNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185576;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTSIDE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-11,updated_at 2017-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185577;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL YOKE Malware Communication"; flow:established,to_client; content:"yoke"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-05-10,updated_at 2018-05-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185578;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WEDGE Malware Communication"; flow:established,to_client; content:"wedge"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-03-20,updated_at 2019-03-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185579;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAIN DAMAGE Malware Communication"; flow:established,to_client; content:"damage"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-09-10,updated_at 2018-09-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185580;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVENIENT CROSS-STITCH Malware Communication"; flow:established,to_server; content:"cross-stitch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-15,updated_at 2016-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185581;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KIND HYDRAULICS Exploitation Attempt Seen"; flow:established,to_server; content:"hydraulics"; priority:2; metadata:cwe_id 807,cvss_v3_base 4.1,hostile src_ip,created_at 2016-08-01,capec_id 248,updated_at 2016-08-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cvss_v3_temporal 4.3,cve 2016-4755968,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:1; sid:80185582;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEANINGFUL PHILOSOPHER Malware Communication"; flow:established,to_server; content:"philosopher"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2017-05-04,updated_at 2017-05-16,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185583;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GOOD MAELSTROM Malware Communication"; flow:established,to_server; content:"maelstrom"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-12,updated_at 2018-11-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185584;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROBABLE ZOOLOGIST Exploitation Attempt Seen"; flow:established,to_server; content:"zoologist"; priority:3; metadata:cwe_id 807,cvss_v3_base 3.5,hostile src_ip,created_at 2019-08-04,capec_id 310,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target server,attack_target http-server,cvss_v3_temporal 3.3,cve 2015-3587962,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:2; sid:80185585;) drop smb any any -> $HOME_NET any (msg:"Acme - SILLY MATH Exploitation Attempt Seen"; flow:established, to_server; content:"math"; priority:2; metadata:cvss_v3_base 1.5,hostile src_ip,created_at 2019-03-12,capec_id 255,updated_at 2019-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target smb-server,attack_target server,cvss_v3_temporal 2.1,cve 2015-9070280,cvss_v2_temporal 2.1,protocols smb,protocols tcp; rev:2; sid:80185586;) drop smb any any -> $HOME_NET any (msg:"Acme - CRUCIAL NEED Exploitation Attempt Seen"; flow:established, to_server; content:"need"; priority:2; metadata:cvss_v3_base 3.1,hostile src_ip,created_at 2019-11-22,capec_id 255,updated_at 2019-11-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target smb-server,attack_target server,cvss_v3_temporal 1.8,cve 2016-200586,cvss_v2_temporal 1.8,protocols smb,protocols tcp; rev:2; sid:80185587;) drop smb any any -> $HOME_NET any (msg:"Acme - FULL-TIME HOUSE Exploitation Attempt Seen"; flow:established, to_server; content:"house"; priority:2; metadata:cvss_v3_base 6.4,hostile src_ip,created_at 2018-05-17,capec_id 255,updated_at 2018-05-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target smb-server,attack_target server,cvss_v3_temporal 7.3,cve 2015-4383205,cvss_v2_temporal 7.3,protocols smb,protocols tcp; rev:2; sid:80185588;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEARBY MANKIND Traffic Detected"; flow:established, to_client; file_data; content:"mankind"; priority:3; metadata:hostile src_ip,created_at 2016-09-10,capec_id 253,updated_at 2016-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185589;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-17,updated_at 2019-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80185590;) drop http any any -> $HOME_NET any (msg:"Acme - SUBSEQUENT FLOOZIE Exploitation Attempt Seen"; flow:established,to_server; content:"floozie"; priority:3; metadata:cwe_id 425,cvss_v3_base 2.7,hostile src_ip,created_at 2019-03-12,capec_id 143,updated_at 2019-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cvss_v3_temporal 3.4,cve 2016-4197283,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:2; sid:80185591;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVENTIONAL TRAFFIC Exploitation Attempt Seen"; flow:established,to_server; content:"traffic"; priority:3; metadata:cwe_id 456,cvss_v3_base 5.8,hostile src_ip,created_at 2019-11-10,capec_id 129,updated_at 2019-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,attack_target http-server,cvss_v3_temporal 4.9,cve 2019-7058768,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:1; sid:80185592;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNEST LYMPHOCYTE Malware Communication"; flow:established,to_server; content:"lymphocyte"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185593;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHINY FOREST Malware Communication"; flow:established,to_server; content:"forest"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-01,updated_at 2018-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185594;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OLD-FASHIONED LINEN Malware Communication"; flow:established,to_server; content:"linen"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-11,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185595;) drop http any any -> $HOME_NET any (msg:"Acme - RAPID PRIMARY Exploitation Attempt Seen"; flow:established,to_server; content:"primary"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2015-09-22,capec_id 242,updated_at 2015-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target server,attack_target http-server,cve 2015-2594138,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80185596;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DUSTY PIRACY Malware Communication"; flow:established,to_server; content:"piracy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-02,updated_at 2018-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185597;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HOBBY Traffic Detected"; flow:established,to_server; content:"hobby"; priority:3; metadata:hostile src_ip,created_at 2019-03-10,capec_id 100,updated_at 2019-03-25,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:1; sid:80185598;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRIM FACILITIES Traffic Detected"; flow:established, to_server; content:"facilities"; priority:3; metadata:hostile src_ip,created_at 2017-04-06,capec_id 100,updated_at 2017-04-12,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:1; sid:80185599;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROMISING BANANA Traffic Detected"; flow:established,to_server; content:"banana"; priority:3; metadata:hostile src_ip,created_at 2019-07-09,capec_id 100,updated_at 2019-07-09,filename netbios.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,protocols smb,protocols tcp; rev:1; sid:80185600;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MENTAL PERIPHERAL Malware Communication"; flow:established,to_server; content:"peripheral"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185601;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AGRICULTURAL ANIME Malware Communication"; flow:established,to_server; content:"anime"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-02,updated_at 2017-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185602;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEVOTED NOTORIETY Malware Communication"; flow:established,to_server; content:"notoriety"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-10-02,updated_at 2017-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185603;) drop http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ENTITLED SWIM Traffic Detected"; flow:established,to_server; content:"swim"; priority:3; metadata:hostile src_ip,created_at 2019-08-27,capec_id 152,updated_at 2019-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185604;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN EAGLE Malware Communication"; flow:established, to_server; content:"eagle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-04,updated_at 2019-01-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185605;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLEAMING GERBIL Malware Communication"; flow:established,to_server; content:"gerbil"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-26,updated_at 2018-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185606;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCRAWNY RAFFLE Traffic Detected"; flow:established,to_server; content:"raffle"; priority:3; metadata:hostile dest_ip,created_at 2017-08-01,capec_id 156,updated_at 2017-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185607;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRESH COLISEUM Malware Communication"; flow:established,to_client; content:"coliseum"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-11-20,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185608;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT STONE Malware Communication"; flow:established,to_server; content:"stone"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-27,updated_at 2018-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185609;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUIET EVENING Malware Communication"; flow:established,to_client; content:"evening"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2015-01-01,updated_at 2015-01-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185610;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUARE OPPORTUNITY Malware Communication"; flow:established,to_server; content:"opportunity"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-15,updated_at 2019-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185611;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONELY SPECTROGRAPH Malware Communication"; flow:established,to_server; content:"spectrograph"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-27,updated_at 2017-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185612;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROYAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-24,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185613;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPROVED APPOINTMENT Malware Communication"; flow:established,to_client; file_data; content:"appointment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-01-21,updated_at 2019-01-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185614;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPECTED CHUG Malware Communication"; flow:established, to_server; urilen:<40,norm; content:"chug"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-27,updated_at 2017-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185615;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDESPREAD BOSS Malware Communication"; flow:established,to_server; content:"boss"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-25,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185616;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FROST Malware Communication"; flow:established,to_client; content:"frost"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-18,updated_at 2019-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185617;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STUCK PANTOLOGY Malware Communication"; flow:established,to_server; content:"pantology"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-10,updated_at 2016-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185618;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGNIFICENT ATTIC Malware Communication"; flow:established,to_server; content:"attic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-22,updated_at 2017-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185619;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TESTY KING Malware Communication"; flow:established,to_client; content:"king"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-01-25,updated_at 2019-01-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185620;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOLID WEST Malware Communication"; flow:established,to_server; content:"west"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-11,updated_at 2016-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185621;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCHANTING SAILBOAT Malware Communication"; flow:established,to_server; content:"sailboat"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-10,updated_at 2019-05-19,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185622;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUITABLE WAFFLE Traffic Detected"; flow:established, to_server; content:"waffle"; priority:2; metadata:hostile dest_ip,created_at 2018-07-16,updated_at 2018-07-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80185623;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VAST EARRINGS Exploitation Attempt Seen"; flow:established,to_server; content:"earrings"; priority:2; metadata:cwe_id 807,cvss_v3_base 5.1,hostile src_ip,created_at 2018-09-11,capec_id 248,updated_at 2018-09-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cvss_v3_temporal 4.8,cve 2017-535745,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:1; sid:80185624;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERNAL BOTANY Malware Communication"; flow:established,to_server; content:"botany"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2015-10-23,updated_at 2015-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185625;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INNOVATIVE OCTET Malware Communication"; flow:established,to_server; content:"octet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-14,updated_at 2019-07-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185626;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AGREEABLE CARBON Malware Communication"; flow:established,to_server; content:"carbon"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185627;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANY COLLOQUIA Malware Communication"; flow:established,to_client; content:"colloquia"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-08-27,updated_at 2018-08-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185628;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNCLE Traffic Detected"; flow:established,to_server; content:"uncle"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-10-04,updated_at 2019-10-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185629;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FREE PURSE Traffic Detected"; flow:established,to_server; content:"purse"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-06-21,updated_at 2019-06-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185630;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRICKLY TEAR Malware Communication"; flow:established,to_client; content:"tear"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2016-05-07,updated_at 2016-05-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185631;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TASTELESS CAPON Malware Communication"; flow:established,to_server; urilen:33,norm; content:"capon"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-02-24,updated_at 2019-02-27,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185632;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PASSIVE RESOLUTION Malware Communication"; flow:established,to_server; content:"resolution"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-19,updated_at 2018-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185633;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTACT FRIEND Malware Communication"; flow:established,to_server; content:"friend"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-18,updated_at 2017-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185634;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HANDSOME GARB Malware Communication"; flow:established,to_server; content:"garb"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-06,updated_at 2019-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185635;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORTHWHILE COPYRIGHT Malware Communication"; flow:established,to_server; content:"copyright"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-04-24,updated_at 2018-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185636;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRAB MOUTON Traffic Detected"; flow:established,to_server; content:"mouton"; priority:3; metadata:hostile dest_ip,created_at 2019-07-24,updated_at 2019-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185637;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINEAR UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:2; metadata:cwe_id 119,cvss_v3_base 6.8,hostile src_ip,created_at 2019-01-02,capec_id 129,updated_at 2019-01-06,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cvss_v3_temporal 7.1,cve 2019-466059,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80185638;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LAYER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"layer"; priority:3; metadata:cwe_id 122,cvss_v3_base 8.2,hostile src_ip,created_at 2019-05-25,capec_id 255,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target http-client,attack_target client,cvss_v3_temporal 8.5,cve 2018-3001349,cvss_v2_temporal 8.5,protocols http,protocols tcp; rev:2; sid:80185639;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EARLY ALB Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"alb"; priority:3; metadata:cvss_v3_base 4.7,hostile src_ip,created_at 2019-10-09,capec_id 242,updated_at 2019-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cvss_v3_temporal 4.1,cve 2019-7422156,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80185640;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ONLY WHEEL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"wheel"; priority:3; metadata:cwe_id 122,cvss_v3_base 5.3,hostile src_ip,created_at 2019-03-19,capec_id 152,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cvss_v3_temporal 6.3,cve 2015-3551753,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80185641;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANUAL OFFER Traffic Detected"; flow:established,to_client; file_data; content:"offer"; priority:3; metadata:hostile src_ip,created_at 2017-07-13,updated_at 2017-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185642;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELIGHTFUL BADGER Malware Communication"; flow:established,to_server; content:"badger"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-27,updated_at 2018-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185643;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIVINE HOSPICE Malware Communication"; flow:established,to_server; content:"hospice"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-18,updated_at 2018-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185644;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAMILIAR REACTION Malware Communication"; flow:established, to_server; content:"reaction"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-08-09,updated_at 2016-08-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185645;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NICE BULB Malware Communication"; flow:established,to_server; content:"bulb"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-11-09,updated_at 2016-11-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185646;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PART-TIME SLAPSTICK Malware Communication"; flow:established,to_server; content:"slapstick"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-18,updated_at 2017-04-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185647;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICIOUS MARSH Traffic Detected"; flow:established,to_server; content:"marsh"; priority:3; metadata:cwe_id 507,hostile dest_ip,created_at 2019-05-23,updated_at 2019-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185648;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EYEBROW Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"eyebrow"; priority:3; metadata:cwe_id 345,cvss_v3_base 7.3,hostile src_ip,created_at 2019-08-04,capec_id 123,updated_at 2019-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cvss_v3_temporal 8.8,cve 2018-4467826,cvss_v2_temporal 8.8,protocols http,protocols tcp; rev:2; sid:80185649;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEFT PLANTATION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"plantation"; priority:3; metadata:cvss_v3_base 4.2,hostile src_ip,created_at 2019-06-01,capec_id 255,updated_at 2019-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cvss_v3_temporal 3.3,cve 2018-7588771,cvss_v2_temporal 3.3,protocols http,protocols tcp; rev:2; sid:80185650;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNINTERESTED MICROLENDING Malware Communication"; flow:established,to_server; urilen:6,norm; content:"microlending"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-07-01,updated_at 2017-07-14,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185651;) drop ftp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REMOTE CHEF Traffic Detected"; flow:established,to_client; content:"chef"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-06-15,capec_id 123,updated_at 2018-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185652;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PUNY MOONSCAPE Malware Communication"; flow:established,from_server; content:"moonscape"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-05-22,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185653;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIMARY PERMIT Traffic Detected"; flow:established,to_server; content:"permit"; priority:2; metadata:hostile dest_ip,created_at 2015-11-26,updated_at 2015-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80185654;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHOSEN CEILING Malware Communication"; flow:established,to_client; content:"ceiling"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2017-10-05,updated_at 2017-10-13,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:2; sid:80185655;) #alert tcp any any -> $HOME_NET any (msg:"Acme - MINIMUM PARD Traffic Detected"; flow:established, to_server; content:"pard"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-11,capec_id 100,updated_at 2019-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,protocols imap,protocols tcp; rev:1; sid:80185656;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DEAD COLLISION Traffic Detected"; flow:established, to_server; content:"collision"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-12,capec_id 100,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,protocols imap,protocols tcp; rev:1; sid:80185657;) #alert tcp any any -> $HOME_NET any (msg:"Acme - RELUCTANT SOLITAIRE Traffic Detected"; flow:established, to_server; content:"solitaire"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2016-06-13,capec_id 100,updated_at 2016-06-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,protocols imap,protocols tcp; rev:1; sid:80185658;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SUNKNOWNT PARENTHESES Traffic Detected"; flow:established, to_server; content:"parentheses"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-01-10,capec_id 100,updated_at 2018-01-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,protocols imap,protocols tcp; rev:1; sid:80185659;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HELPLESS FLOOR Traffic Detected"; flow:established,to_server; content:"floor"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2017-09-01,updated_at 2017-09-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185660;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTURBING COAT Malware Communication"; flow:established, to_server; content:"coat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185661;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROYAL CHOPSTICK Malware Communication"; flow:established, to_server; content:"chopstick"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-08-21,updated_at 2016-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185662;) drop tcp any any -> $HOME_NET any (msg:"Acme - UPPER OCTET Traffic Detected"; flow:established; content:"octet"; priority:3; metadata:created_at 2017-01-11,capec_id 255,updated_at 2017-01-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185663;) drop tcp any any -> $HOME_NET any (msg:"Acme - DOMINANT PENCIL Traffic Detected"; flow:established; content:"pencil"; priority:3; metadata:created_at 2019-03-20,capec_id 255,updated_at 2019-03-21,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185664;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THOUNKNOWN THEATER Malware Communication"; flow:established,to_server; content:"theater"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-09,updated_at 2016-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185665;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIABLE HEAT Malware Communication"; flow:established,to_server; content:"heat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-24,updated_at 2018-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185666;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REAR NOUGAT Malware Communication"; flow:established,to_server; content:"nougat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-10,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185667;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ARTISTIC BOTUNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"botUNKNOWN"; priority:3; metadata:cwe_id 502,cvss_v3_base 4.5,hostile src_ip,created_at 2019-09-24,capec_id 310,updated_at 2019-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target server,attack_target http-server,cvss_v3_temporal 4.5,cve 2019-8784203,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:1; sid:80185668;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENCOURAGING TIMEOUT Traffic Detected"; flow:established, to_server; content:"timeout"; priority:1; metadata:hostile src_ip,created_at 2018-11-21,capec_id 248,updated_at 2018-11-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185669;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BURNING FINANCE Traffic Detected"; flow:established, to_server; content:"finance"; priority:3; metadata:hostile src_ip,created_at 2019-09-24,capec_id 113,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185670;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLOW SENSE Traffic Detected"; flow:established, to_server; content:"sense"; priority:3; metadata:hostile src_ip,created_at 2018-08-17,capec_id 113,updated_at 2018-08-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185671;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BACK SPEAKERPUNKNOWNE Traffic Detected"; flow:established, to_server; content:"speakerpUNKNOWNe"; priority:3; metadata:hostile src_ip,created_at 2016-01-04,capec_id 213,updated_at 2016-01-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80185672;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASHAMED SHADE Malware Communication"; flow:established,to_server; urilen:>100; content:"shade"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-03,updated_at 2019-09-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185673;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELECTRICAL HACKSAW Malware Communication"; flow:established,to_server; urilen:8,norm; content:"hacksaw"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-09,updated_at 2019-06-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185674;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPOSSIBLE THERMALS Malware Communication"; flow:established,to_server; urilen:8,norm; content:"thermals"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-26,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185675;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INDEPENDENT SLEET Traffic Detected"; flow:established,to_server; content:"sleet"; priority:3; metadata:hostile src_ip,created_at 2019-09-15,capec_id 110,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185676;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENDER TRIANGLE Exploitation Attempt Seen"; flow:established,to_server; content:"triangle"; priority:3; metadata:cwe_id 502,cvss_v3_base 3.5,hostile src_ip,created_at 2018-10-25,capec_id 152,updated_at 2018-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cvss_v3_temporal 4.0,cve 2015-4644950,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:1; sid:80185677;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPATIBLE SCENT Exploitation Attempt Seen"; flow:established,to_server; content:"scent"; priority:3; metadata:cwe_id 807,cvss_v3_base 6.8,hostile src_ip,created_at 2018-02-11,capec_id 152,updated_at 2018-02-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cvss_v3_temporal 8.0,cve 2017-8137487,cvss_v2_temporal 8.0,protocols http,protocols tcp; rev:1; sid:80185678;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS ASSUMPTION Traffic Detected"; flow:established,to_client; content:"assumption"; priority:1; metadata:cwe_id 507,hostile src_ip,created_at 2017-07-24,updated_at 2017-07-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185679;) drop http any any -> $HOME_NET any (msg:"Acme - FRIGHTENED BLADE Traffic Detected"; flow:established,to_server; content:"blade"; priority:2; metadata:hostile src_ip,created_at 2019-06-22,capec_id 152,updated_at 2019-06-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185680;) alert http any any -> $HOME_NET any (msg:"Acme - GREEN STYLING Traffic Detected"; flow:established,to_client; content:"styling"; priority:3; metadata:hostile dest_ip,created_at 2019-05-16,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80185681;) drop http any any -> $HOME_NET any (msg:"Acme - FLUFFY BASIS Traffic Detected"; flow:established,to_server; content:"basis"; priority:2; metadata:hostile src_ip,created_at 2019-03-23,capec_id 152,updated_at 2019-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185682;) drop http any any -> $HOME_NET any (msg:"Acme - ROUND NIECE Traffic Detected"; flow:established,to_server; content:"niece"; priority:2; metadata:hostile src_ip,created_at 2016-07-17,capec_id 152,updated_at 2016-07-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185683;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HORRIBLE HARBOUR Malware Communication"; flow:established,to_server; content:"harbour"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-26,updated_at 2018-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185684;) drop http any any -> $HOME_NET any (msg:"Acme - MAD EXCLAMATION Traffic Detected"; flow:established,to_server; content:"exclamation"; priority:3; metadata:hostile src_ip,created_at 2018-01-06,capec_id 152,updated_at 2018-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185685;) drop http any any -> $HOME_NET any (msg:"Acme - NEUTRAL HURDLER Traffic Detected"; flow:established,to_server; content:"hurdler"; priority:3; metadata:hostile src_ip,created_at 2019-03-19,capec_id 152,updated_at 2019-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185686;) drop http any any -> $HOME_NET any (msg:"Acme - OFFICIAL SEGMENT Traffic Detected"; flow:established,to_server; content:"segment"; priority:3; metadata:hostile src_ip,created_at 2018-03-02,capec_id 152,updated_at 2018-03-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80185687;) drop http any any -> $HOME_NET any (msg:"Acme - SYMBOLIC SIBLING Traffic Detected"; flow:established,to_server; content:"sibling"; priority:3; metadata:hostile src_ip,created_at 2019-07-03,capec_id 152,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:6; sid:80185688;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WRONG PASSENGER Malware Communication"; flow:established,to_client; content:"passenger"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-09-10,updated_at 2019-09-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185689;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCELLENT ROBE Exploitation Attempt Seen"; flow:established,to_client; content:"robe"; priority:3; metadata:cwe_id 119,cvss_v3_base 6.9,hostile src_ip,created_at 2018-11-09,capec_id 129,updated_at 2018-11-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target http-client,attack_target client,cvss_v3_temporal 7.6,cve 2016-986087,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80185690;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GUILTY STEAL Exploitation Attempt Seen"; flow:established,to_client; content:"steal"; priority:3; metadata:cwe_id 119,cvss_v3_base 5.2,hostile src_ip,created_at 2019-11-09,capec_id 129,updated_at 2019-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target http-client,attack_target client,cvss_v3_temporal 4.8,cve 2019-1045250,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80185691;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVINCED SHELF Traffic Detected"; flow:established, to_server; content:"shelf"; priority:3; metadata:hostile src_ip,created_at 2017-10-25,capec_id 100,updated_at 2017-10-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185692;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNIQUE PAWNSHOP Traffic Detected"; flow:established, to_server; content:"pawnshop"; priority:3; metadata:hostile src_ip,created_at 2017-06-24,capec_id 100,updated_at 2017-06-25,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185693;) #alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE GOAL Traffic Detected"; flow:established, to_server; content:"goal"; priority:3; metadata:hostile src_ip,created_at 2019-08-12,capec_id 100,updated_at 2019-08-22,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:4; sid:80185694;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SPATIAL EXPERIENCE Traffic Detected"; flow:established, to_server; content:"experience"; priority:3; metadata:hostile src_ip,created_at 2019-09-09,capec_id 100,updated_at 2019-09-09,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185695;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALLIED CART Exploitation Attempt Seen"; flow:established, to_server; content:"cart"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2016-01-10,capec_id 248,updated_at 2016-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-9760718,protocols http,protocols tcp; rev:2; sid:80185696;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUIET MUG Traffic Detected"; flow:established, to_server; content:"mug"; priority:3; metadata:hostile src_ip,created_at 2017-09-02,capec_id 100,updated_at 2017-09-19,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80185697;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLYMPIC BATHER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"bather"; priority:3; metadata:cwe_id 352,cwe_id 79,hostile src_ip,created_at 2019-05-04,capec_id 63,updated_at 2019-05-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-9571520,cve 2015-9571520,cve 2015-9571520,cve 2015-9571520,cve 2015-9571520,protocols http,protocols tcp; rev:2; sid:80185698;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAF PASSAGE Malware Communication"; flow:established,to_client; content:"passage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-03-15,updated_at 2018-03-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80185699;) drop http any any -> $HOME_NET any (msg:"Acme - HISSING VERSE Exploitation Attempt Seen"; flow:established,to_server; content:"verse"; priority:3; metadata:cwe_id 78,cvss_v3_base 4.2,hostile src_ip,created_at 2019-03-17,capec_id 248,updated_at 2019-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,attack_target http-server,cvss_v3_temporal 4.7,cve 2017-618512,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80185700;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSERVATIVE COMPLEMENT Malware Communication"; flow:established,to_server; content:"complement"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-25,updated_at 2016-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:2; sid:80185701;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CASCADE Malware Communication"; flow:established,to_client; content:"cascade"; priority:2; metadata:cwe_id 93,malware download-attempt,cvss_v3_base 6.4,hostile src_ip,created_at 2019-09-18,updated_at 2019-09-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target http-client,attack_target client,cvss_v3_temporal 6.1,cve 2018-3447448,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80185702;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBTLE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-04-25,updated_at 2019-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185703;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEFT SCENT Traffic Detected"; flow:established,to_server; content:"scent"; priority:1; metadata:hostile dest_ip,created_at 2019-01-01,updated_at 2019-01-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185704;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - FINANCIAL CABANA Traffic Detected"; flow:established,to_server; content:"cabana"; priority:1; metadata:hostile dest_ip,created_at 2016-05-26,updated_at 2016-05-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185705;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOOLISH COIN Malware Communication"; flow:established,to_server; content:"coin"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-23,updated_at 2019-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185706;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRIPED BEE Malware Communication"; flow:established,to_client; content:"bee"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-11-09,updated_at 2016-11-27,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185707;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOBLE PUPA Exploitation Attempt Seen"; flow:established,from_server; content:"pupa"; priority:2; metadata:cwe_id 416,cvss_v3_base 5.3,created_at 2019-04-09,capec_id 118,updated_at 2019-04-16,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 4.5,cvss_v3_temporal 4.1,cve 2018-7510963,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:5; sid:80185708;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLUSHING EMUNKNOWNSIS Exploitation Attempt Seen"; flow:established,to_server; content:"emUNKNOWNsis"; priority:3; metadata:cwe_id 416,cvss_v3_base 5.3,hostile src_ip,created_at 2019-08-23,capec_id 118,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cvss_v3_temporal 6.2,cve 2019-9569308,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80185709;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOBLE WHOLESALE Malware Communication"; flow:established,to_client; content:"wholesale"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-04-03,updated_at 2019-04-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:8; sid:80185710;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MATH Traffic Detected"; flow:established,to_server; content:"math"; priority:3; metadata:hostile src_ip,created_at 2019-09-05,capec_id 100,updated_at 2019-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185711;) #alert tcp any any -> any any (msg:"Acme - UNKNOWN DIVIDER Traffic Detected"; flow:established,to_server; content:"divider"; priority:3; metadata:created_at 2019-07-03,capec_id 286,updated_at 2019-07-06,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:2; sid:80185712;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARP GRAIN Malware Communication"; flow:established, to_server; content:"grain"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-10-07,updated_at 2016-10-09,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80185713;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIM OFF-RAMP Malware Communication"; flow:established,to_server; content:"off-ramp"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-26,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185714;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAF MONTH Malware Communication"; flow:established,to_server; urilen:<25,norm; content:"month"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2017-03-22,updated_at 2017-03-23,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185715;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURPLE STRATEGY Malware Communication"; flow:established,to_server; content:"strategy"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-04-03,updated_at 2017-04-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185716;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ETHICAL BROW Traffic Detected"; flow:established,to_server; content:"brow"; priority:1; metadata:hostile dest_ip,created_at 2018-11-19,updated_at 2018-11-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185717;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LINEAR ZOOLOGY Malware Communication"; flow:established,to_server; content:"zoology"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-10-04,updated_at 2018-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185718;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOSE SORT Exploitation Attempt Seen"; flow:established, to_server; content:"sort"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-13,capec_id 100,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-3323513,protocols tcp; rev:1; sid:80185719;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHRILL NOUGAT Malware Communication"; flow:established,to_server; content:"nougat"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-07-27,updated_at 2019-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185720;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRUNKNOWN RANCH Exploitation Attempt Seen"; flow:established, to_server; content:"ranch"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-22,capec_id 100,updated_at 2019-07-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-734860,protocols tcp; rev:1; sid:80185721;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTELLIGENT PASSIVE Malware Communication"; flow:established,to_server; content:"passive"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2017-05-16,updated_at 2017-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185722;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNPY LOAFER Exploitation Attempt Seen"; flow:established, to_server; content:"loafer"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-04-11,capec_id 100,updated_at 2018-04-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-5148224,protocols tcp; rev:1; sid:80185723;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FLYING TOLERANCE Exploitation Attempt Seen"; flow:established, to_server; content:"tolerance"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-06-09,capec_id 100,updated_at 2018-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-6420151,protocols tcp; rev:1; sid:80185724;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SALTY SLASH Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"slash"; priority:3; metadata:cwe_id 190,hostile src_ip,created_at 2018-10-12,capec_id 100,updated_at 2018-10-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-6427780,protocols http,protocols tcp; rev:2; sid:80185725;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - TALL DATA Traffic Detected"; flow:established,to_client; content:"data"; priority:2; metadata:hostile src_ip,created_at 2019-11-13,updated_at 2019-11-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185726;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRAINY ROCKET-SHIP Malware Communication"; flow:established,to_client; content:"rocket-ship"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-01-09,updated_at 2018-01-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185727;) drop http any any -> $HOME_NET any (msg:"Acme - LONG-TERM ORDINARY Exploitation Attempt Seen"; flow:established,to_server; content:"ordinary"; priority:3; metadata:cvss_v3_base 6.7,hostile src_ip,created_at 2017-08-12,capec_id 253,updated_at 2017-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target server,attack_target http-server,cvss_v3_temporal 6.5,cve 2016-66842,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80185728;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMPTY GAUNTLET Malware Communication"; flow:established,to_server; content:"gauntlet"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-18,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185729;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VAGUE CONSOLE Malware Communication"; flow:established,to_server; content:"console"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-24,updated_at 2019-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185730;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONCERNED TASTE Malware Communication"; flow:established,to_server; content:"taste"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-19,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185731;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POST-WAR CROSS Traffic Detected"; flow:established,to_client; content:"cross"; priority:2; metadata:hostile src_ip,created_at 2017-04-02,updated_at 2017-04-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185732;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIOR HURRICANE Malware Communication"; flow:established,to_server; content:"hurricane"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-13,updated_at 2018-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:4; sid:80185733;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLUE EARRINGS Exploitation Attempt Seen"; flow:established,to_server; content:"earrings"; priority:3; metadata:cwe_id 434,cvss_v3_base 3.6,hostile src_ip,created_at 2019-05-26,capec_id 242,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target server,attack_target http-server,cvss_v3_temporal 2.6,cve 2019-8814569,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:2; sid:80185734;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIOLOGICAL BATH Malware Communication"; flow:established,to_server; content:"bath"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-18,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185735;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRIPED PASSBOOK Malware Communication"; flow:established,to_server; content:"passbook"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-03,updated_at 2016-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80185736;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YELLOW MANOR Traffic Detected"; flow:established,to_server; content:"manor"; priority:2; metadata:hostile src_ip,created_at 2015-04-13,capec_id 248,updated_at 2015-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185737;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WHOLE SLEDGE Traffic Detected"; flow:established,to_server; content:"sledge"; priority:2; metadata:hostile src_ip,created_at 2019-11-10,capec_id 248,updated_at 2019-11-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185738;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ESSENTIAL PUNKNOWNUM Malware Communication"; flow:established,to_server; content:"pUNKNOWNum"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-18,updated_at 2018-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185739;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPREME FATHER Malware Communication"; flow:established,to_server; content:"father"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-04,updated_at 2018-04-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185740;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIANT INSOLENCE Malware Communication"; flow:established,to_server; content:"insolence"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-26,updated_at 2019-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185741;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JITTERY LINE Malware Communication"; flow:established,to_server; content:"line"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-15,updated_at 2019-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185742;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - WORLDWIDE TRUCKIT Malware Communication"; flow:established, to_server; content:"truckit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-05,updated_at 2019-11-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185743;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - MEANINGFUL OBI Malware Communication"; flow:established, to_server; content:"obi"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-14,updated_at 2018-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185744;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - DIPLOMATIC ESPADRILLE Malware Communication"; flow:established, to_server; content:"espadrille"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-08,updated_at 2018-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185745;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - BITTER PARTICULAR Malware Communication"; flow:established, to_server; content:"particular"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-01,updated_at 2019-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185746;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REAR STEP-GRANDFATHER Malware Communication"; flow:established,to_client; content:"step-grandfather"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-08-17,updated_at 2019-08-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80185747;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COASTAL BRAVE Malware Communication"; flow:established,to_server; urilen:<25,norm; content:"brave"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-13,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185748;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - INQUISITIVE ALIBI Malware Communication"; flow:established, to_server; content:"alibi"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-07,updated_at 2019-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80185749;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - DEFINITE MARSHLAND Malware Communication"; flow:established, to_server; content:"marshland"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-02,updated_at 2017-03-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:4; sid:80185750;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - DIRTY HEARTHSIDE Malware Communication"; flow:established, to_server; content:"hearthside"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-26,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185751;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - GLORIOUS LIGHTNING Malware Communication"; flow:established, to_server; content:"lightning"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-25,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185752;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CLASSIC SURFACE Malware Communication"; flow:established, to_server; content:"surface"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-20,updated_at 2019-06-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185753;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - GENTLE CONSENT Malware Communication"; flow:established, to_server; content:"consent"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-14,updated_at 2017-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185754;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - NORMAL IMPUDENCE Malware Communication"; flow:established, to_server; content:"impudence"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-03,updated_at 2019-06-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185755;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - PSYCHOLOGICAL UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-05,updated_at 2016-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185756;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - COMPACT REGULATION Malware Communication"; flow:established, to_server; content:"regulation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-16,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185757;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - ESSENTIAL CARRIER Malware Communication"; flow:established, to_server; content:"carrier"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-03,updated_at 2019-01-03,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185758;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CHILLY RED Malware Communication"; flow:established, to_server; content:"red"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-08,updated_at 2019-01-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185759;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - NEARBY CASSOCK Malware Communication"; flow:established, to_server; content:"cassock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-14,updated_at 2018-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185760;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - HELPLESS LOSS Malware Communication"; flow:established, to_server; content:"loss"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-07,updated_at 2017-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185761;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - BROKEN MECHANIC Malware Communication"; flow:established, to_server; content:"mechanic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-13,updated_at 2018-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185762;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARALLEL STOCKINGS Malware Communication"; flow:established,to_client; content:"stockings"; priority:2; metadata:cwe_id 843,malware pre-infection,cvss_v3_base 2.5,hostile src_ip,created_at 2019-10-26,updated_at 2019-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cvss_v3_temporal 2.5,cve 2016-9488428,cvss_v2_temporal 2.5,protocols http,protocols tcp; rev:2; sid:80185763;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPECTED ADAPTER Traffic Detected"; flow:established,to_server; content:"adapter"; priority:2; metadata:cwe_id 506,hostile dest_ip,created_at 2015-10-07,updated_at 2015-10-07,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185764;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HUNGRY BRONZE Malware Communication"; flow:established,to_server; content:"bronze"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-09,updated_at 2017-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185765;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG WASH Malware Communication"; flow:established,to_client; content:"wash"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-03-09,updated_at 2019-03-28,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185766;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DECISIVE BESTSELLER Malware Communication"; flow:established,to_client; content:"bestseller"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-01-08,updated_at 2016-01-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185767;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIEVED PURSE Exploitation Attempt Seen"; flow:established,to_server; content:"purse"; priority:3; metadata:cwe_id 287,cvss_v3_base 6.7,hostile src_ip,created_at 2017-11-25,capec_id 115,updated_at 2017-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.1,cve 2015-7773098,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:1; sid:80185768;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PAN Malware Communication"; flow:established,to_server; content:"pan"; priority:2; metadata:cwe_id 287,malware post-infection,cvss_v3_base 6.0,created_at 2019-08-03,updated_at 2019-08-13,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cvss_v3_temporal 6.4,cve 2019-2019493,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:3; sid:80185769;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AGRICULTURAL RISER Exploitation Attempt Seen"; flow:established,to_server; content:"riser"; priority:3; metadata:cwe_id 287,cvss_v3_base 4.5,hostile src_ip,created_at 2019-06-04,capec_id 115,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,attack_target http-server,cvss_v3_temporal 5.8,cve 2018-775769,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:1; sid:80185770;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INFLUENTIAL PANCREAS Exploitation Attempt Seen"; flow:established,to_server; content:"pancreas"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2019-04-05,capec_id 152,updated_at 2019-04-06,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2019-9855635,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:3; sid:80185771;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EDUCATIONAL FORK Exploitation Attempt Seen"; flow:established,to_server; content:"fork"; priority:1; metadata:cwe_id 287,cvss_v3_base 4.1,created_at 2018-03-01,capec_id 115,updated_at 2018-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cvss_v3_temporal 4.1,cve 2015-4061362,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80185772;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCESSIVE BEVERAGE Traffic Detected"; flow:established,to_server; content:"beverage"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2015-07-25,capec_id 115,updated_at 2015-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80185773;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUTHERN HAUNT Traffic Detected"; flow:established,to_server; content:"haunt"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2018-04-27,capec_id 248,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80185774;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DECISIVE OVEREXERTION Exploitation Attempt Seen"; flow:established,to_server; content:"overexertion"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2017-05-05,capec_id 152,updated_at 2017-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target server,attack_target http-server,cve 2016-8557904,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80185775;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WHISPERING BEAK Traffic Detected"; flow:established,to_server; content:"beak"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2019-05-13,capec_id 248,updated_at 2019-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80185776;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MONETARY CANON Traffic Detected"; flow:established,to_server; content:"canon"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2019-03-06,capec_id 248,updated_at 2019-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,attack_target http-server,cvss_v2_temporal 5.5,protocols http,protocols tcp; rev:2; sid:80185777;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFICIENT CLOVER Malware Communication"; flow:established,from_server; content:"clover"; priority:3; metadata:cwe_id 507,malware pre-infection,hostile src_ip,created_at 2018-08-23,updated_at 2018-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185778;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAR CASTANET Malware Communication"; flow:established,to_server; content:"castanet"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-03,updated_at 2019-04-11,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185779;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORANGE COLUMN Exploitation Attempt Seen"; flow:established,to_server; content:"column"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-06-13,capec_id 152,updated_at 2018-06-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cve 2018-3270581,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80185780;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLAIN BATHROBE Exploitation Attempt Seen"; flow:established,to_server; content:"bathrobe"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-10-09,capec_id 152,updated_at 2018-10-11,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,attack_target http-server,cve 2018-8969831,cvss_v2_temporal 7.6,protocols http,protocols tcp; rev:2; sid:80185781;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN JOGGING Traffic Detected"; flow:established,to_client; file_data; content:"jogging"; priority:3; metadata:hostile src_ip,created_at 2018-05-14,capec_id 119,updated_at 2018-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185782;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRAGILE GIRDLE Traffic Detected"; flow:established,to_client; content:"girdle"; priority:3; metadata:created_at 2018-08-03,capec_id 119,updated_at 2018-08-12,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:2; sid:80185783;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UGLY FLECK Malware Communication"; flow:established,to_client; content:"fleck"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-06-12,updated_at 2019-06-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185784;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MONETARY SUNLAMP Malware Communication"; flow:established,to_server; content:"sunlamp"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-24,updated_at 2018-04-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185785;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COURAGEOUS GRANDDAUGHTER Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"granddaughter"; priority:2; metadata:cwe_id 119,cvss_v3_base 3.2,hostile src_ip,created_at 2019-08-01,capec_id 123,updated_at 2019-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cvss_v3_temporal 4.6,cve 2019-8275279,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80185786;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARIOUS ANTEATER Malware Communication"; flow:established,to_client; content:"anteater"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-08-08,updated_at 2019-08-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185787;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSENT INSTUNKNOWNENT Malware Communication"; flow:established,to_server; content:"instUNKNOWNent"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-01,updated_at 2019-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185788;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNSIGHTLY HOMOGENATE Malware Communication"; flow:established,to_server; content:"homogenate"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-03,updated_at 2018-08-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185789;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPRESSIVE ROCKET Malware Communication"; flow:established,to_server; content:"rocket"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-08,updated_at 2018-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185790;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEFINITE POSTAGE Malware Communication"; flow:established,to_client; content:"postage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-17,updated_at 2019-07-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185791;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIMITIVE YARD Malware Communication"; flow:established,to_client; content:"yard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-11-14,updated_at 2019-11-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185792;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLLECTIVE OPOSSUM Malware Communication"; flow:established,to_server; content:"opossum"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185793;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SELL Traffic Detected"; flow:established,to_server; content:"sell"; priority:3; metadata:cwe_id 657,created_at 2019-08-01,capec_id 118,updated_at 2019-08-05,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80185794;) alert http any any -> any any (msg:"Acme - CAUTIOUS UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 657,created_at 2019-09-16,capec_id 118,updated_at 2019-09-21,filename p2p.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80185795;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLE GREAT-GRANDFATHER Exploitation Attempt Seen"; flow:established,to_server; content:"great-grandfather"; priority:3; metadata:cwe_id 89,cvss_v3_base 2.2,hostile src_ip,created_at 2019-11-11,capec_id 110,updated_at 2019-11-11,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,attack_target http-server,cvss_v3_temporal 3.6,cve 2018-5585876,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80185796;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIVEN LEEK Malware Communication"; flow:established,to_client; content:"leek"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-02,updated_at 2018-04-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185797;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPER OWNER Malware Communication"; flow:established,to_server; content:"owner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-10-24,updated_at 2016-10-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185798;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPATIBLE AVENUE Exploitation Attempt Seen"; flow:established,to_server; content:"avenue"; priority:3; metadata:cwe_id 89,cvss_v3_base 3.7,hostile src_ip,created_at 2018-01-01,capec_id 110,updated_at 2018-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cvss_v3_temporal 4.4,cve 2018-1843088,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80185799;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PETAL Exploitation Attempt Seen"; flow:established,to_server; content:"petal"; priority:3; metadata:cwe_id 89,cvss_v3_base 3.0,hostile src_ip,created_at 2019-07-01,capec_id 110,updated_at 2019-07-03,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cvss_v3_temporal 4.4,cve 2016-5240475,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80185800;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DAMAGED STACKING Traffic Detected"; flow:established,to_server; content:"stacking"; priority:2; metadata:hostile dest_ip,created_at 2017-02-04,capec_id 118,updated_at 2017-02-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185801;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOBLE ENEMY Traffic Detected"; flow:established,from_server; content:"enemy"; priority:2; metadata:hostile src_ip,created_at 2019-10-16,capec_id 148,updated_at 2019-10-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185802;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL UNKNOWN Traffic Detected"; flow:established,from_server; content:"UNKNOWN"; priority:2; metadata:hostile src_ip,created_at 2018-10-14,capec_id 148,updated_at 2018-10-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185803;) drop ssh $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALID HYENA Exploitation Attempt Seen"; flow:established,to_client; content:"hyena"; priority:2; metadata:cwe_id 321,hostile dest_ip,created_at 2018-03-26,capec_id 70,updated_at 2018-03-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target ssh-server,attack_target server,cve 2016-4630689,cvss_v2_temporal 3.3,protocols ssh,protocols tcp; rev:2; sid:80185804;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIDDLE-CLASS EMUNKNOWNSIS Traffic Detected"; flow:established,to_server; content:"emUNKNOWNsis"; priority:1; metadata:hostile dest_ip,created_at 2019-10-22,updated_at 2019-10-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185805;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPATIBLE DEDICATION Traffic Detected"; flow:established,to_server; content:"dedication"; priority:2; metadata:cwe_id 507,hostile dest_ip,created_at 2019-05-24,updated_at 2019-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185806;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MILITARY DOUBT Traffic Detected"; flow:established,to_server; content:"doubt"; priority:1; metadata:hostile dest_ip,created_at 2019-05-06,updated_at 2019-05-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185807;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OCCASIONAL DOMAIN Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"domain"; priority:3; metadata:cwe_id 122,cvss_v3_base 4.2,hostile src_ip,created_at 2018-03-06,capec_id 100,updated_at 2018-03-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cvss_v3_temporal 3.8,cve 2016-5826002,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80185808;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CERTAIN SOCIETY Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"society"; priority:3; metadata:cwe_id 787,cvss_v3_base 3.2,hostile src_ip,created_at 2017-01-01,capec_id 100,updated_at 2017-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.9,attack_target http-client,attack_target client,cvss_v3_temporal 2.0,cve 2017-7344228,cvss_v2_temporal 2.0,protocols http,protocols tcp; rev:3; sid:80185809;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRIM GRAPEFRUIT Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"grapefruit"; priority:3; metadata:cwe_id 129,cvss_v3_base 6.9,hostile src_ip,created_at 2019-07-06,capec_id 255,updated_at 2019-07-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cvss_v3_temporal 6.5,cve 2019-5788605,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:5; sid:80185810;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPLESS BOOSTER Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"booster"; priority:3; metadata:cwe_id 126,cvss_v3_base 4.0,hostile src_ip,created_at 2018-11-21,capec_id 100,updated_at 2018-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target http-client,attack_target client,cvss_v3_temporal 3.0,cve 2018-1459072,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80185811;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INVISIBLE SENSE Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"sense"; priority:3; metadata:cwe_id 805,cvss_v3_base 3.1,hostile src_ip,created_at 2018-10-12,capec_id 255,updated_at 2018-10-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target http-client,attack_target client,cvss_v3_temporal 4.6,cve 2016-420712,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80185812;) alert tcp any any -> $HOME_NET any (msg:"Acme - ISOLATED ALLIGATOR Exploitation Attempt Seen"; flow:established, to_server; content:"alligator"; priority:3; metadata:cwe_id 119,hostile dest_ip,created_at 2018-08-14,capec_id 255,updated_at 2018-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-1512676,protocols tcp; rev:1; sid:80185813;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUARE MILLIMETER Malware Communication"; flow:established,to_server; content:"millimeter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-18,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185814;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELIGIOUS CHIT-CHAT Malware Communication"; flow:established,to_server; content:"chit-chat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-21,updated_at 2019-06-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185815;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DISCOUNT Exploitation Attempt Seen"; flow:established, to_server; content:"discount"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2018-09-05,capec_id 115,updated_at 2018-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target telnet-server,attack_target server,cve 2018-3930192,protocols telnet,protocols tcp; rev:1; sid:80185816;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SECRET DANCER Traffic Detected"; flow:established,to_server; content:"dancer"; priority:3; metadata:hostile src_ip,created_at 2017-02-01,capec_id 110,updated_at 2017-02-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185817;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NERVOUS SUN Malware Communication"; flow:established,to_server; content:"sun"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-09-12,updated_at 2015-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185818;) alert tcp any any -> $HOME_NET any (msg:"Acme - GORGEOUS SARDINE Exploitation Attempt Seen"; flow:established,to_server; content:"sardine"; priority:4; metadata:cwe_id 416,cvss_v3_base 2.7,hostile src_ip,created_at 2018-11-11,capec_id 129,updated_at 2018-11-27,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,cvss_v3_temporal 3.1,cve 2016-3079302,cvss_v2_temporal 3.1,protocols tcp; rev:2; sid:80185819;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL BANDANA Malware Communication"; flow:established,to_server; content:"bandana"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185820;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMFORTABLE DISTRIBUTOR Exploitation Attempt Seen"; flow:established, to_server; content:"distributor"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-24,capec_id 100,updated_at 2019-05-25,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2016-8641356,cve 2016-8641356,cve 2016-8641356,cve 2016-8641356,cve 2016-8641356,cve 2016-8641356,cve 2016-8641356,cve 2016-8641356,protocols ftp,protocols tcp; rev:1; sid:80185821;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEAK HOCKEY Exploitation Attempt Seen"; flow:established, to_server; content:"hockey"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-02-16,capec_id 100,updated_at 2017-02-19,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2016-9296135,cve 2016-9296135,cve 2016-9296135,cve 2016-9296135,cve 2016-9296135,cve 2016-9296135,cve 2016-9296135,cve 2016-9296135,protocols ftp,protocols tcp; rev:1; sid:80185822;) alert http $HOME_NET any -> any any (msg:"Acme - APPALLING CICADA Traffic Detected"; flow:established,to_server; content:"cicada"; priority:4; metadata:hostile dest_ip,created_at 2018-04-26,updated_at 2018-04-27,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:9; sid:80185823;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEVERE GATE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"gate"; priority:3; metadata:cwe_id 125,cvss_v3_base 7.0,hostile src_ip,created_at 2019-07-09,capec_id 255,updated_at 2019-07-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cvss_v3_temporal 6.7,cve 2016-5935220,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80185824;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FOREBEAR Exploitation Attempt Seen"; flow:established, to_server; content:"forebear"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-12,capec_id 100,updated_at 2019-04-19,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-1468428,cve 2019-1468428,cve 2019-1468428,cve 2019-1468428,cve 2019-1468428,cve 2019-1468428,cve 2019-1468428,cve 2019-1468428,protocols ftp,protocols tcp; rev:1; sid:80185825;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANXIOUS FOG Exploitation Attempt Seen"; flow:established, to_server; content:"fog"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-01,capec_id 100,updated_at 2019-05-17,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2016-2809921,cve 2016-2809921,cve 2016-2809921,cve 2016-2809921,cve 2016-2809921,cve 2016-2809921,cve 2016-2809921,cve 2016-2809921,protocols ftp,protocols tcp; rev:1; sid:80185826;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRIKING DEODORANT Exploitation Attempt Seen"; flow:established, to_server; content:"deodorant"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-16,capec_id 100,updated_at 2019-05-18,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-7770524,cve 2019-7770524,cve 2019-7770524,cve 2019-7770524,cve 2019-7770524,cve 2019-7770524,cve 2019-7770524,cve 2019-7770524,protocols ftp,protocols tcp; rev:1; sid:80185827;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ZANY UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-24,capec_id 100,updated_at 2019-08-25,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-2715686,cve 2019-2715686,cve 2019-2715686,cve 2019-2715686,cve 2019-2715686,cve 2019-2715686,cve 2019-2715686,cve 2019-2715686,protocols ftp,protocols tcp; rev:1; sid:80185828;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLASTIC LINER Malware Communication"; flow:established,to_client; content:"liner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-04-22,updated_at 2017-04-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185829;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOYAL SUBCONSCIOUS Traffic Detected"; flow:established,to_server; content:"subconscious"; priority:1; metadata:hostile dest_ip,created_at 2019-01-19,updated_at 2019-01-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185830;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TINY SUNFLOWER Malware Communication"; flow:established,to_server; content:"sunflower"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-06,updated_at 2018-01-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185831;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNEMPLOYED JUTE Malware Communication"; flow:established,to_server; content:"jute"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-21,updated_at 2019-06-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185832;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - INADEQUATE STEEL Malware Communication"; flow:established, to_server; content:"steel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-15,updated_at 2019-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80185833;) drop http $HOME_NET any -> any any (msg:"Acme - PRIMARY NETWORK Malware Communication"; flow:established,to_server; content:"network"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-03-25,updated_at 2018-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185834;) drop http $HOME_NET any -> any $HTTP_PORTS (msg:"Acme - BACK FORMAL Malware Communication"; flow:established,to_server; content:"formal"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-10-14,updated_at 2019-10-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185835;) drop http $HOME_NET any -> any $HTTP_PORTS (msg:"Acme - NEUTRAL MENU Malware Communication"; flow:established,to_server; content:"menu"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-01-23,updated_at 2019-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185836;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - ILL PREMIER Malware Communication"; flow:established, to_server; content:"premier"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-27,updated_at 2018-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185837;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - COMPARATIVE RAIL Malware Communication"; flow:established, to_server; content:"rail"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-21,updated_at 2019-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185838;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNAWARE DIGESTION Malware Communication"; flow:established, to_server; content:"digestion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-09,updated_at 2017-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185839;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN BIDET Malware Communication"; flow:established, to_server; content:"bidet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-25,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185840;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DESTRUCTION Malware Communication"; flow:established,to_server; content:"destruction"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-24,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185841;) alert smb any any -> $HOME_NET any (msg:"Acme - MODERN BURGLAR Exploitation Attempt Seen"; flow:established,to_server; content:"burglar"; priority:4; metadata:cwe_id 20,cvss_v3_base 5.0,created_at 2018-08-02,capec_id 255,updated_at 2018-08-18,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.4,cvss_v3_temporal 4.6,cve 2018-5567114,cvss_v2_temporal 4.6,protocols smb,protocols tcp; rev:2; sid:80185842;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVENTIONAL KING Malware Communication"; flow:established,to_client; content:"king"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-06-13,updated_at 2017-06-19,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185843;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRIGHTENED CUP Malware Communication"; flow:established,to_client; content:"cup"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-19,updated_at 2018-05-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185844;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOCAL TULIP Malware Communication"; flow:established,to_client; content:"tulip"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-05-25,updated_at 2019-05-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185845;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRANGE WEASEL Malware Communication"; flow:established,to_client; content:"weasel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-04-14,updated_at 2019-04-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185846;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELABORATE SIDEBURNS Malware Communication"; flow:established,to_client; content:"sideburns"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-10,updated_at 2019-10-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185847;) alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUBJECTIVE CULTURE Traffic Detected"; flow:established, to_server; content:"culture"; priority:2; metadata:hostile src_ip,created_at 2019-05-09,capec_id 249,updated_at 2019-05-22,filename smtp.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:4; sid:80185848;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUCCESSIVE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-12,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185849;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL SHAKER Malware Communication"; flow:established,to_server; content:"shaker"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-14,updated_at 2017-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185850;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEVEL TANGERINE Exploitation Attempt Seen"; flow:established,to_server; content:"tangerine"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2018-08-15,capec_id 248,updated_at 2018-08-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2018-7644307,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80185851;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVENIENT FISHERMAN Malware Communication"; flow:established,to_server; urilen:<8,norm; content:"fisherman"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-04-09,updated_at 2018-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185852;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAR PTARMIGAN Malware Communication"; flow:established,to_server; urilen:7,norm; content:"ptarmigan"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-01,updated_at 2019-02-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185853;) drop tcp $HOME_NET any -> any any (msg:"Acme - UNKNOWN BEET Malware Communication"; flow:established,to_server; content:"beet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-24,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185854;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIABLE POT Traffic Detected"; flow:established,from_server; content:"pot"; priority:1; metadata:cwe_id 507,hostile src_ip,created_at 2016-04-01,updated_at 2016-04-06,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185855;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLOW SCENERY Malware Communication"; flow:established,to_server; content:"scenery"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-03,updated_at 2018-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185856;) #alert http any any -> $HOME_NET any (msg:"Acme - POWERFUL FOWL Exploitation Attempt Seen"; flow:established, to_server; content:"fowl"; priority:3; metadata:cwe_id 20,hostile dest_ip,created_at 2017-03-12,capec_id 248,updated_at 2017-03-13,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-6944064,protocols http,protocols tcp; rev:2; sid:80185857;) #alert http any any -> $HOME_NET any (msg:"Acme - ETHNIC VEST Exploitation Attempt Seen"; flow:established, to_server; content:"vest"; priority:3; metadata:cwe_id 20,hostile dest_ip,created_at 2019-02-12,capec_id 248,updated_at 2019-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2018-6438947,protocols http,protocols tcp; rev:2; sid:80185858;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VERY REPUNKNOWNMENT Exploitation Attempt Seen"; flow:established,to_server; content:"repUNKNOWNment"; priority:2; metadata:cwe_id 502,cvss_v3_base 2.5,hostile src_ip,created_at 2018-10-20,capec_id 184,updated_at 2018-10-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cvss_v3_temporal 2.9,cve 2017-5422333,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80185859;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAUTIOUS DRAWING Exploitation Attempt Seen"; flow:established,to_server; content:"drawing"; priority:2; metadata:cwe_id 20,cvss_v3_base 8.3,hostile src_ip,created_at 2017-02-22,capec_id 248,updated_at 2017-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target server,attack_target http-server,cvss_v3_temporal 7.1,cve 2016-9025796,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:3; sid:80185860;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSTANDING SHOPPER Exploitation Attempt Seen"; flow:established,to_server; content:"shopper"; priority:2; metadata:cwe_id 20,cvss_v3_base 7.4,hostile src_ip,created_at 2019-11-27,capec_id 248,updated_at 2019-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cvss_v3_temporal 6.7,cve 2019-5336255,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:3; sid:80185861;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:hostile dest_ip,created_at 2019-04-16,updated_at 2019-04-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185862;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SEARCH Traffic Detected"; flow:established,to_server; content:"search"; priority:3; metadata:hostile dest_ip,created_at 2018-10-05,updated_at 2018-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185863;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHOCKED DOLLAR Malware Communication"; flow:established,to_client; content:"dollar"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-01-08,updated_at 2018-01-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185864;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMBATIVE SKULL Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"skull"; priority:3; metadata:cwe_id 385,cvss_v3_base 6.9,hostile src_ip,created_at 2019-10-18,capec_id 118,updated_at 2019-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target http-client,attack_target client,cvss_v3_temporal 7.1,cve 2019-7646892,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80185865;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCERTAIN ALDER Malware Communication"; flow:established,to_server; content:"alder"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-08,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185866;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOSED WELCOME Exploitation Attempt Seen"; flow:established,to_client; content:"welcome"; priority:3; metadata:cwe_id 125,cvss_v3_base 2.8,hostile src_ip,created_at 2019-05-19,capec_id 118,updated_at 2019-05-21,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target client,cvss_v3_temporal 2.7,cve 2018-6351428,cvss_v2_temporal 2.7,protocols tcp; rev:3; sid:80185867;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTINCT COUGH Traffic Detected"; flow:established,to_server; content:"cough"; priority:2; metadata:cwe_id 507,hostile dest_ip,created_at 2018-02-15,updated_at 2018-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185868;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENVIOUS CLIP Exploitation Attempt Seen"; flow:established, to_server; content:"clip"; priority:2; metadata:cvss_v3_base 3.0,hostile src_ip,created_at 2019-09-21,capec_id 253,updated_at 2019-09-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 1.9,cve 2019-8780178,cvss_v2_temporal 1.9,protocols http,protocols tcp; rev:2; sid:80185869;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALTERUNKNOWN SODA Exploitation Attempt Seen"; flow:established, to_server; content:"soda"; priority:2; metadata:cvss_v3_base 1.9,hostile src_ip,created_at 2016-01-12,capec_id 253,updated_at 2016-01-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 2.3,cve 2016-3644217,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80185870;) drop tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRONG SKULL Malware Communication"; flow:established,to_server; content:"skull"; priority:3; metadata:cwe_id 506,malware download-attempt,created_at 2018-10-14,updated_at 2018-10-14,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185871;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ICE Malware Communication"; flow:established,to_server; content:"ice"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-07-18,updated_at 2015-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80185872;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIMY TRANSPORT Malware Communication"; flow:established,to_server; content:"transport"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-05,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185873;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ITCHY PAYMENT Traffic Detected"; flow:established; content:"payment"; priority:3; metadata:cwe_id 122,created_at 2019-04-05,capec_id 123,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80185874;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUING JUICE Traffic Detected"; flow:established, to_client; file_data; content:"juice"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2018-08-04,capec_id 100,updated_at 2018-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185875;) #alert tcp any any -> $HOME_NET any (msg:"Acme - IRAQI REJECT Traffic Detected"; flow:established, to_client; content:"reject"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2017-02-16,capec_id 123,updated_at 2017-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185876;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIGH TROLLEY Malware Communication"; flow:established,to_server; content:"trolley"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-11-17,updated_at 2017-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185877;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTRAGEOUS MIX Malware Communication"; flow:established,to_server; content:"mix"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-25,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185878;) drop http $HOME_NET any -> any any (msg:"Acme - PROTECTIVE MAGIC Malware Communication"; flow:established,to_server; content:"magic"; priority:2; metadata:cwe_id 507,malware download-attempt,created_at 2015-08-12,updated_at 2015-08-13,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:5; sid:80185879;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALID EAT Malware Communication"; flow:established,to_server; content:"eat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-08,updated_at 2017-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185880;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREAT SECURITY Malware Communication"; flow:established,to_client; content:"security"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-08-06,updated_at 2019-08-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185881;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNOCENT DUCKLING Traffic Detected"; flow:established,from_server; file_data; content:"duckling"; priority:1; metadata:hostile src_ip,created_at 2019-04-24,updated_at 2019-04-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185882;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TROPICAL IMUNKNOWNMENT Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"imUNKNOWNment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-09-25,updated_at 2016-09-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80185883;) #alert tcp $HOME_NET any -> any any (msg:"Acme - UGLY CRITERIA Traffic Detected"; flow:established, to_server; content:"criteria"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-01,capec_id 100,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80185884;) #alert tcp $HOME_NET any -> any any (msg:"Acme - FINANCIAL FOCUS Traffic Detected"; flow:established, to_server; content:"focus"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-04-15,capec_id 100,updated_at 2017-04-15,filename acme.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80185885;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLAIN OXEN Malware Communication"; flow:established,to_client; file_data; content:"oxen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-24,updated_at 2019-06-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185886;) #alert tcp $HOME_NET any -> any any (msg:"Acme - UPUNKNOWN TIMELINE Traffic Detected"; flow:established, to_server; content:"timeline"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-05-19,capec_id 100,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80185887;) #alert tcp $HOME_NET any -> any any (msg:"Acme - FULL UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-07-22,capec_id 100,updated_at 2018-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80185888;) #alert tcp $HOME_NET any -> any any (msg:"Acme - ALLIED DAMAGE Traffic Detected"; flow:established, to_server; content:"damage"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-10-06,capec_id 100,updated_at 2018-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,protocols imap,protocols tcp; rev:1; sid:80185889;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELECTED COMPLEMENT Traffic Detected"; flow:established, to_server; content:"complement"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-11-20,capec_id 100,updated_at 2017-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,protocols imap,protocols tcp; rev:1; sid:80185890;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORGANIC BEGINNING Malware Communication"; flow:established,to_server; content:"beginning"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-11,updated_at 2019-02-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185891;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REALISTIC UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-27,updated_at 2018-11-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185892;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MELODIC VIRGINAL Malware Communication"; flow:established,to_server; content:"virginal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-18,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185893;) drop tcp any any -> $HOME_NET any (msg:"Acme - ELECTRICAL TORTELLINI Malware Communication"; flow:established; content:"tortellini"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-05-08,updated_at 2019-05-12,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:5; sid:80185894;) drop tcp any any -> $HOME_NET any (msg:"Acme - AMUSED BERET Malware Communication"; flow:established; content:"beret"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-18,updated_at 2018-05-28,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:2; sid:80185895;) drop tcp any any -> $HOME_NET any (msg:"Acme - JEALOUS TONE Malware Communication"; flow:established; content:"tone"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-21,updated_at 2019-10-27,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:2; sid:80185896;) drop tcp any any -> $HOME_NET any (msg:"Acme - PRIMARY INTERNET Malware Communication"; flow:established; content:"internet"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-11,updated_at 2019-07-15,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185897;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNUSUAL DRIVEWAY Malware Communication"; flow:established; content:"driveway"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-11,updated_at 2019-10-18,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:3; sid:80185898;) drop tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STABLE ACCESS Malware Communication"; flow:established,to_server; content:"access"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-05,updated_at 2018-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185899;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FACT Malware Communication"; flow:established,to_client; content:"fact"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-01-27,updated_at 2018-01-28,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185900;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERATE RASPBERRY Traffic Detected"; flow:established,to_server; stream_size:client,=,7; content:"raspberry"; priority:1; metadata:hostile dest_ip,created_at 2017-01-24,updated_at 2017-01-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185901;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DREADFUL STROKE Malware Communication"; flow:established,to_server; content:"stroke"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-09-07,updated_at 2019-09-15,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185902;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RENEWED SHADOW Malware Communication"; flow:established,to_client; file_data; content:"shadow"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2019-09-25,updated_at 2019-09-25,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185903;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIGID SKYWALK Malware Communication"; flow:established,to_server; content:"skywalk"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-14,updated_at 2019-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185904;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TAME STUDY Malware Communication"; flow:established,to_client; content:"study"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-06-05,updated_at 2018-06-08,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185905;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN EARTHQUAKE Malware Communication"; flow:established,to_server; content:"earthquake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-03,updated_at 2019-05-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185906;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CONDUCTOR Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"conductor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-22,updated_at 2019-06-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:19; sid:80185907;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CREEPY BLADDER Malware Communication"; flow:established, to_client; file_data; content:"bladder"; priority:3; metadata:cwe_id 121,malware pre-infection,cvss_v3_base 3.3,hostile src_ip,created_at 2017-05-27,updated_at 2017-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target http-client,attack_target client,cvss_v3_temporal 2.7,cve 2015-7033594,cve 2015-7033594,cvss_v2_temporal 2.7,protocols http,protocols tcp; rev:2; sid:80185908;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISSING STAG Malware Communication"; flow:established, to_client; file_data; content:"stag"; priority:3; metadata:cwe_id 121,malware pre-infection,cvss_v3_base 4.3,hostile src_ip,created_at 2018-02-27,updated_at 2018-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target http-client,attack_target client,cvss_v3_temporal 2.9,cve 2018-3654238,cve 2018-3654238,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80185909;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHY CAREER Malware Communication"; flow:established,to_server; content:"career"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-04,updated_at 2015-10-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185910;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL EPOCH Malware Communication"; flow:established,to_server; content:"epoch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-01,updated_at 2019-03-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185911;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VOLUNTARY SPITE Malware Communication"; flow:established,to_server; content:"spite"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-18,updated_at 2018-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185912;) #alert tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any (msg:"Acme - INDIVIDUAL MILLENNIUM Exploitation Attempt Seen"; flow:established, to_client; content:"millennium"; priority:3; metadata:cwe_id 121,cvss_v3_base 6.8,hostile src_ip,created_at 2015-04-23,updated_at 2015-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.3,cvss_v3_temporal 6.9,cve 2015-6581077,cve 2015-6581077,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:1; sid:80185913;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID PERMISSION Malware Communication"; flow:established,to_server; content:"permission"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-02-18,updated_at 2018-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185914;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOVIET CRAYFISH Traffic Detected"; flow:established,to_server; content:"crayfish"; priority:2; metadata:created_at 2016-11-23,capec_id 403,updated_at 2016-11-26,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185915;) drop tcp any any -> $HOME_NET any (msg:"Acme - DECISIVE CLOCK Malware Communication"; flow:established; content:"clock"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-09,updated_at 2019-10-15,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185916;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL GRANNY Malware Communication"; flow:established, to_server; content:"granny"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-15,updated_at 2018-05-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-4466988,protocols http,protocols tcp; rev:2; sid:80185917;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WALLET Malware Communication"; flow:established,to_server; content:"wallet"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-03,updated_at 2019-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185918;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVE ANTEATER Malware Communication"; flow:established,to_server; content:"anteater"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2016-05-13,updated_at 2016-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185919;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RADICAL DOWNGRADE Malware Communication"; flow:established,to_server; content:"downgrade"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-05,updated_at 2019-05-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185920;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PECULIAR TOP Malware Communication"; flow:established,to_server; content:"top"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-01,updated_at 2018-10-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185921;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ESTABLISHED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-16,updated_at 2017-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185922;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEAR TASSEL Malware Communication"; flow:established,to_server; content:"tassel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-11,updated_at 2017-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185923;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CONVINCED OPINION Malware Communication"; flow:established,to_server; content:"opinion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-18,updated_at 2019-08-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185924;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MULTIPLE GUIDE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"guide"; priority:3; metadata:cwe_id 416,cvss_v3_base 7.6,hostile src_ip,created_at 2016-04-24,capec_id 255,updated_at 2016-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cvss_v3_temporal 7.5,cve 2016-3261581,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:3; sid:80185925;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIOLOGICAL FAIL Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"fail"; priority:3; metadata:cwe_id 416,cvss_v3_base 6.2,hostile src_ip,created_at 2016-02-10,capec_id 255,updated_at 2016-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cvss_v3_temporal 6.1,cve 2016-5724637,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:3; sid:80185926;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; urilen:10,norm; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-24,updated_at 2018-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185927;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EFFICIENT WEIRD Malware Communication"; flow:established,to_server; urilen:10,norm; content:"weird"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-03,updated_at 2019-06-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185928;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HOSTILE DINNER Traffic Detected"; flow:established,to_server; content:"dinner"; priority:1; metadata:hostile dest_ip,created_at 2019-07-10,updated_at 2019-07-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185929;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CLOVER Malware Communication"; flow:established,to_server; content:"clover"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-04-09,updated_at 2019-04-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-7803963,protocols http,protocols tcp; rev:2; sid:80185930;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ECONOMIC CLERIC Malware Communication"; flow:established,to_client; content:"cleric"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-08-25,updated_at 2017-08-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185931;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DUSTY PERMIT Malware Communication"; flow:established,to_server; content:"permit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-18,updated_at 2017-04-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185932;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PERSISTENT PORTFOLIO Malware Communication"; flow:established,to_server; content:"portfolio"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-11,updated_at 2019-03-19,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185933;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIZZY UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2016-10-13,capec_id 49,updated_at 2016-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80185934;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBEDIENT UMBRELLA Traffic Detected"; flow:established,to_server; content:"umbrella"; priority:1; metadata:hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185935;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BITTER FLUKE Malware Communication"; flow:established,to_server; content:"fluke"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-07,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185936;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOOLISH PLOW Traffic Detected"; flow:established,to_server; content:"plow"; priority:1; metadata:hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185937;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRIMINAL UNKNOWNT Traffic Detected"; flow:established,to_server; content:"UNKNOWNt"; priority:1; metadata:hostile dest_ip,created_at 2016-05-14,updated_at 2016-05-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185938;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INHERENT SASH Traffic Detected"; flow:established,to_server; content:"sash"; priority:1; metadata:hostile dest_ip,created_at 2019-06-20,updated_at 2019-06-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185939;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ONLY WITNESS Malware Communication"; flow:established,to_client; content:"witness"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-10-22,updated_at 2016-10-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185940;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UGLY ERROR Malware Communication"; flow:established, to_client; file_data; content:"error"; priority:3; metadata:cwe_id 121,malware pre-infection,hostile src_ip,created_at 2019-08-01,updated_at 2019-08-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-9390351,protocols http,protocols tcp; rev:2; sid:80185941;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DARK UNKNOWN Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-11-20,updated_at 2017-11-27,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185942;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSENT SPECTROGRAPH Malware Communication"; flow:established, to_server; content:"spectrograph"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-15,updated_at 2019-01-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185943;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IDENTICAL FOUNTAIN Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"fountain"; priority:3; metadata:cwe_id 122,cvss_v3_base 3.1,hostile src_ip,created_at 2019-06-12,capec_id 255,updated_at 2019-06-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target http-client,attack_target client,cvss_v3_temporal 3.0,cve 2019-7767266,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80185944;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALLIED UNKNOWNUIT Exploitation Attempt Seen"; flow:established,to_client; content:"UNKNOWNuit"; priority:2; metadata:cwe_id 787,hostile src_ip,created_at 2017-11-11,capec_id 128,updated_at 2017-11-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target tls-client,attack_target client,cve 2015-235982,cvss_v2_temporal 3.8,protocols tls,protocols tcp; rev:2; sid:80185945;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLANNED READING Malware Communication"; flow:established, to_client; content:"reading"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-01-18,updated_at 2018-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185946;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOVERNING ACKNOWLEDGMENT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"acknowledgment"; priority:2; metadata:cwe_id 119,cvss_v3_base 5.8,hostile src_ip,created_at 2018-02-27,capec_id 129,updated_at 2018-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cvss_v3_temporal 4.7,cve 2018-3723188,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80185947;) drop tcp any any -> $HOME_NET any (msg:"Acme - RIGHT ANALYST Malware Communication"; flow:established; content:"analyst"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-04-04,updated_at 2019-04-09,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80185948;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOVERNING TURRET Malware Communication"; flow:established,to_client; content:"turret"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-07-16,updated_at 2016-07-26,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185949;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL BOX Malware Communication"; flow:established,to_server; content:"box"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-01,updated_at 2019-05-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185950;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLUFFY TWILIGHT Malware Communication"; flow:established,to_server; content:"twilight"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-22,updated_at 2018-05-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185951;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THOUGHTLESS YOU Malware Communication"; flow:established,to_server; content:"you"; priority:3; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-08-09,updated_at 2018-08-27,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185952;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVISORY RAG Malware Communication"; flow:established,to_server; content:"rag"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-05-19,updated_at 2015-05-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185953;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL PRIVATE Malware Communication"; flow:established,to_server; content:"private"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-01-26,updated_at 2017-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185954;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELECTIVE UNDERUNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"underUNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-05-20,updated_at 2018-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2017-7093406,protocols tcp; rev:1; sid:80185955;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TROUBLED STEP-GRANDFATHER Malware Communication"; flow:established,to_client; content:"step-grandfather"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-05-02,updated_at 2017-05-06,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185956;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOP VEHICLE Malware Communication"; flow:established,to_client; content:"vehicle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-10,updated_at 2019-03-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80185957;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ORATOR Exploitation Attempt Seen"; flow:established, to_server; content:"orator"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-11-09,updated_at 2017-11-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-8961910,protocols tcp; rev:1; sid:80185958;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ECONOMIC EYEBROW Exploitation Attempt Seen"; flow:established, to_server; content:"eyebrow"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-01-07,updated_at 2018-01-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2017-2008514,protocols tcp; rev:1; sid:80185959;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOLLOWING SURVEY Traffic Detected"; flow:established, to_server; content:"survey"; priority:3; metadata:created_at 2017-08-26,capec_id 286,updated_at 2017-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80185960;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINOR BEGGAR Malware Communication"; flow:established,to_server; content:"beggar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-10,updated_at 2017-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185961;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMPTY MANNER Exploitation Attempt Seen"; flow:established,to_server; content:"manner"; priority:2; metadata:cwe_id 120,cvss_v3_base 4.5,hostile src_ip,created_at 2019-09-17,capec_id 100,updated_at 2019-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,cvss_v3_temporal 4.8,cve 2018-7259880,cvss_v2_temporal 4.8,protocols tcp; rev:2; sid:80185962;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROTECTIVE EPHEMERA Exploitation Attempt Seen"; flow:established,to_server; content:"ephemera"; priority:2; metadata:cwe_id 120,cvss_v3_base 7.0,hostile src_ip,created_at 2019-02-20,capec_id 100,updated_at 2019-02-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 7.5,cve 2018-8384675,cvss_v2_temporal 7.5,protocols tcp; rev:2; sid:80185963;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLINICAL INSCRIPTION Exploitation Attempt Seen"; flow:established,to_server; content:"inscription"; priority:2; metadata:cwe_id 20,cvss_v3_base 7.9,hostile src_ip,created_at 2017-11-20,capec_id 210,updated_at 2017-11-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target server,attack_target http-server,cvss_v3_temporal 6.8,cve 2017-4263872,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80185964;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RICH EPHEMERIS Traffic Detected"; flow:established,to_server; content:"ephemeris"; priority:4; metadata:hostile dest_ip,created_at 2019-05-23,capec_id 210,updated_at 2019-05-26,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185965;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MENTAL ARCHITECT Traffic Detected"; flow:established,to_server; content:"architect"; priority:4; metadata:hostile dest_ip,created_at 2016-02-15,capec_id 210,updated_at 2016-02-21,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80185966;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SYMBOLIC ELM Exploitation Attempt Seen"; flow:established,to_client; content:"elm"; priority:2; metadata:hostile src_ip,created_at 2019-09-14,capec_id 248,updated_at 2019-09-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target client,cve 2019-2892760,cvss_v2_temporal 5.0,protocols tcp; rev:2; sid:80185967;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURVED TRANSPORT Malware Communication"; flow:established,to_server; content:"transport"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-03-22,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185968;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPERIOR UNDERNEATH Traffic Detected"; flow:established,to_server; content:"underneath"; priority:2; metadata:hostile dest_ip,created_at 2017-11-23,capec_id 118,updated_at 2017-11-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185969;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OTHER IMPROVEMENT Traffic Detected"; flow:established,to_server; content:"improvement"; priority:2; metadata:hostile src_ip,created_at 2017-02-10,capec_id 152,updated_at 2017-02-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185970;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SKINNY BUS Malware Communication"; flow:established,to_client; file_data; content:"bus"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-06,updated_at 2019-02-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80185971;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RAPID SKIING Malware Communication"; flow:established,to_client; file_data; content:"skiing"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80185972;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YUMMY DIAMOND Malware Communication"; flow:established,to_server; content:"diamond"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-08,updated_at 2015-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185973;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VICTORIOUS MOTHER Malware Communication"; flow:established,to_client; content:"mother"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-01-15,updated_at 2016-01-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80185974;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - PROPER UNKNOWNSUIT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWNsuit"; priority:3; metadata:cwe_id 119,cvss_v3_base 5.2,hostile src_ip,created_at 2019-07-11,capec_id 253,updated_at 2019-07-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target http-client,attack_target client,cvss_v3_temporal 4.5,cve 2019-289304,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:3; sid:80185975;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMOOTH KID Traffic Detected"; flow:established,to_server; content:"kid"; priority:1; metadata:hostile dest_ip,created_at 2016-10-20,updated_at 2016-10-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185976;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL BOWER Malware Communication"; flow:established,to_server; content:"bower"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-09,updated_at 2017-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185977;) drop http $HOME_NET any -> any any (msg:"Acme - PERFECT CIRCUMFERENCE Malware Communication"; flow:established,to_server; content:"circumference"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-06-04,updated_at 2018-06-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185978;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN INNOCENCE Malware Communication"; flow:established,to_server; content:"innocence"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-14,updated_at 2017-11-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185979;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RETAIL STAFF Malware Communication"; flow:established,to_server; content:"staff"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-17,updated_at 2017-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185980;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WICKED INDUSTRY Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"industry"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-01-26,updated_at 2017-01-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80185981;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAFENING FACULTY Malware Communication"; flow:established,to_server; content:"faculty"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-09,updated_at 2019-09-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80185982;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIXED WHALE Traffic Detected"; flow:established,to_server; content:"whale"; priority:1; metadata:hostile dest_ip,created_at 2016-09-12,updated_at 2016-09-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185983;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIMARY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-21,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185984;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COOPERATIVE WELCOME Malware Communication"; flow:established,to_server; content:"welcome"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185985;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD STAIR Traffic Detected"; flow:established, to_client; file_data; content:"stair"; priority:3; metadata:hostile src_ip,created_at 2018-02-18,capec_id 119,updated_at 2018-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185986;) #alert tcp any any -> $HOME_NET any (msg:"Acme - KIND EAVE Exploitation Attempt Seen"; flow:established, to_server; content:"eave"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-11,capec_id 100,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,cve 2015-4348572,protocols imap,protocols tcp; rev:1; sid:80185987;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VIVACIOUS MATTER Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"matter"; priority:3; metadata:cwe_id 416,cvss_v3_base 7.4,hostile src_ip,created_at 2019-03-15,capec_id 255,updated_at 2019-03-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target http-client,attack_target client,cvss_v3_temporal 6.5,cve 2019-4028551,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80185988;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SYMPATHETIC PATIENT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"patient"; priority:3; metadata:hostile src_ip,created_at 2019-06-19,capec_id 255,updated_at 2019-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-7435714,protocols http,protocols tcp; rev:2; sid:80185989;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BONGO Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"bongo"; priority:3; metadata:hostile src_ip,created_at 2018-04-06,capec_id 253,updated_at 2018-04-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-7517582,protocols http,protocols tcp; rev:2; sid:80185990;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUNKNOWN OEUVRE Traffic Detected"; flow:established,to_server; content:"oeuvre"; priority:3; metadata:hostile src_ip,created_at 2015-04-03,capec_id 128,updated_at 2015-04-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,attack_target http-server,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:1; sid:80185991;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSTRACT ICE Malware Communication"; flow:established,to_server; content:"ice"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-03-23,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185992;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENDER ASSISTANCE Malware Communication"; flow:established,to_server; content:"assistance"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-01-23,updated_at 2019-01-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80185993;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INFLUENTIAL HIGH-RISE Malware Communication"; flow:established,to_server; content:"high-rise"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-06-26,updated_at 2018-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80185994;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COHERENT ONION Malware Communication"; flow:established,to_client; content:"onion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-06-09,updated_at 2015-06-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80185995;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FURIOUS CURRENCY Malware Communication"; flow:established,to_server; content:"currency"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-06-24,updated_at 2019-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185996;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VERY SISTER-IN-LAW Malware Communication"; flow:established,to_server; content:"sister-in-law"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-13,updated_at 2017-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185997;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR CROISSANT Malware Communication"; flow:established,to_client; file_data; content:"croissant"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-05-12,updated_at 2019-05-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80185998;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELEVANT CUSHION Malware Communication"; flow:established,to_server; content:"cushion"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-11-21,updated_at 2016-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80185999;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOND GRAIN Malware Communication"; flow:established,to_server; content:"grain"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-21,updated_at 2017-01-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186000;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CREATIVE UNKNOWN Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"UNKNOWN"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-11-26,updated_at 2018-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186001;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREY PANNIER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pannier"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-01-19,capec_id 100,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-5678003,protocols http,protocols tcp; rev:2; sid:80186002;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LITTLE BEACH Malware Communication"; flow:established,to_server; content:"beach"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-26,updated_at 2018-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:2; sid:80186003;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RARE PEACE Malware Communication"; flow:established,to_server; content:"peace"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186004;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRIED ATTENTION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"attention"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-08-01,capec_id 119,updated_at 2017-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-5618025,protocols http,protocols tcp; rev:2; sid:80186005;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SQUEALING PILLBOX Malware Communication"; flow:established,to_client; content:"pillbox"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2015-11-25,updated_at 2015-11-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:5; sid:80186006;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPERIAL PARCHMENT Malware Communication"; flow:established,to_server; content:"parchment"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2017-10-27,updated_at 2017-10-28,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186007;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JOLLY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-07-25,updated_at 2019-07-25,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186008;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELIGHTFUL SOLITAIRE Malware Communication"; flow:established,to_server; content:"solitaire"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-09-25,updated_at 2019-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186009;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TROPICAL COUNCIL Exploitation Attempt Seen"; flow:established,to_server; content:"council"; priority:2; metadata:cwe_id 20,cvss_v3_base 1.6,hostile src_ip,created_at 2018-02-17,capec_id 152,updated_at 2018-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cvss_v3_temporal 3.2,cve 2018-3938165,cvss_v2_temporal 3.2,protocols http,protocols tcp; rev:1; sid:80186010;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STATISTICAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-24,updated_at 2018-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186011;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DEPARTURE Exploitation Attempt Seen"; flow:established,to_server; content:"departure"; priority:3; metadata:hostile src_ip,created_at 2019-08-09,capec_id 255,updated_at 2019-08-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-8145929,protocols http,protocols tcp; rev:3; sid:80186012;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURLY PROOF-READER Malware Communication"; flow:established,to_server; content:"proof-reader"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-21,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186013;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWAKE TABERNACLE Malware Communication"; flow:established,to_server; content:"tabernacle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-11,updated_at 2018-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186014;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUCIAL VOYAGE Malware Communication"; flow:established,to_server; content:"voyage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-23,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186015;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PERSISTENT FORMAT Malware Communication"; flow:established,to_server; content:"format"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-04-24,updated_at 2017-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186016;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACTUAL UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 79,hostile src_ip,created_at 2019-09-21,capec_id 63,updated_at 2019-09-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cve 2019-189801,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80186017;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CULTURAL SHOW Malware Communication"; flow:established,to_server; content:"show"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-01-12,updated_at 2017-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186018;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHARACTERISTIC PUPPY Malware Communication"; flow:established,to_server; content:"puppy"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-06-13,updated_at 2018-06-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186019;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MOOD Malware Communication"; flow:established,to_server; content:"mood"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-13,updated_at 2019-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186020;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIENDLY TYPE Malware Communication"; flow:established,to_server; content:"type"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-08-27,updated_at 2018-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186021;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DOUBTFUL SOUND Malware Communication"; flow:established,to_server; content:"sound"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-02-11,updated_at 2018-02-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186022;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIRSTY BUCKLE Malware Communication"; flow:established,to_server; content:"buckle"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-20,updated_at 2019-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186023;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POSSIBLE OATMEAL Malware Communication"; flow:established,to_server; urilen:1,norm; content:"oatmeal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-20,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186024;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTURBING TAIL Malware Communication"; flow:established,to_client; content:"tail"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-09-15,updated_at 2016-09-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186025;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNIVERSAL BOARD Malware Communication"; flow:established,to_server; content:"board"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-22,updated_at 2018-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186026;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIGITAL DEPRESSION Malware Communication"; flow:established,to_server; content:"depression"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2015-06-15,updated_at 2015-06-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186027;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCONSCIOUS LANDSCAPE Malware Communication"; flow:established,to_client; content:"landscape"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2018-11-22,updated_at 2018-11-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186028;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORGANIC HELL Malware Communication"; flow:established, to_client; content:"hell"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-01-05,updated_at 2016-01-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186029;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AUUNKNOWNATIC DAMAGE Exploitation Attempt Seen"; flow:established, to_server; content:"damage"; priority:3; metadata:cwe_id 20,cvss_v3_base 7.7,hostile src_ip,created_at 2016-03-23,capec_id 248,updated_at 2016-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,attack_target http-server,cvss_v3_temporal 6.9,cve 2015-3911249,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:4; sid:80186030;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CLUTCH Traffic Detected"; flow:established,to_server; content:"clutch"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-02-19,updated_at 2019-02-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186031;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROGRESSIVE SKULLCAP Exploitation Attempt Seen"; flow:established,to_server; content:"skullcap"; priority:2; metadata:cwe_id 20,cvss_v3_base 3.1,hostile src_ip,created_at 2015-10-09,capec_id 248,updated_at 2015-10-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cvss_v3_temporal 2.1,cve 2015-1884954,cvss_v2_temporal 2.1,protocols http,protocols tcp; rev:5; sid:80186032;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOTAL SOLUTION Malware Communication"; flow:established,to_server; content:"solution"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-10,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186033;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ARROGANT PEACOCK Malware Communication"; flow:established, to_server; content:"peacock"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-10-09,updated_at 2016-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186034;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SENSITIVE Exploitation Attempt Seen"; flow:established,to_server; content:"sensitive"; priority:2; metadata:cwe_id 20,cvss_v3_base 2.3,hostile src_ip,created_at 2017-07-13,capec_id 248,updated_at 2017-07-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.6,attack_target server,attack_target http-server,cvss_v3_temporal 2.2,cve 2015-5563146,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80186035;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BURNING CHOKER Exploitation Attempt Seen"; flow:established,to_server; content:"choker"; priority:2; metadata:cwe_id 20,cvss_v3_base 7.1,hostile src_ip,created_at 2015-08-16,capec_id 248,updated_at 2015-08-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target server,attack_target http-server,cvss_v3_temporal 7.8,cve 2015-8233745,cvss_v2_temporal 7.8,protocols http,protocols tcp; rev:2; sid:80186036;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - LIGHT CARDIGAN Traffic Detected"; flow:established,to_server; content:"cardigan"; priority:1; metadata:hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-11,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186037;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNHAPPY DEVIANCE Malware Communication"; flow:established, to_server; content:"deviance"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-10-08,updated_at 2017-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80186038;) #alert tcp any any -> any any (msg:"Acme - IMPLICIT PIKE Traffic Detected"; flow:established, to_server; content:"pike"; priority:3; metadata:hostile src_ip,created_at 2019-04-09,updated_at 2019-04-24,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target dnp3-server,attack_target server,protocols dnp3,protocols tcp; rev:1; sid:80186039;) drop tcp any any -> $HOME_NET any (msg:"Acme - HUNGRY PRUNER Malware Communication"; flow:established; content:"pruner"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-01-25,updated_at 2019-01-28,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:3; sid:80186040;) drop tcp any any -> $HOME_NET any (msg:"Acme - VOICELESS PULL Malware Communication"; flow:established; content:"pull"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-04-17,updated_at 2017-04-17,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:2; sid:80186041;) #alert tcp any any -> any any (msg:"Acme - BASIC PLIER Traffic Detected"; flow:established, to_server; content:"plier"; priority:3; metadata:hostile src_ip,created_at 2019-06-27,capec_id 210,updated_at 2019-06-28,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target dnp3-server,attack_target server,protocols dnp3,protocols tcp; rev:1; sid:80186042;) #alert tcp any any -> any any (msg:"Acme - GROSS BITTER Traffic Detected"; flow:established, to_server; content:"bitter"; priority:3; metadata:hostile src_ip,created_at 2017-06-24,capec_id 232,updated_at 2017-06-25,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target dnp3-server,attack_target server,protocols dnp3,protocols tcp; rev:1; sid:80186043;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOCAL CACTUS Malware Communication"; flow:established,to_client; file_data; content:"cactus"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-09-03,updated_at 2015-09-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186044;) #alert tcp any any -> any any (msg:"Acme - EVERYDAY ASSOCIATION Traffic Detected"; flow:established, to_server; content:"association"; priority:3; metadata:hostile src_ip,created_at 2019-03-01,updated_at 2019-03-20,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target dnp3-server,attack_target server,protocols dnp3,protocols tcp; rev:1; sid:80186045;) #alert tcp any any -> any any (msg:"Acme - MAD KENDO Traffic Detected"; flow:established, to_server; content:"kendo"; priority:3; metadata:hostile src_ip,created_at 2016-08-03,updated_at 2016-08-26,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target dnp3-server,attack_target server,protocols dnp3,protocols tcp; rev:1; sid:80186046;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN VESTMENT Traffic Detected"; flow:established,to_server; content:"vestment"; priority:3; metadata:hostile dest_ip,created_at 2019-04-05,capec_id 403,updated_at 2019-04-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186047;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FEDERAL JEFF Traffic Detected"; flow:established,to_server; content:"jeff"; priority:3; metadata:hostile dest_ip,created_at 2017-08-05,capec_id 403,updated_at 2017-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186048;) #alert tcp any any -> any any (msg:"Acme - SPECTACULAR SESSION Traffic Detected"; flow:established, to_server; content:"session"; priority:3; metadata:hostile src_ip,created_at 2016-11-08,capec_id 232,updated_at 2016-11-16,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target iccp-server,attack_target server,protocols iccp,protocols tcp; rev:1; sid:80186049;) #alert tcp any any -> any any (msg:"Acme - RESPONSIBLE QUICKSAND Traffic Detected"; flow:established, to_client; content:"quicksand"; priority:3; metadata:hostile dest_ip,created_at 2019-11-01,capec_id 232,updated_at 2019-11-11,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target iccp-server,attack_target server,protocols iccp,protocols tcp; rev:1; sid:80186050;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTINGUISHED TEMPO Malware Communication"; flow:established,to_server; content:"tempo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-15,updated_at 2019-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186051;) #alert tcp any any -> any any (msg:"Acme - LIGHT FIR Traffic Detected"; flow:established, to_server; content:"fir"; priority:3; metadata:hostile src_ip,created_at 2018-03-05,capec_id 232,updated_at 2018-03-10,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target iccp-server,attack_target server,protocols iccp,protocols tcp; rev:1; sid:80186052;) #alert tcp any any -> any any (msg:"Acme - MODERN UNKNOWN Traffic Detected"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:hostile dest_ip,created_at 2017-09-12,capec_id 232,updated_at 2017-09-28,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target iccp-server,attack_target server,protocols iccp,protocols tcp; rev:1; sid:80186053;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHOCKED SILLY Malware Communication"; flow:established, to_client; content:"silly"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-07-05,updated_at 2017-07-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186054;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FASCINATING CONCLUSION Malware Communication"; flow:established,to_server; urilen:1; content:"conclusion"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-02,updated_at 2017-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186055;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMBARRASSED BOWTIE Malware Communication"; flow:established, to_server; content:"bowtie"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-08-17,updated_at 2019-08-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186056;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NECESSARY ELK Malware Communication"; flow:established,to_server; content:"elk"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-06,updated_at 2017-07-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186057;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDEPENDENT PRODUCT Malware Communication"; flow:established,to_server; content:"product"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-13,updated_at 2018-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186058;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOW COINSURANCE Malware Communication"; flow:established,to_server; content:"coinsurance"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-17,updated_at 2019-01-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186059;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOREIGN DIGESTION Malware Communication"; flow:established,to_server; content:"digestion"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-10-09,updated_at 2019-10-18,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186060;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCERNED COLUMNIST Exploitation Attempt Seen"; flow:established,to_client; content:"columnist"; priority:2; metadata:cwe_id 119,cvss_v3_base 7.9,hostile src_ip,created_at 2019-04-05,capec_id 255,updated_at 2019-04-06,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target http-client,attack_target client,cvss_v3_temporal 8.7,cve 2019-8760408,cvss_v2_temporal 8.7,protocols http,protocols tcp; rev:2; sid:80186061;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UGLY POLE Traffic Detected"; flow:established, to_client; file_data; content:"pole"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-09-17,capec_id 100,updated_at 2018-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186062;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUEL MILLISECOND Malware Communication"; flow:established,to_server; content:"millisecond"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-26,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186063;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OLD PETAL Malware Communication"; flow:established,to_server; content:"petal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-16,updated_at 2019-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186064;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORTHY SALON Exploitation Attempt Seen"; flow:established, to_server; content:"salon"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-06-02,capec_id 63,updated_at 2018-06-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-4144466,protocols http,protocols tcp; rev:2; sid:80186065;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNIAL SALAD Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"salad"; priority:2; metadata:cwe_id 787,cvss_v3_base 7.6,hostile src_ip,created_at 2018-01-03,capec_id 255,updated_at 2018-01-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target http-client,attack_target client,cvss_v3_temporal 6.7,cve 2015-2991400,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:3; sid:80186066;) drop tcp any any -> $HOME_NET any (msg:"Acme - SPONTANEOUS TASSEL Exploitation Attempt Seen"; flow:established,to_server; content:"tassel"; priority:2; metadata:cwe_id 120,cvss_v3_base 6.7,hostile src_ip,created_at 2017-03-16,capec_id 100,updated_at 2017-03-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,cvss_v3_temporal 7.8,cve 2016-1975313,cvss_v2_temporal 7.8,protocols tcp; rev:2; sid:80186067;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUND PARALLELOGRAM Traffic Detected"; flow:established,to_server; content:"parallelogram"; priority:3; metadata:hostile src_ip,created_at 2019-09-26,capec_id 310,updated_at 2019-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80186068;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMMON BREADCUNKNOWNB Traffic Detected"; flow:established,to_server; content:"breadcUNKNOWNb"; priority:2; metadata:hostile src_ip,created_at 2018-11-16,capec_id 1,updated_at 2018-11-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80186069;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIVIL ROW Traffic Detected"; flow:established,to_server; content:"row"; priority:2; metadata:hostile src_ip,created_at 2017-07-01,capec_id 1,updated_at 2017-07-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80186070;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS LENTIL Traffic Detected"; flow:established,to_server; content:"lentil"; priority:2; metadata:hostile src_ip,created_at 2016-04-01,capec_id 1,updated_at 2016-04-01,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:2; sid:80186071;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINEAR DISHES Traffic Detected"; flow:established,to_server; content:"dishes"; priority:2; metadata:hostile src_ip,created_at 2019-04-21,capec_id 1,updated_at 2019-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:2; sid:80186072;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN NUTRITION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"nutrition"; priority:2; metadata:cwe_id 122,cvss_v3_base 3.5,hostile src_ip,created_at 2019-06-07,capec_id 100,updated_at 2019-06-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cvss_v3_temporal 4.6,cve 2018-3735243,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80186073;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - EXPLICIT PLANTER Exploitation Attempt Seen"; flow:established,to_client; content:"planter"; priority:3; metadata:cwe_id 125,cvss_v3_base 5.5,hostile src_ip,created_at 2019-11-06,capec_id 118,updated_at 2019-11-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cvss_v3_temporal 6.4,cve 2016-3861762,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80186074;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MONKEY Malware Communication"; flow:established,to_server; content:"monkey"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-23,updated_at 2017-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186075;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIGHT MATE Malware Communication"; flow:established,to_client; file_data; content:"mate"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-01-25,updated_at 2017-01-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186076;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COASTAL SITAR Exploitation Attempt Seen"; flow:established,to_server; content:"sitar"; priority:2; metadata:cwe_id 20,cvss_v3_base 5.0,hostile src_ip,created_at 2019-11-03,capec_id 248,updated_at 2019-11-10,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,cvss_v3_temporal 3.5,cve 2019-6868652,cvss_v2_temporal 3.5,protocols tcp; rev:3; sid:80186077;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUSICAL WASTEBASKET Malware Communication"; flow:established,to_server; content:"wastebasket"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-08-20,updated_at 2017-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186078;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - INC NOUGAT Malware Communication"; flow:established,to_client; content:"nougat"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-02-12,updated_at 2016-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186079;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROUND HERON Malware Communication"; flow:established,to_server; content:"heron"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-18,updated_at 2018-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186080;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLORIOUS SERIES Malware Communication"; flow:established,to_server; content:"series"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-10,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186081;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRIMINAL HYDRANT Traffic Detected"; flow:established,to_server; content:"hydrant"; priority:1; metadata:hostile dest_ip,created_at 2019-06-18,updated_at 2019-06-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186082;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CORRESPONDING TOUCH Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"touch"; priority:2; metadata:cwe_id 119,cvss_v3_base 4.3,hostile src_ip,created_at 2017-10-19,capec_id 255,updated_at 2017-10-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cvss_v3_temporal 3.4,cve 2017-8129326,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:2; sid:80186083;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEAP WATERSKIING Exploitation Attempt Seen"; flow:established,to_server; content:"waterskiing"; priority:2; metadata:cwe_id 20,cvss_v3_base 4.0,hostile src_ip,created_at 2018-01-25,capec_id 248,updated_at 2018-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target server,attack_target http-server,cvss_v3_temporal 4.1,cve 2015-8080247,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:4; sid:80186084;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FLAT BOUGH Exploitation Attempt Seen"; flow:established,to_server; content:"bough"; priority:2; metadata:cwe_id 20,cvss_v3_base 7.0,hostile src_ip,created_at 2018-02-19,capec_id 248,updated_at 2018-02-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cvss_v3_temporal 5.7,cve 2015-1585887,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:3; sid:80186085;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MINIATURE PENTAGON Malware Communication"; flow:established,to_server; content:"pentagon"; priority:2; metadata:cwe_id 20,malware pre-infection,cvss_v3_base 6.4,hostile src_ip,created_at 2018-05-26,updated_at 2018-05-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cvss_v3_temporal 6.5,cve 2017-4129341,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:3; sid:80186086;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUAL FANLIGHT Exploitation Attempt Seen"; flow:established,to_server; content:"fanlight"; priority:2; metadata:cwe_id 20,cvss_v3_base 6.6,hostile src_ip,created_at 2017-07-12,capec_id 248,updated_at 2017-07-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cvss_v3_temporal 6.2,cve 2015-6500743,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:3; sid:80186087;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLANNED GIANT Exploitation Attempt Seen"; flow:established,to_server; content:"giant"; priority:2; metadata:cwe_id 20,cvss_v3_base 4.0,hostile src_ip,created_at 2018-02-14,capec_id 248,updated_at 2018-02-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cvss_v3_temporal 4.3,cve 2018-2544886,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:3; sid:80186088;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHORT ANIMAL Malware Communication"; flow:established,to_server; content:"animal"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-13,updated_at 2018-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186089;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GUILTY FOOTREST Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"footrest"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-02-15,updated_at 2018-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186090;) drop tcp any any -> $HOME_NET any (msg:"Acme - ASLEEP GRIP Malware Communication"; flow:established,to_client; content:"grip"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-05,updated_at 2019-03-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80186091;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANY MINI Malware Communication"; flow:established,to_server; content:"mini"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-14,updated_at 2019-08-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186092;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TURNSTILE Malware Communication"; flow:established,to_server; content:"turnstile"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-20,updated_at 2016-04-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186093;) #drop http any any -> $HOME_NET any (msg:"Acme - CHARMING BIPLANE Exploitation Attempt Seen"; flow:established,to_server; content:"biplane"; priority:2; metadata:cwe_id 78,cvss_v3_base 2.5,hostile src_ip,created_at 2017-09-25,capec_id 88,updated_at 2017-09-25,filename scada.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target server,attack_target http-server,cvss_v3_temporal 3.8,cve 2016-1471650,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80186094;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERFECT CUPOLA Malware Communication"; flow:established,to_client; content:"cupola"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-11-11,updated_at 2018-11-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186095;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNDERLYING STOCK-IN-TRADE Traffic Detected"; flow:established,to_server; content:"stock-in-trade"; priority:1; metadata:hostile dest_ip,created_at 2019-05-07,updated_at 2019-05-12,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186096;) #drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN GUITAR Exploitation Attempt Seen"; flow:established,to_server; content:"guitar"; priority:2; metadata:cwe_id 78,cvss_v3_base 4.5,hostile src_ip,created_at 2019-08-08,capec_id 88,updated_at 2019-08-10,filename scada.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,attack_target http-server,cvss_v3_temporal 4.3,cve 2015-7159217,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80186097;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FURIOUS TRY Malware Communication"; flow:established,to_server; content:"try"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-10,updated_at 2019-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186098;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE BROOM Malware Communication"; flow:established,to_server; content:"broom"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-04-07,updated_at 2019-04-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186099;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TIRED CHERRIES Malware Communication"; flow:established,to_server; content:"cherries"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-24,updated_at 2019-08-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186100;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INSUFFICIENT SYMPATHY Malware Communication"; flow:established,to_server; content:"sympathy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-12,updated_at 2017-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186101;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HELPFUL BOUGH Malware Communication"; flow:established,to_server; content:"bough"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-27,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186102;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LUCKY CHARITY Malware Communication"; flow:established,to_server; content:"charity"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-10-02,updated_at 2018-10-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186103;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PAYABLE COLLEGE Exploitation Attempt Seen"; flow:established,to_server; content:"college"; priority:2; metadata:cwe_id 611,cvss_v3_base 7.5,hostile src_ip,created_at 2016-10-06,capec_id 250,updated_at 2016-10-06,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cvss_v3_temporal 6.6,cve 2016-5946102,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80186104;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DETERMINED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186105;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENTLE POSTBOX Malware Communication"; flow:established,to_server; content:"postbox"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-03,updated_at 2018-07-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186106;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MOTIONLESS BOTANY Malware Communication"; flow:established,to_server; content:"botany"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-11,updated_at 2017-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186107;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIRTY GONG Malware Communication"; flow:established,to_server; content:"gong"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186108;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBSTANTIAL IMAGINATION Malware Communication"; flow:established,to_server; content:"imagination"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-07,updated_at 2018-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186109;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAREFUL RAKE Malware Communication"; flow:established,to_client; content:"rake"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-04-20,updated_at 2019-04-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186110;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADVISORY YARMULKE Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"yarmulke"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-11-10,updated_at 2018-11-10,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186111;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORANGE SWITCH Malware Communication"; flow:established,to_server; content:"switch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-24,updated_at 2017-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186112;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLEEPY CARTLOAD Malware Communication"; flow:established,to_server; content:"cartload"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-19,updated_at 2018-07-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186113;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISERABLE FEDELINI Malware Communication"; flow:established,to_server; content:"fedelini"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-20,updated_at 2018-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186114;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFUSED ARCHAEOLOGY Traffic Detected"; flow:established,to_server; content:"archaeology"; priority:1; metadata:hostile dest_ip,created_at 2019-08-05,updated_at 2019-08-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186115;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAD MACHINE Malware Communication"; flow:established,to_server; content:"machine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-06,updated_at 2019-10-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186116;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEGATIVE PRINT Malware Communication"; flow:established, to_server; content:"print"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-12,updated_at 2019-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186117;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FROZEN CAMPAIGN Malware Communication"; flow:established,to_server; content:"campaign"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-01,updated_at 2018-09-04,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186118;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURPLE HOURGLASS Malware Communication"; flow:established,to_server; content:"hourglass"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186119;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE VISION Malware Communication"; flow:established,to_server; content:"vision"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-27,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186120;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIMITED ZINC Malware Communication"; flow:established,to_server; content:"zinc"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-06-15,updated_at 2019-06-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186121;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN NOUNKNOWN Malware Communication"; flow:established,to_server; content:"noUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186122;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCRETE WONDER Malware Communication"; flow:established,to_client; content:"wonder"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-15,updated_at 2019-07-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186123;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCURATE BULL-FIGHTER Malware Communication"; flow:established,to_server; content:"bull-fighter"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-20,updated_at 2018-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186124;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENVIOUS INTESTINE Exploitation Attempt Seen"; flow:established,to_server; content:"intestine"; priority:2; metadata:cwe_id 20,cvss_v3_base 6.9,hostile src_ip,created_at 2018-06-10,capec_id 88,updated_at 2018-06-14,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target server,attack_target http-server,cvss_v3_temporal 6.2,cve 2018-9225821,cve 2018-9225821,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:3; sid:80186125;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCESS ACCELERATOR Exploitation Attempt Seen"; flow:established, to_server; content:"accelerator"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2019-03-05,capec_id 115,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-5893088,protocols http,protocols tcp; rev:2; sid:80186126;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSTITUTIONAL GALOSHES Traffic Detected"; flow:established, to_server; content:"galoshes"; priority:1; metadata:hostile dest_ip,created_at 2018-08-16,updated_at 2018-08-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186127;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN POLICEMAN Traffic Detected"; flow:established,to_server; content:"policeman"; priority:1; metadata:hostile dest_ip,created_at 2019-11-12,updated_at 2019-11-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186128;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIRTY CAP Exploitation Attempt Seen"; flow:established,to_server; content:"cap"; priority:2; metadata:cwe_id 20,cvss_v3_base 3.4,hostile src_ip,created_at 2019-10-14,capec_id 88,updated_at 2019-10-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target server,attack_target http-server,cvss_v3_temporal 3.4,cve 2018-1133830,cve 2018-1133830,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:1; sid:80186129;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTSIDE ENGINEERING Traffic Detected"; flow:established,to_server; content:"engineering"; priority:3; metadata:created_at 2019-07-01,capec_id 436,updated_at 2019-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80186130;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POSITIVE HACKSAW Traffic Detected"; flow:established,to_server; content:"hacksaw"; priority:1; metadata:hostile dest_ip,created_at 2018-11-15,updated_at 2018-11-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186131;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ICY SACK Traffic Detected"; flow:established,to_server; content:"sack"; priority:1; metadata:created_at 2017-06-08,updated_at 2017-06-19,filename acme.rules,priority high,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80186132;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN HANDUNKNOWNEN Exploitation Attempt Seen"; flow:established,to_server; content:"handUNKNOWNen"; priority:3; metadata:cwe_id 288,cvss_v3_base 8.5,hostile src_ip,created_at 2017-09-15,capec_id 115,updated_at 2017-09-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.5,cve 2016-1105777,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80186133;) drop http any any -> $HOME_NET any (msg:"Acme - DISTINGUISHED AFTERTHOUGHT Exploitation Attempt Seen"; flow:established,to_server; content:"afterthought"; priority:3; metadata:cwe_id 78,cvss_v3_base 3.0,hostile src_ip,created_at 2019-09-23,capec_id 88,updated_at 2019-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target server,attack_target http-server,cvss_v3_temporal 2.8,cve 2019-7001302,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:1; sid:80186134;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RULING FREEZE Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"freeze"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-04-20,updated_at 2019-04-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80186135;) drop tcp any any -> $HOME_NET any (msg:"Acme - WASTEFUL BANKBOOK Malware Communication"; flow:established, to_server; content:"bankbook"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-11-24,updated_at 2016-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:2; sid:80186136;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAD NONDISCLOSURE Malware Communication"; flow:established,to_client; content:"nondisclosure"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-04-06,updated_at 2017-04-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186137;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REAR ALTERUNKNOWN Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"alterUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-04-16,updated_at 2018-04-19,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186138;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS VELDT Traffic Detected"; flow:established,to_server; content:"veldt"; priority:3; metadata:created_at 2019-07-22,capec_id 436,updated_at 2019-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80186139;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EVENTUAL IMPLEMENT Exploitation Attempt Seen"; flow:established,to_server; content:"implement"; priority:2; metadata:cwe_id 502,cvss_v3_base 8.1,hostile src_ip,created_at 2019-02-04,capec_id 184,updated_at 2019-02-13,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 8.2,cve 2019-6529811,cvss_v2_temporal 8.2,protocols tcp; rev:2; sid:80186140;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNIVE BADGER Exploitation Attempt Seen"; flow:established,to_client; file_data; file_data; content:"badger"; priority:2; metadata:cwe_id 119,cvss_v3_base 5.9,hostile src_ip,created_at 2019-11-03,capec_id 255,updated_at 2019-11-03,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target http-client,attack_target client,cvss_v3_temporal 6.1,cve 2016-4500791,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:3; sid:80186141;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLE DIGITAL Malware Communication"; flow:established,to_client; content:"digital"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2015-01-25,updated_at 2015-01-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186142;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MEAL Exploitation Attempt Seen"; flow:established,to_client; content:"meal"; priority:3; metadata:cwe_id 843,cvss_v3_base 4.1,hostile src_ip,created_at 2019-06-20,capec_id 255,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target http-client,attack_target client,cvss_v3_temporal 3.8,cve 2018-5127016,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80186143;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIFFICULT LOYALTY Malware Communication"; flow:established,to_server; content:"loyalty"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-04-25,updated_at 2019-04-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186144;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIOR ENTHUSIASM Malware Communication"; flow:established,to_server; content:"enthusiasm"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-08,updated_at 2019-10-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186145;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTENSE NEGOTIATION Malware Communication"; flow:established,to_client; file_data; content:"negotiation"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-02-19,updated_at 2019-02-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186146;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFIDENT WIND Malware Communication"; flow:established,to_server; content:"wind"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-08,updated_at 2019-02-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186147;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVINCING COMFORTABLE Exploitation Attempt Seen"; flow:established, to_server; content:"comfortable"; priority:3; metadata:hostile src_ip,created_at 2016-09-05,capec_id 119,updated_at 2016-09-12,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-4387720,protocols http,protocols tcp; rev:2; sid:80186148;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURROUNDING KILOGRAM Malware Communication"; flow:established,to_server; content:"kilogram"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-15,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186149;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONDEMNED SHOFAR Exploitation Attempt Seen"; flow:established,to_server; content:"shofar"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2017-05-24,capec_id 248,updated_at 2017-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cve 2017-9027591,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:2; sid:80186150;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENTIRE OCELOT Malware Communication"; flow:established,to_client; content:"ocelot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-01-20,updated_at 2019-01-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186151;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MARVELLOUS CLANK Malware Communication"; flow:established,to_server; content:"clank"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-11-09,updated_at 2018-11-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186152;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORTHY AVENUE Malware Communication"; flow:established,to_server; content:"avenue"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-10-22,updated_at 2018-10-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186153;) reject smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASCINATING LOAN Traffic Detected"; flow:established,to_server; content:"loan"; priority:2; metadata:hostile src_ip,created_at 2017-04-01,capec_id 152,updated_at 2017-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80186154;) reject smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEAT SUBSIDENCE Traffic Detected"; flow:established,to_server; content:"subsidence"; priority:2; metadata:hostile src_ip,created_at 2018-11-23,capec_id 152,updated_at 2018-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80186155;) reject smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNCTIONAL GLUE Traffic Detected"; flow:established,to_server; content:"glue"; priority:2; metadata:hostile src_ip,created_at 2019-06-17,capec_id 152,updated_at 2019-06-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80186156;) reject smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - APPLICABLE DECADE Traffic Detected"; flow:established,to_server; content:"decade"; priority:2; metadata:hostile src_ip,created_at 2019-02-16,capec_id 152,updated_at 2019-02-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80186157;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVING ATMOSPHERE Malware Communication"; flow:established,to_server; content:"atmosphere"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-18,updated_at 2017-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186158;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONDEMNED BOTANY Malware Communication"; flow:established,to_server; content:"botany"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-02,updated_at 2019-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186159;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PARROT Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"parrot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-07-12,updated_at 2018-07-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186160;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY WILLOW Exploitation Attempt Seen"; flow:established,to_server; content:"willow"; priority:4; metadata:cwe_id 425,hostile src_ip,created_at 2019-09-08,capec_id 115,updated_at 2019-09-19,filename scada.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2018-8800124,cvss_v2_temporal 8.4,protocols http,protocols tcp; rev:1; sid:80186161;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SERVER Malware Communication"; flow:established,to_server; content:"server"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-26,updated_at 2018-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186162;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIN BOOT Malware Communication"; flow:established,to_server; content:"boot"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-08-12,updated_at 2018-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186163;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMERICAN SAD Malware Communication"; flow:established,to_server; content:"sad"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-21,updated_at 2017-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80186164;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EVIL PIN Malware Communication"; flow:established, to_client; content:"pin"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-01-19,updated_at 2017-01-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186165;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DECENT GUEST Malware Communication"; flow:established,to_server; content:"guest"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-05,updated_at 2019-07-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186166;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DYING CIRRUS Malware Communication"; flow:established,to_server; content:"cirrus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-22,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186167;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT ZEBRAFISH Malware Communication"; flow:established, to_client; content:"zebrafish"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-06-27,updated_at 2018-06-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186168;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KIND ARM Malware Communication"; flow:established,to_server; content:"arm"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-01-26,updated_at 2016-01-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186169;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRICKLY BOSS Malware Communication"; flow:established,to_server; urilen:1; content:"boss"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-21,updated_at 2018-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186170;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELATED NEST Malware Communication"; flow:established,to_server; content:"nest"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-25,updated_at 2018-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186171;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLAD PANTY Malware Communication"; flow:established,to_server; content:"panty"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-04,updated_at 2018-02-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186172;) drop http $HOME_NET any -> any any (msg:"Acme - DIVERSE CELSIUS Malware Communication"; flow:established,to_server; content:"celsius"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-13,updated_at 2019-06-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186173;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAVOURABLE SCRIM Malware Communication"; flow:established,to_client; file_data; content:"scrim"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2015-08-05,updated_at 2015-08-07,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80186174;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOUD ONION Malware Communication"; flow:established, to_client; file_data; content:"onion"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-06-16,updated_at 2018-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186175;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IRRELEVANT BASKET Malware Communication"; flow:established, to_server; content:"basket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-18,updated_at 2017-02-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186176;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FEW DEN Exploitation Attempt Seen"; flow:established,to_server; content:"den"; priority:2; metadata:cwe_id 284,cvss_v3_base 5.2,hostile src_ip,created_at 2019-06-09,capec_id 253,updated_at 2019-06-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,cvss_v3_temporal 4.3,cve 2015-510041,cvss_v2_temporal 4.3,protocols tcp; rev:2; sid:80186177;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIVATE LYRE Malware Communication"; flow:established, to_client; file_data; content:"lyre"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-07-02,updated_at 2016-07-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186178;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBEDIENT SYMPATHY Malware Communication"; flow:established, to_client; file_data; content:"sympathy"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-02-14,updated_at 2018-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186179;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONCRETE NEUROPSYCHIATRY Malware Communication"; flow:established,to_server; content:"neuropsychiatry"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-12,updated_at 2019-01-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186180;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SELECTIVE BUTTER Traffic Detected"; flow:established,to_server; content:"butter"; priority:1; metadata:hostile dest_ip,created_at 2019-05-26,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186181;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENERGETIC QUICKSAND Malware Communication"; flow:established,to_client; content:"quicksand"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-21,updated_at 2019-03-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186182;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASSOCIATED STEP-GRANDFATHER Malware Communication"; flow:established,to_server; content:"step-grandfather"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-14,updated_at 2019-07-17,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186183;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEGATIVE BARN Malware Communication"; flow:established,to_server; content:"barn"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186184;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEDICAL ARROW Malware Communication"; flow:established, to_client; file_data; content:"arrow"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-05-02,updated_at 2018-05-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186185;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRECIOUS MARSH Malware Communication"; flow:established, to_client; file_data; content:"marsh"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-03-20,updated_at 2019-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186186;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE RESERVE Traffic Detected"; flow:established, to_client; file_data; content:"reserve"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2019-05-02,updated_at 2019-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186187;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRESIDENTIAL JUNK Malware Communication"; flow:established,to_client; content:"junk"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-11-19,updated_at 2019-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186188;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLUE CEMETERY Malware Communication"; flow:established,to_server; content:"cemetery"; priority:1; metadata:cwe_id 434,malware post-infection,hostile src_ip,created_at 2019-11-04,updated_at 2019-11-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186189;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OPERATIONAL GUARD Traffic Detected"; flow:established,to_server; content:"guard"; priority:2; metadata:hostile src_ip,created_at 2019-08-02,capec_id 248,updated_at 2019-08-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186190;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANTASTIC PRINCIPLE Exploitation Attempt Seen"; flow:established,to_server; content:"principle"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2018-10-19,capec_id 248,updated_at 2018-10-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target server,attack_target http-server,cve 2015-8573534,cve 2015-8573534,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80186191;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PLASTIC POPULATION Malware Communication"; flow:established,to_server; content:"population"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-11-19,updated_at 2016-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186192;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNAWARE MARKSMAN Malware Communication"; flow:established, to_client; content:"marksman"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-01-24,updated_at 2019-01-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186193;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TREMENDOUS DIGNITY Malware Communication"; flow:established,to_server; content:"dignity"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2019-01-09,updated_at 2019-01-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186194;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOVIET DORY Malware Communication"; flow:established,to_server; content:"dory"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2019-04-14,updated_at 2019-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186195;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DUE DEPARTMENT Malware Communication"; flow:established,to_server; content:"department"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-16,updated_at 2018-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186196;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT STAFF Malware Communication"; flow:established,to_server; content:"staff"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-22,updated_at 2017-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186197;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STEEP COEVOLUTION Malware Communication"; flow:established,to_server; content:"coevolution"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-23,updated_at 2018-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186198;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DREADFUL ROLL Malware Communication"; flow:established, to_server; content:"roll"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-22,updated_at 2019-10-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186199;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRY ARM-REST Malware Communication"; flow:established,to_server; content:"arm-rest"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-16,updated_at 2018-09-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186200;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY OTTER Malware Communication"; flow:established,to_server; content:"otter"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-11,updated_at 2017-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186201;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ULTIMATE DECADE Malware Communication"; flow:established,from_client; content:"decade"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-19,updated_at 2017-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186202;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRYING UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-08,updated_at 2019-02-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186203;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THOUNKNOWN GUILTY Malware Communication"; flow:established,to_server; content:"guilty"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-17,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186204;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTROVERSIAL MANGROVE Malware Communication"; flow:established,to_server; content:"mangrove"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-14,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186205;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTINUED STATEMENT Malware Communication"; flow:established,to_server; content:"statement"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-04,updated_at 2015-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186206;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISLEADING POULTRY Malware Communication"; flow:established,to_client; file_data; content:"poultry"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-08-18,updated_at 2016-08-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186207;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNER PRINTER Malware Communication"; flow:established,to_client; content:"printer"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-11,updated_at 2019-06-17,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186208;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRIENDLY SUNROOM Malware Communication"; flow:established,to_client; content:"sunroom"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-05-18,updated_at 2019-05-20,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186209;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WITTY CLASP Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"clasp"; priority:2; metadata:cwe_id 121,cvss_v3_base 6.8,hostile src_ip,created_at 2017-06-07,capec_id 129,updated_at 2017-06-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target http-client,attack_target client,cvss_v3_temporal 6.8,cve 2017-4132486,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80186210;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AUUNKNOWNATIC SHOES Malware Communication"; flow:established,to_server; content:"shoes"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186211;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GRANDSON Malware Communication"; flow:established,to_server; content:"grandson"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-05-27,updated_at 2016-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186212;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VAST GLUE Malware Communication"; flow:established,to_client; content:"glue"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-10-19,updated_at 2019-10-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186213;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNFAIR ARGUMENT Malware Communication"; flow:established,to_server; content:"argument"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-18,updated_at 2018-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186214;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OVERSEAS MAXIMUM Exploitation Attempt Seen"; flow:established,to_client; content:"maximum"; priority:2; metadata:cwe_id 190,cvss_v3_base 1.4,hostile src_ip,created_at 2019-06-27,capec_id 100,updated_at 2019-06-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target http-client,attack_target client,cvss_v3_temporal 1.2,cve 2019-7182225,cvss_v2_temporal 1.2,protocols http,protocols tcp; rev:2; sid:80186215;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCESSIVE FRECKLE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"freckle"; priority:2; metadata:cwe_id 190,cvss_v3_base 3.4,hostile src_ip,created_at 2017-08-27,capec_id 100,updated_at 2017-08-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target http-client,attack_target client,cvss_v3_temporal 4.3,cve 2015-8127325,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80186216;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AVAILABLE SURFACE Traffic Detected"; flow:established, to_client; file_data; content:"surface"; priority:3; metadata:hostile src_ip,created_at 2016-09-01,capec_id 26,updated_at 2016-09-02,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186217;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ENTIRE GIT Traffic Detected"; flow:established,to_client; file_data; content:"git"; priority:2; metadata:hostile src_ip,created_at 2019-07-03,updated_at 2019-07-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186218;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIDDLE-CLASS BEANSTALK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"beanstalk"; priority:2; metadata:cwe_id 843,cvss_v3_base 3.0,hostile src_ip,created_at 2019-02-25,capec_id 210,updated_at 2019-02-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target http-client,attack_target client,cvss_v3_temporal 4.7,cve 2019-8305440,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:2; sid:80186219;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STUCK AIRBUS Exploitation Attempt Seen"; flow:established, to_server; content:"airbus"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-11-14,capec_id 255,updated_at 2016-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target sip-server,attack_target server,cve 2015-4102558,protocols sip,protocols tcp; rev:1; sid:80186220;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PHYSICAL ATMOSPHERE Malware Communication"; flow:established,to_client; content:"atmosphere"; priority:2; metadata:cwe_id 125,malware pre-infection,cvss_v3_base 3.0,hostile src_ip,created_at 2017-06-19,updated_at 2017-06-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target client,cvss_v3_temporal 3.0,cve 2016-9063598,cvss_v2_temporal 3.0,protocols tcp; rev:2; sid:80186221;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NEARBY UNKNOWN Malware Communication"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-10,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186222;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LITTLE BRICKLAYING Malware Communication"; flow:established,to_server; content:"bricklaying"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-27,updated_at 2019-07-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186223;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186224;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BATTING Traffic Detected"; flow:established,to_server; content:"batting"; priority:1; metadata:hostile dest_ip,created_at 2019-03-24,updated_at 2019-03-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:3; sid:80186225;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CONTENT Traffic Detected"; flow:established, to_client; file_data; content:"content"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2018-05-11,capec_id 63,updated_at 2018-05-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186226;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY RAVIOLI Traffic Detected"; flow:established, to_client; file_data; content:"ravioli"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-04-08,capec_id 248,updated_at 2019-04-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186227;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT BROOCH Malware Communication"; flow:established,to_server; content:"brooch"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-01-07,updated_at 2018-01-14,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80186228;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN LEPROSY Traffic Detected"; flow:established,to_client; content:"leprosy"; priority:2; metadata:hostile src_ip,created_at 2018-01-25,capec_id 210,updated_at 2018-01-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186229;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUNY EARPLUG Malware Communication"; flow:established,to_server; content:"earplug"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-09,updated_at 2015-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:6; sid:80186230;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN OWL Malware Communication"; flow:established,to_server; content:"owl"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-20,updated_at 2017-04-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186231;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNDERLYING STORY Malware Communication"; flow:established,to_server; content:"story"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-10,updated_at 2019-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186232;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMILING COMMUNICATION Malware Communication"; flow:established,to_client; file_data; content:"communication"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186233;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROVINCIAL WHISTLE Malware Communication"; flow:established,to_server; content:"whistle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-16,updated_at 2018-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186234;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIGH RESOURCE Exploitation Attempt Seen"; flow:established,to_server; content:"resource"; priority:3; metadata:hostile src_ip,created_at 2017-03-04,capec_id 119,updated_at 2017-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-843258,protocols http,protocols tcp; rev:2; sid:80186235;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAF GIFT Malware Communication"; flow:established,to_server; content:"gift"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-10,updated_at 2016-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186236;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNLIKELY COLLOQUIA Traffic Detected"; flow:established,to_server; content:"colloquia"; priority:3; metadata:hostile src_ip,created_at 2016-05-20,capec_id 248,updated_at 2016-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186237;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - OBVIOUS DISEASE Exploitation Attempt Seen"; flow:established,to_server; content:"disease"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-09-22,capec_id 248,updated_at 2017-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-7086371,protocols http,protocols tcp; rev:2; sid:80186238;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUBTLE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-09-14,updated_at 2018-09-28,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186239;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRECISE SAVING Malware Communication"; flow:established,to_client; file_data; content:"saving"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-17,updated_at 2016-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186240;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN REVOLUTION Malware Communication"; flow:established,to_server; content:"revolution"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-05,updated_at 2016-04-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186241;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLASSIC NAMING Malware Communication"; flow:established,to_server; content:"naming"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-02,updated_at 2017-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186242;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLYMPIC FEED Malware Communication"; flow:established, to_client; content:"feed"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-09-12,updated_at 2016-09-15,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186243;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUCIAL FRAME Malware Communication"; flow:established,to_server; content:"frame"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-22,updated_at 2018-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186244;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GLUE Malware Communication"; flow:established,to_server; content:"glue"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-15,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186245;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASSOCIATED SUSTAINMENT Malware Communication"; flow:established,to_server; content:"sustainment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-19,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186246;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILLING CHARITY Malware Communication"; flow:established,to_server; content:"charity"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-27,updated_at 2016-09-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186247;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL VELLUM Malware Communication"; flow:established, to_client; content:"vellum"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-05-02,updated_at 2019-05-04,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186248;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DYING FLOUR Malware Communication"; flow:established,to_server; content:"flour"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-09,updated_at 2019-06-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186249;) drop http $HOME_NET any -> any any (msg:"Acme - UNKNOWN LOTION Malware Communication"; flow:established,to_server; content:"lotion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-25,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186250;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WASHCLOTH Exploitation Attempt Seen"; flow:established,to_server; content:"washcloth"; priority:2; metadata:cwe_id 22,cvss_v3_base 6.1,hostile src_ip,created_at 2019-01-20,updated_at 2019-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target server,attack_target http-server,cvss_v3_temporal 6.3,cve 2018-4970737,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80186251;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELATED KITE Malware Communication"; flow:established,to_server; content:"kite"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2017-09-17,updated_at 2017-09-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186252;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANCY WOODSHED Traffic Detected"; flow:established,to_server; urilen:<36,norm; content:"woodshed"; priority:4; metadata:hostile dest_ip,created_at 2016-11-10,updated_at 2016-11-13,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:9; sid:80186253;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELIGHTED VISITOR Malware Communication"; flow:established,to_server; content:"visitor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-16,updated_at 2017-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186254;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIVERSE SAUSAGE Malware Communication"; flow:established,to_server; content:"sausage"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-21,updated_at 2018-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:7; sid:80186255;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGNIFICENT DANCING Malware Communication"; flow:established,to_server; content:"dancing"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-04,updated_at 2019-01-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186256;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OPEN HELLO Malware Communication"; flow:established,to_server; content:"hello"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-06,updated_at 2019-07-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186257;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABUNDANT CHECKROOM Malware Communication"; flow:established,to_server; content:"checkroom"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-26,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186258;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCHANTING EXPLANATION Malware Communication"; flow:established,to_server; content:"explanation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-10,updated_at 2019-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186259;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RULING KILL Malware Communication"; flow:established,to_server; content:"kill"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-26,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186260;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPLESS PROMOTION Malware Communication"; flow:established, to_client; content:"promotion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-04-21,updated_at 2018-04-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186261;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MONSTER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"monster"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-03-14,capec_id 242,updated_at 2018-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-8186958,protocols http,protocols tcp; rev:2; sid:80186262;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNNECESSARY BLOSSOM Exploitation Attempt Seen"; flow:established,to_server; content:"blossom"; priority:2; metadata:cwe_id 918,cvss_v3_base 6.1,hostile src_ip,created_at 2019-08-08,capec_id 156,updated_at 2019-08-15,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target server,attack_target http-server,cvss_v3_temporal 6.7,cve 2019-4551616,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80186263;) drop http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - IMPRESSED INJUSTICE Malware Communication"; flow:established,to_server; content:"injustice"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-18,updated_at 2019-03-25,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186264;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MOCHA Malware Communication"; flow:established,to_server; content:"mocha"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-03,updated_at 2018-06-03,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186265;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREY BRIEF Malware Communication"; flow:established,to_server; content:"brief"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-16,updated_at 2018-04-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186266;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUARE LIE Malware Communication"; flow:established,to_server; content:"lie"; priority:3; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2018-04-02,updated_at 2018-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186267;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UPSTAIRS Exploitation Attempt Seen"; flow:established,to_server; content:"upstairs"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2017-06-18,updated_at 2017-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-4869116,protocols http,protocols tcp; rev:2; sid:80186268;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MINOR UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-04,updated_at 2019-10-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186269;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRANTIC ASSISTANCE Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"assistance"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-09-06,updated_at 2019-09-08,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186270;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REDUCED SWEDISH Malware Communication"; flow:established,to_server; urilen:>250; content:"swedish"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-17,updated_at 2017-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186271;) #drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SATISFACTORY ROAST Malware Communication"; flow:established,to_client; content:"roast"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-07-09,updated_at 2018-07-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186272;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHIEF VERVE Malware Communication"; flow:established,to_server; content:"verve"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-02-18,updated_at 2016-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186273;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWNHPICK Malware Communication"; flow:established, to_server; content:"UNKNOWNhpick"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-27,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186274;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISASTROUS LOGIC Malware Communication"; flow:established,to_server; content:"logic"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-06,updated_at 2017-03-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186275;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUDE TEXT Malware Communication"; flow:established,to_server; urilen:<15,norm; content:"text"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-16,updated_at 2019-01-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186276;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOSED SCREAMER Exploitation Attempt Seen"; flow:established,to_server; content:"screamer"; priority:3; metadata:cwe_id 287,cvss_v3_base 1.9,hostile src_ip,created_at 2018-03-07,capec_id 115,updated_at 2018-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 2.9,cve 2017-5743352,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80186277;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POWERFUL POLICY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"policy"; priority:3; metadata:cwe_id 125,cvss_v3_base 1.3,hostile src_ip,created_at 2017-08-03,capec_id 129,updated_at 2017-08-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cvss_v3_temporal 2.6,cve 2017-4727114,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:3; sid:80186278;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORLDWIDE MUG Traffic Detected"; flow:established, to_client; content:"mug"; priority:4; metadata:cwe_id 200,hostile dest_ip,created_at 2019-09-08,updated_at 2019-09-17,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186279;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DOMESTIC BOOTY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"booty"; priority:3; metadata:cwe_id 122,cvss_v3_base 5.9,hostile src_ip,created_at 2017-09-07,capec_id 129,updated_at 2017-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target http-client,attack_target client,cvss_v3_temporal 6.2,cve 2017-1836068,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:3; sid:80186280;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SKILLED FLATBOAT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"flatboat"; priority:3; metadata:cwe_id 122,cvss_v3_base 5.0,hostile src_ip,created_at 2019-07-11,capec_id 100,updated_at 2019-07-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cvss_v3_temporal 5.3,cve 2019-2761347,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80186281;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMART GYM Exploitation Attempt Seen"; flow:established,to_client; content:"gym"; priority:3; metadata:cwe_id 125,cvss_v3_base 1.9,hostile src_ip,created_at 2018-11-02,capec_id 255,updated_at 2018-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target http-client,attack_target client,cvss_v3_temporal 1.4,cve 2018-6784727,cvss_v2_temporal 1.4,protocols http,protocols tcp; rev:2; sid:80186282;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BREEZY DRAG Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"drag"; priority:3; metadata:cwe_id 125,cvss_v3_base 7.4,hostile src_ip,created_at 2019-03-06,capec_id 129,updated_at 2019-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target http-client,attack_target client,cvss_v3_temporal 6.6,cve 2019-5548403,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:3; sid:80186283;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCEPTED CONDOR Malware Communication"; flow:established,to_server; content:"condor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-10,updated_at 2017-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186284;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLOODY GRAPH Malware Communication"; flow:established,to_server; content:"graph"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-04,updated_at 2016-05-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186285;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIGH-PITCHED OXFORD Malware Communication"; flow:established,to_server; content:"oxford"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-03-24,updated_at 2019-03-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186286;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - AMAZING RECESS Traffic Detected"; flow:established,to_server; content:"recess"; priority:1; metadata:hostile dest_ip,created_at 2017-06-01,updated_at 2017-06-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186287;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPERIMENTAL LISTEN Malware Communication"; flow:established,to_client; file_data; content:"listen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-07-23,updated_at 2017-07-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186288;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN DISTRIBUTION Malware Communication"; flow:established,to_client; file_data; content:"distribution"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-09-04,updated_at 2019-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186289;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COURAGEOUS CRUDE Malware Communication"; flow:established,to_client; file_data; content:"crude"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2019-06-24,updated_at 2019-06-24,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80186290;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTSTANDING ASH Malware Communication"; flow:established,to_client; file_data; content:"ash"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-13,updated_at 2018-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186291;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACADEMIC SUNKNOWNTS Malware Communication"; flow:established,to_client; file_data; content:"sUNKNOWNts"; priority:2; metadata:cwe_id 506,malware pre-infection,created_at 2018-09-03,updated_at 2018-09-17,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80186292;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORLDWIDE BIFOCALS Malware Communication"; flow:established,to_server; content:"bifocals"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-07,updated_at 2017-01-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186293;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRATEGIC SHEEP Malware Communication"; flow:established,to_server; content:"sheep"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-22,updated_at 2017-09-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186294;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RETAIL LIQUID Malware Communication"; flow:established,from_client; content:"liquid"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-17,updated_at 2017-09-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186295;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROWN LEAF Malware Communication"; flow:established,to_server; content:"leaf"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-05,updated_at 2017-11-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186296;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BARE FUNDRAISING Malware Communication"; flow:established,to_server; content:"fundraising"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-26,updated_at 2017-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186297;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN YOGA Malware Communication"; flow:established, to_client; content:"yoga"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-02-22,updated_at 2019-02-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186298;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUZZY GOAL Malware Communication"; flow:established,to_server; content:"goal"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-18,updated_at 2018-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186299;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEADING BULLDOZER Malware Communication"; flow:established,to_server; content:"bulldozer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-11-15,updated_at 2016-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186300;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSIDE CONDOR Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"condor"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2016-03-16,updated_at 2016-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-2387208,protocols http,protocols tcp; rev:2; sid:80186301;) #alert http $HOME_NET any -> any any (msg:"Acme - UNKNOWN THREAD Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"thread"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-13,updated_at 2019-11-14,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2019-1815820,protocols http,protocols tcp; rev:2; sid:80186302;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNDERLYING DAYBED Malware Communication"; flow:established,to_server; content:"daybed"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2015-03-10,updated_at 2015-03-20,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186303;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ALUMINIUM Malware Communication"; flow:established,to_server; content:"aluminium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-17,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186304;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSERVATION EASE Malware Communication"; flow:established,to_server; content:"ease"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-01,updated_at 2019-09-02,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186305;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNEVEN WHILE Malware Communication"; flow:established,to_server; content:"while"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-27,updated_at 2017-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186306;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCARY TUNA Malware Communication"; flow:established,to_server; content:"tuna"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-22,updated_at 2018-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186307;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN ASHTRAY Malware Communication"; flow:established,to_client; content:"ashtray"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-07-16,updated_at 2018-07-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186308;) drop tcp any any -> $HOME_NET any (msg:"Acme - OPTIMISTIC INTENTION Malware Communication"; flow:established,to_client; content:"intention"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-15,updated_at 2019-07-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186309;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CAPABLE KING Malware Communication"; flow:established,to_server; content:"king"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-06-26,updated_at 2019-06-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186310;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOYAL SKULLDUGGERY Malware Communication"; flow:established,to_server; content:"skullduggery"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-03,updated_at 2017-07-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186311;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELICIOUS BOAT-BUILDING Malware Communication"; flow:established,to_server; content:"boat-building"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-05,updated_at 2019-10-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186312;) drop http $HOME_NET any -> any any (msg:"Acme - SUPERB CYCLAMEN Malware Communication"; flow:established,to_server; urilen:5; content:"cyclamen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-24,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186313;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAF ARRIVAL Traffic Detected"; flow:established,to_server; content:"arrival"; priority:1; metadata:hostile dest_ip,created_at 2019-03-04,updated_at 2019-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186314;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GOLF Malware Communication"; flow:established,to_server; content:"golf"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-20,updated_at 2018-01-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186315;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOW RENT Exploitation Attempt Seen"; flow:established,to_server; content:"rent"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-08-09,capec_id 116,updated_at 2019-08-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-3385281,protocols http,protocols tcp; rev:2; sid:80186316;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRELIMINARY COPPER Exploitation Attempt Seen"; flow:established, to_server; content:"copper"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-04-17,capec_id 210,updated_at 2019-04-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-538916,protocols http,protocols tcp; rev:2; sid:80186317;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRITORIAL EXPERT Malware Communication"; flow:established,to_server; content:"expert"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-16,updated_at 2017-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186318;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CALM TRAILER Malware Communication"; flow:established,to_client; content:"trailer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-04-23,updated_at 2019-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186319;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIOLOGICAL PRESENCE Malware Communication"; flow:established,to_server; content:"presence"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-23,updated_at 2019-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186320;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEVER ATTRACTION Malware Communication"; flow:established,to_server; content:"attraction"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-26,updated_at 2017-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186321;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RESPECTABLE TENEMENT Malware Communication"; flow:established,to_server; content:"tenement"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-05-14,updated_at 2017-05-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186322;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIDDLE PIONEER Malware Communication"; flow:established,to_client; content:"pioneer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-05-05,updated_at 2018-05-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186323;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ETHNIC CHARITY Malware Communication"; flow:established,to_server; content:"charity"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-10,updated_at 2019-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186324;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COGNITIVE SHED Malware Communication"; flow:established,to_server; content:"shed"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-23,updated_at 2017-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186325;) drop tcp any any -> any any (msg:"Acme - UNKNOWN EMERY Malware Communication"; flow:established; content:"emery"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-04-09,updated_at 2018-04-18,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80186326;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURIOUS VERSION Exploitation Attempt Seen"; flow:established,to_server; content:"version"; priority:2; metadata:cwe_id 704,cwe_id 89,cvss_v3_base 5.2,hostile src_ip,created_at 2019-06-24,capec_id 66,updated_at 2019-06-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,attack_target http-server,cvss_v3_temporal 4.7,cve 2019-6976218,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:3; sid:80186327;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OUTSTANDING DISASTER Traffic Detected"; flow:established,to_client; content:"disaster"; priority:3; metadata:created_at 2015-03-10,capec_id 119,updated_at 2015-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:2; sid:80186328;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIFFICULT CRICKET Malware Communication"; flow:established,to_server; content:"cricket"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-05-14,updated_at 2019-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186329;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSCIOUS SWAMP Malware Communication"; flow:established,to_server; content:"swamp"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-07-02,updated_at 2018-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186330;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTHUSIASTIC SLIPPER Malware Communication"; flow:established,to_server; content:"slipper"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-07-21,updated_at 2016-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186331;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICK STACK Malware Communication"; flow:established, to_server; content:"stack"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-12,updated_at 2019-06-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186332;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GEOGRAPHICAL MATHEMATICS Exploitation Attempt Seen"; flow:established,to_server; content:"mathematics"; priority:3; metadata:cvss_v3_base 2.1,hostile src_ip,created_at 2015-04-22,capec_id 184,updated_at 2015-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 2.9,cve 2015-4590980,cvss_v2_temporal 2.9,protocols tcp; rev:2; sid:80186333;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - RATIONAL PAUSE Traffic Detected"; flow:established,to_server; content:"pause"; priority:3; metadata:hostile src_ip,created_at 2018-02-17,capec_id 248,updated_at 2018-02-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186334;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FILL Exploitation Attempt Seen"; flow:established,to_server; content:"fill"; priority:2; metadata:hostile src_ip,created_at 2019-09-15,capec_id 253,updated_at 2019-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-9281582,protocols http,protocols tcp; rev:2; sid:80186335;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURVED WATER Malware Communication"; flow:established,to_server; urilen:1,norm; content:"water"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-18,updated_at 2019-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186336;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONDEMNED RING Malware Communication"; flow:established,to_server; content:"ring"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-21,updated_at 2018-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186337;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAVY SILO Malware Communication"; flow:established,to_server; content:"silo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-13,updated_at 2017-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186338;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MERE RISER Malware Communication"; flow:established,to_server; content:"riser"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-24,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186339;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESPECTABLE UNKNOWN-HAT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWN-hat"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-08-07,capec_id 100,updated_at 2019-08-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-9841829,protocols http,protocols tcp; rev:2; sid:80186340;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IDENTICAL BANKBOOK Malware Communication"; flow:established,to_server; content:"bankbook"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-01,updated_at 2017-03-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186341;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLUFFY METHANE Traffic Detected"; flow:established,to_server; content:"methane"; priority:2; metadata:hostile dest_ip,created_at 2016-05-20,updated_at 2016-05-26,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186342;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORIGINAL DUSTER Exploitation Attempt Seen"; flow:established,to_client; content:"duster"; priority:3; metadata:cwe_id 20,cvss_v3_base 8.4,hostile src_ip,created_at 2019-04-13,capec_id 255,updated_at 2019-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cvss_v3_temporal 6.8,cve 2016-6356898,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:3; sid:80186343;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LTD PARACHUTE Malware Communication"; flow:established,to_server; content:"parachute"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-18,updated_at 2017-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186344;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISCIPLINARY DEBTOR Malware Communication"; flow:established,to_server; content:"debtor"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-11,updated_at 2019-06-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186345;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPER CRITERION Malware Communication"; flow:established,to_server; content:"criterion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-15,updated_at 2018-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186346;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOGICAL CHECKROOM Malware Communication"; flow:established,to_server; content:"checkroom"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-14,updated_at 2018-06-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186347;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HUSKY BABOON Malware Communication"; flow:established,to_server; content:"baboon"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-21,updated_at 2017-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186348;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONG-TERM CINEMA Traffic Detected"; flow:established,to_server; content:"cinema"; priority:1; metadata:hostile dest_ip,created_at 2018-06-05,updated_at 2018-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186349;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RAVIOLI Malware Communication"; flow:established,to_client; content:"ravioli"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-04,updated_at 2018-05-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186350;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPREHENSIVE SUPERMARKET Malware Communication"; flow:established,to_server; content:"supermarket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-10-02,updated_at 2016-10-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186351;) #alert tcp any any -> $HOME_NET any (msg:"Acme - DEVOTED ANYUNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"anyUNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-02,capec_id 100,updated_at 2019-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-7959386,protocols http,protocols tcp; rev:1; sid:80186352;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EMPLOY Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"employ"; priority:3; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2016-07-25,updated_at 2016-07-26,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186353;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRATEFUL CREEK Malware Communication"; flow:established,to_server; content:"creek"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-11,updated_at 2019-02-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186354;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFUSED TITLE Malware Communication"; flow:established,to_server; urilen:>250; content:"title"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-21,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186355;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUBLIC SOLUTION Malware Communication"; flow:established,to_server; urilen:>100; content:"solution"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-23,updated_at 2018-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186356;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOYAL THERMALS Malware Communication"; flow:established,to_server; urilen:>100; content:"thermals"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-21,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186357;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTROLLED PELICAN Malware Communication"; flow:established,to_server; content:"pelican"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-10-19,updated_at 2018-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186358;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INCREDIBLE SCREAMER Malware Communication"; flow:established,to_server; urilen:24<>41; content:"screamer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-06,updated_at 2019-02-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186359;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCIENTIFIC VOLLEYBALL Malware Communication"; flow:established,to_server; content:"volleyball"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-02,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186360;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HORIZONTAL BROAD Malware Communication"; flow:established; content:"broad"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2016-11-20,updated_at 2016-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186361;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENDER STEP-GRANDFATHER Malware Communication"; flow:established,to_client; content:"step-grandfather"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-01-03,updated_at 2019-01-13,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186362;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCREECHING RACCOON Exploitation Attempt Seen"; flow:established,to_server; content:"raccoon"; priority:2; metadata:hostile src_ip,created_at 2019-05-27,capec_id 255,updated_at 2019-05-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,cve 2018-1815734,protocols tcp; rev:4; sid:80186363;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANNUAL COLOR Malware Communication"; flow:established,to_server; content:"color"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-05,updated_at 2017-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186364;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIDICULOUS POLITICS Malware Communication"; flow:established,to_server; content:"politics"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-21,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186365;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN OBLIGATION Malware Communication"; flow:established,to_server; content:"obligation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-01,updated_at 2018-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186366;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WRITTEN HARMONICA Malware Communication"; flow:established; content:"harmonica"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2017-01-02,updated_at 2017-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186367;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - INTEGRAL CULTURE Malware Communication"; flow:established,to_server; content:"culture"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-11,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186368;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOUGH WAKE Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"wake"; priority:3; metadata:cwe_id 20,cvss_v3_base 6.2,hostile src_ip,created_at 2019-07-24,capec_id 253,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cvss_v3_temporal 6.3,cve 2015-2377934,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:6; sid:80186369;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN HEARTACHE Malware Communication"; flow:established,to_server; content:"heartache"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-02,updated_at 2017-02-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186370;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSOLUTE TUSSLE Malware Communication"; flow:established,to_server; content:"tussle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-24,updated_at 2018-09-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186371;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE CAPTAIN Malware Communication"; flow:established,to_server; content:"captain"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-22,updated_at 2018-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186372;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEXICAL CRAFT Malware Communication"; flow:established,to_client; file_data; content:"craft"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-21,updated_at 2019-07-24,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186373;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LINEAR LEASH Malware Communication"; flow:established,to_server; content:"leash"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-17,updated_at 2018-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186374;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBLIGED FAILURE Malware Communication"; flow:established,to_server; content:"failure"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186375;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIFFICULT BUILDING Malware Communication"; flow:established,to_server; content:"building"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-22,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186376;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURRENT THUNDERSTORM Malware Communication"; flow:established,to_server; content:"thunderstorm"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-09,updated_at 2019-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186377;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STILL TEXT Malware Communication"; flow:established,to_server; content:"text"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-20,updated_at 2018-11-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186378;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRAZY RAINMAKER Malware Communication"; flow:established,to_server; content:"rainmaker"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-12,updated_at 2018-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186379;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAVY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-20,updated_at 2018-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186380;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVENTUAL ANESTHESIOLOGY Malware Communication"; flow:established,to_server; content:"anesthesiology"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-02-22,updated_at 2015-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186381;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIEVED TIN Malware Communication"; flow:established,to_server; content:"tin"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-03-14,updated_at 2018-03-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186382;) drop http $HOME_NET any -> any any (msg:"Acme - UNKNOWN SPIKE Malware Communication"; flow:established,to_client; content:"spike"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-02,updated_at 2019-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186383;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMAGIUNKNOWN SWAN Malware Communication"; flow:established; content:"swan"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2018-03-16,updated_at 2018-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186384;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MARGINAL SIZE Malware Communication"; flow:established,to_server; content:"size"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-08,updated_at 2017-04-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186385;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS COONSKIN Traffic Detected"; flow:established,to_server; content:"coonskin"; priority:1; metadata:hostile src_ip,created_at 2017-10-17,updated_at 2017-10-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186386;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEAR FAT Malware Communication"; flow:established; content:"fat"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-08-10,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186387;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTRAORDINARY KEEP Malware Communication"; flow:established,to_server; content:"keep"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-05,updated_at 2019-01-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186388;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPERIAL BARRACKS Traffic Detected"; flow:established,to_server; content:"barracks"; priority:1; metadata:hostile dest_ip,created_at 2019-02-07,updated_at 2019-02-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186389;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIRSTY MOCCASINS Malware Communication"; flow:established,to_server; content:"moccasins"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-21,updated_at 2019-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186390;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWFUL GOBBLER Malware Communication"; flow:established,to_server; content:"gobbler"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-09,updated_at 2018-09-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186391;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROTECTIVE AMBULANCE Malware Communication"; flow:established,to_client; content:"ambulance"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-04-23,updated_at 2018-04-26,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186392;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPLEX NURTURE Malware Communication"; flow:established,to_server; content:"nurture"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-02,updated_at 2018-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186393;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THUNDERING VELDT Malware Communication"; flow:established,to_server; content:"veldt"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-24,updated_at 2019-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186394;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLORIOUS GUM Malware Communication"; flow:established,to_client; file_data; content:"gum"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-24,updated_at 2019-02-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186395;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY INSURANCE Exploitation Attempt Seen"; flow:established,to_server; content:"insurance"; priority:2; metadata:cwe_id 754,cvss_v3_base 5.1,hostile src_ip,created_at 2017-02-27,capec_id 248,updated_at 2017-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target server,attack_target http-server,cvss_v3_temporal 4.5,cve 2016-4897755,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80186396;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFECTIVE UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 754,cvss_v3_base 7.4,hostile src_ip,created_at 2018-02-07,capec_id 248,updated_at 2018-02-10,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cvss_v3_temporal 7.2,cve 2018-6150836,cvss_v2_temporal 7.2,protocols http,protocols tcp; rev:1; sid:80186397;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PARALLEL BASEBALL Exploitation Attempt Seen"; flow:established,to_server; content:"baseball"; priority:3; metadata:cwe_id 754,cvss_v3_base 5.3,hostile src_ip,created_at 2019-04-05,capec_id 152,updated_at 2019-04-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,attack_target http-server,cvss_v3_temporal 4.6,cve 2015-6390711,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80186398;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOLLY ANALGESIA Exploitation Attempt Seen"; flow:established,to_server; content:"analgesia"; priority:3; metadata:cwe_id 754,cvss_v3_base 5.3,hostile src_ip,created_at 2019-07-03,capec_id 152,updated_at 2019-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cvss_v3_temporal 4.3,cve 2019-6574971,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80186399;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POPULAR EARTH Exploitation Attempt Seen"; flow:established,to_server; content:"earth"; priority:2; metadata:cwe_id 95,cvss_v3_base 7.6,hostile src_ip,created_at 2018-04-14,capec_id 63,updated_at 2018-04-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,attack_target http-server,cvss_v3_temporal 7.3,cve 2018-854619,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:1; sid:80186400;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCOMFORTABLE SILO Traffic Detected"; flow:established,to_server; content:"silo"; priority:3; metadata:hostile src_ip,created_at 2017-10-08,capec_id 63,updated_at 2017-10-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186401;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOGICAL CHARACTER Malware Communication"; flow:established,to_server; content:"character"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-21,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186402;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MENTAL INJUSTICE Malware Communication"; flow:established, to_server; content:"injustice"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-08-11,updated_at 2019-08-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80186403;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BRUSH Malware Communication"; flow:established, to_server; content:"brush"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-11-22,updated_at 2017-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186404;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YELLOW LEAVE Malware Communication"; flow:established, to_server; content:"leave"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-10-16,updated_at 2019-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186405;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPARENT FREEZER Traffic Detected"; flow:established,to_server; urilen:<25,norm; content:"freezer"; priority:1; metadata:cwe_id 506,hostile dest_ip,created_at 2018-10-20,updated_at 2018-10-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186406;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGENTA MAIN Malware Communication"; flow:established,to_server; content:"main"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-04-09,updated_at 2016-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186407;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RAYON Exploitation Attempt Seen"; flow:established,to_server; content:"rayon"; priority:3; metadata:cwe_id 502,cvss_v3_base 3.7,hostile src_ip,created_at 2019-08-07,capec_id 184,updated_at 2019-08-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target server,attack_target http-server,cvss_v3_temporal 3.1,cve 2019-7318081,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80186408;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SQUEALING DECLINATION Malware Communication"; flow:established,to_client; file_data; content:"declination"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-11-19,updated_at 2019-11-19,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186409;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMBINED DOG Malware Communication"; flow:established,to_client; file_data; content:"dog"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2019-08-22,updated_at 2019-08-27,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186410;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE-EYED SNAKEBITE Malware Communication"; flow:established,to_server; content:"snakebite"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-05-17,updated_at 2018-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186411;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SYMBOLIC SEAL Malware Communication"; flow:established, to_client; content:"seal"; priority:4; metadata:cwe_id 506,malware download-attempt,created_at 2016-08-25,updated_at 2016-08-27,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80186412;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ANIMAL Malware Communication"; flow:established,to_server; content:"animal"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2018-10-04,updated_at 2018-10-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80186413;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186414;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALID MICROLENDING Traffic Detected"; flow:established,to_server; content:"microlending"; priority:1; metadata:hostile dest_ip,created_at 2019-07-01,updated_at 2019-07-13,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186415;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EARLY DEVIANCE Traffic Detected"; flow:established,to_server; content:"deviance"; priority:1; metadata:hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186416;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIVAL EDGE Malware Communication"; flow:established,to_server; content:"edge"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186417;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN RUBBER Malware Communication"; flow:established,to_server; content:"rubber"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-17,updated_at 2017-10-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186418;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIMY CRAFT Malware Communication"; flow:established,to_server; content:"craft"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-25,updated_at 2018-08-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186419;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REGIONAL EMERY Traffic Detected"; flow:established, to_client; content:"emery"; priority:1; metadata:hostile src_ip,created_at 2019-07-21,updated_at 2019-07-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186420;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TREMENDOUS SQUID Exploitation Attempt Seen"; flow:established,to_server; content:"squid"; priority:3; metadata:cwe_id 77,cvss_v3_base 10.0,hostile src_ip,created_at 2019-03-22,capec_id 248,updated_at 2019-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.3,cve 2019-283204,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:3; sid:80186421;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STORMY WRONG Traffic Detected"; flow:established,to_server; content:"wrong"; priority:3; metadata:hostile src_ip,created_at 2018-03-12,capec_id 248,updated_at 2018-03-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186422;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WOODEN BANQUETTE Traffic Detected"; flow:established,to_server; content:"banquette"; priority:3; metadata:hostile src_ip,created_at 2019-03-09,capec_id 248,updated_at 2019-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186423;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURIOUS ATELIER Traffic Detected"; flow:established,to_server; content:"atelier"; priority:3; metadata:hostile src_ip,created_at 2017-01-20,capec_id 248,updated_at 2017-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186424;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MECHANICAL FROWN Malware Communication"; flow:established; content:"frown"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2015-01-18,updated_at 2015-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:2; sid:80186425;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MILD ACCOUNTANT Malware Communication"; flow:established,to_server; content:"accountant"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-04,updated_at 2019-04-06,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186426;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORING FOREST Malware Communication"; flow:established,to_server; content:"forest"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-02,updated_at 2015-03-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186427;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PSYCHOLOGICAL AUTHOR Traffic Detected"; flow:established,to_server; content:"author"; priority:3; metadata:hostile src_ip,created_at 2016-08-12,capec_id 248,updated_at 2016-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80186428;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNFAIR ASUNKNOWNLT Malware Communication"; flow:established,to_server; content:"asUNKNOWNlt"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-06,updated_at 2018-08-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186429;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:hostile dest_ip,created_at 2019-01-19,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186430;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SACRED DIG Exploitation Attempt Seen"; flow:established,to_server; content:"dig"; priority:2; metadata:cwe_id 754,cvss_v3_base 4.1,hostile src_ip,created_at 2018-06-07,capec_id 248,updated_at 2018-06-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,attack_target http-server,cvss_v3_temporal 4.5,cve 2017-1756378,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:1; sid:80186431;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LINGUISTICS Malware Communication"; flow:established; content:"linguistics"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2018-02-24,updated_at 2018-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186432;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-26,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186433;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HARSH BIFOCALS Malware Communication"; flow:established,to_server; content:"bifocals"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-26,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186434;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT FORK Exploitation Attempt Seen"; flow:established,to_server; content:"fork"; priority:3; metadata:cwe_id 78,cvss_v3_base 3.9,hostile src_ip,created_at 2017-06-11,capec_id 248,updated_at 2017-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cvss_v3_temporal 3.5,cve 2017-7428588,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80186435;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARMING EMERGENT Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"emergent"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-05-27,updated_at 2017-05-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186436;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPREME DECONGESTANT Exploitation Attempt Seen"; flow:established,to_server; content:"decongestant"; priority:3; metadata:cwe_id 78,cvss_v3_base 7.8,hostile src_ip,created_at 2019-01-18,capec_id 248,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target server,attack_target http-server,cvss_v3_temporal 8.0,cve 2018-3529153,cvss_v2_temporal 8.0,protocols http,protocols tcp; rev:2; sid:80186437;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLOW BEARD Malware Communication"; flow:established,to_client; file_data; content:"beard"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-03-05,updated_at 2017-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186438;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHOSEN TELETYPE Exploitation Attempt Seen"; flow:established,to_server; content:"teletype"; priority:3; metadata:cwe_id 78,cvss_v3_base 7.4,hostile src_ip,created_at 2019-11-13,capec_id 248,updated_at 2019-11-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cvss_v3_temporal 7.1,cve 2015-3303059,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80186439;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STEEP KANGAROO Exploitation Attempt Seen"; flow:established,to_server; content:"kangaroo"; priority:2; metadata:cwe_id 121,cvss_v3_base 3.7,hostile src_ip,created_at 2018-04-16,capec_id 135,updated_at 2018-04-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 2.7,cve 2017-3121692,cvss_v2_temporal 2.7,protocols http,protocols tcp; rev:2; sid:80186440;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AUNKNOWNIC COUNTER-FORCE Exploitation Attempt Seen"; flow:established, to_server; content:"counter-force"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-09-13,capec_id 248,updated_at 2019-09-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target server,attack_target http-server,cve 2019-5702551,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:1; sid:80186441;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENSE TAIL Traffic Detected"; flow:established,to_server; urilen:13,norm; content:"tail"; priority:1; metadata:hostile dest_ip,created_at 2018-07-19,updated_at 2018-07-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186442;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD ROLLER Traffic Detected"; flow:established,to_server; content:"roller"; priority:3; metadata:hostile src_ip,created_at 2018-03-12,capec_id 248,updated_at 2018-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80186443;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAVY SHERRY Traffic Detected"; flow:established,to_server; urilen:11,norm; content:"sherry"; priority:1; metadata:hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186444;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNNECESSARY PLENTY Traffic Detected"; flow:established,to_server; content:"plenty"; priority:1; metadata:hostile dest_ip,created_at 2015-04-20,updated_at 2015-04-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186445;) drop http any any -> $HOME_NET any (msg:"Acme - SHORT-TERM CERTIFICATION Exploitation Attempt Seen"; flow:established,to_server; content:"certification"; priority:2; metadata:hostile src_ip,created_at 2019-03-27,capec_id 31,updated_at 2019-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-4708380,protocols http,protocols tcp; rev:1; sid:80186446;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INSTITUTIONAL JUDO Traffic Detected"; flow:established,to_client; file_data; content:"judo"; priority:3; metadata:hostile src_ip,created_at 2019-07-10,capec_id 228,updated_at 2019-07-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186447;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INSUFFICIENT HASSOCK Malware Communication"; flow:established,to_client; file_data; content:"hassock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-02-27,updated_at 2019-02-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186448;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ETHICAL INCIDENT Traffic Detected"; flow:established,to_server; content:"incident"; priority:3; metadata:hostile src_ip,created_at 2019-02-01,capec_id 248,updated_at 2019-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186449;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD MUSIC Traffic Detected"; flow:established,to_server; content:"music"; priority:3; metadata:hostile src_ip,created_at 2016-10-06,capec_id 248,updated_at 2016-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186450;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INSTANT PINWORM Traffic Detected"; flow:established,to_server; content:"pinworm"; priority:3; metadata:hostile src_ip,created_at 2019-08-09,capec_id 248,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186451;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERSONAL NEOLOGISM Exploitation Attempt Seen"; flow:established,to_server; content:"neologism"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-01-03,capec_id 248,updated_at 2019-01-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target server,attack_target http-server,cve 2019-9620633,cvss_v2_temporal 7.8,protocols http,protocols tcp; rev:2; sid:80186452;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FANCY WAR Malware Communication"; flow:established,to_server; content:"war"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186453;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PASSIVE ADRENALIN Malware Communication"; flow:established,to_server; content:"adrenalin"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-20,updated_at 2019-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186454;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERIOR STEAMROLLER Malware Communication"; flow:established; content:"steamroller"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-11-21,updated_at 2019-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186455;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRY LAP Exploitation Attempt Seen"; flow:established,to_server; content:"lap"; priority:3; metadata:cwe_id 78,cvss_v3_base 7.8,hostile src_ip,created_at 2016-06-26,capec_id 248,updated_at 2016-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target server,attack_target http-server,cvss_v3_temporal 8.4,cve 2015-583086,cvss_v2_temporal 8.4,protocols http,protocols tcp; rev:2; sid:80186456;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVOLUTIONARY STEP-GRANDFATHER Malware Communication"; flow:established,to_server; content:"step-grandfather"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-11,updated_at 2017-02-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186457;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMALL UNKNOWNPER Traffic Detected"; flow:established,to_server; content:"UNKNOWNper"; priority:3; metadata:hostile src_ip,created_at 2019-02-21,capec_id 248,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186458;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNTIC MASTICATION Malware Communication"; flow:established; content:"mastication"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-08-25,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186459;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAVOURABLE BOOK Traffic Detected"; flow:established,to_server; content:"book"; priority:1; metadata:hostile dest_ip,created_at 2016-07-19,updated_at 2016-07-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186460;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HOMELY TRAILER Malware Communication"; flow:established,to_server; content:"trailer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-19,updated_at 2017-05-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186461;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY HEADREST Malware Communication"; flow:established,to_client; content:"headrest"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-01-01,updated_at 2018-01-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186462;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MELTED CONTRAIL Malware Communication"; flow:established,to_server; content:"contrail"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-08-23,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186463;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIZZY METRONOME Malware Communication"; flow:established; content:"metronome"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-03-04,updated_at 2019-03-11,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186464;) drop tcp any any -> $HOME_NET any (msg:"Acme - WILD BOARD Malware Communication"; flow:established; content:"board"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-06-05,updated_at 2019-06-08,filename acme.rules,priority high,rule_source acme-rule-factory,protocols smb,protocols tcp; rev:1; sid:80186465;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRYING CONSTELLATION Exploitation Attempt Seen"; flow:established,to_server; content:"constellation"; priority:2; metadata:hostile src_ip,created_at 2017-02-19,capec_id 248,updated_at 2017-02-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,cve 2017-4505015,protocols tcp; rev:2; sid:80186466;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLOURFUL PASSION Malware Communication"; flow:established,to_server; content:"passion"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-20,updated_at 2019-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186467;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD-FASHIONED PREFERENCE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"preference"; priority:2; metadata:cwe_id 20,cvss_v3_base 2.3,hostile src_ip,created_at 2018-03-13,capec_id 88,updated_at 2018-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target http-client,attack_target client,cvss_v3_temporal 3.5,cve 2018-6356622,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80186468;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLD SOOT Malware Communication"; flow:established, to_server; content:"soot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-04,updated_at 2016-04-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186469;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ARTIFICIAL HEN Malware Communication"; flow:established, to_server; content:"hen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-21,updated_at 2019-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186470;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARENTAL CLAUSE Traffic Detected"; flow:established,to_server; content:"clause"; priority:1; metadata:hostile dest_ip,created_at 2016-09-18,updated_at 2016-09-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186471;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LUCKY APPLE Malware Communication"; flow:established,to_server; content:"apple"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-02,updated_at 2019-05-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186472;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANGRY ARITHMETIC Malware Communication"; flow:established,to_server; content:"arithmetic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-23,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186473;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COSTLY KLOMPS Malware Communication"; flow:established,to_client; file_data; content:"klomps"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-06-07,updated_at 2019-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186474;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREMIER GUARD Malware Communication"; flow:established,to_client; file_data; content:"guard"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2015-11-01,updated_at 2015-11-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186475;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN RING Malware Communication"; flow:established,to_client; file_data; content:"ring"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-10-12,updated_at 2018-10-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186476;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RATTY TOPSAIL Malware Communication"; flow:established,to_server; content:"topsail"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-23,updated_at 2015-10-25,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186477;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOBLE DUMBWAITER Malware Communication"; flow:established,to_server; content:"dumbwaiter"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2016-09-26,updated_at 2016-09-26,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186478;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Malware Communication"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-01-09,updated_at 2018-01-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186479;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPLICIT CONGRESSPERSON Malware Communication"; flow:established,to_server; content:"congressperson"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-22,updated_at 2018-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186480;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HAPPY GREEN Malware Communication"; flow:established,to_server; content:"green"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-04,updated_at 2019-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186481;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLEASANT PROFESSION Malware Communication"; flow:established; content:"profession"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-07-26,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186482;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FISCAL WOODSHED Traffic Detected"; flow:established,to_client; file_data; content:"woodshed"; priority:3; metadata:hostile src_ip,created_at 2019-03-15,capec_id 403,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186483;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - URGENT VISUAL Malware Communication"; flow:established,to_server; content:"visual"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-01,updated_at 2019-02-03,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186484;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY UNKNOWN-UP Malware Communication"; flow:established,to_server; content:"UNKNOWN-up"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-11,updated_at 2017-01-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186485;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CIVIC FIXTURE Malware Communication"; flow:established,to_server; content:"fixture"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-07,updated_at 2018-03-12,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186486;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CALM OUTCOME Malware Communication"; flow:established,to_server; content:"outcome"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-13,updated_at 2019-07-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:3; sid:80186487;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANCIENT CRAVAT Malware Communication"; flow:established; content:"cravat"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2017-06-07,updated_at 2017-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186488;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTSTANDING SWALLOW Malware Communication"; flow:established,to_server; content:"swallow"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2015-06-18,updated_at 2015-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186489;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIVACIOUS CONSTANT Traffic Detected"; flow:established,to_server; content:"constant"; priority:1; metadata:hostile dest_ip,created_at 2019-03-12,updated_at 2019-03-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186490;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONCEPTUAL TELEPUNKNOWNE Malware Communication"; flow:established,to_server; content:"telepUNKNOWNe"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-03-15,updated_at 2019-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186491;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEIRD RANK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"rank"; priority:2; metadata:cwe_id 20,cvss_v3_base 7.0,hostile src_ip,created_at 2019-07-23,capec_id 88,updated_at 2019-07-26,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cvss_v3_temporal 7.3,cve 2017-1968742,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80186492;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BAD OFFICE Traffic Detected"; flow:established,to_server; content:"office"; priority:1; metadata:hostile dest_ip,created_at 2018-03-04,updated_at 2018-03-06,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186493;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FROZEN GONDOLA Malware Communication"; flow:established,to_server; content:"gondola"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-06-16,updated_at 2015-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186494;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORIGINAL APPLEWOOD Exploitation Attempt Seen"; flow:established,to_server; content:"applewood"; priority:2; metadata:cwe_id 704,cwe_id 89,cvss_v3_base 3.5,hostile src_ip,created_at 2017-03-07,capec_id 66,updated_at 2017-03-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.9,attack_target server,attack_target http-server,cvss_v3_temporal 3.5,cve 2015-8889806,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80186495;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTRAORDINARY SPANK Malware Communication"; flow:established,to_client; file_data; content:"spank"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-06-27,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186496;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THOUGHTLESS UNKNOWNMOTHER Traffic Detected"; flow:established,to_server; content:"UNKNOWNmother"; priority:1; metadata:hostile dest_ip,created_at 2018-10-26,updated_at 2018-10-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186497;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICIOUS PARACHUTE Malware Communication"; flow:established,to_server; urilen:>100; content:"parachute"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186498;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTINCTIVE MOLE Malware Communication"; flow:established,to_server; urilen:<40,norm; content:"mole"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2017-01-25,updated_at 2017-01-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:10; sid:80186499;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORED LLAMA Traffic Detected"; flow:established,to_server; content:"llama"; priority:2; metadata:hostile dest_ip,created_at 2018-02-19,capec_id 403,updated_at 2018-02-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186500;) #alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSOLUTE CROISSANT Malware Communication"; flow:established,to_server; ssl_state:client_hello; content:"croissant"; priority:4; metadata:cwe_id 506,malware post-infection,created_at 2019-02-27,updated_at 2019-02-28,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186501;) #alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPLICIT STRIP Malware Communication"; flow:established,to_server; ssl_state:client_hello; content:"strip"; priority:4; metadata:cwe_id 506,malware post-infection,created_at 2019-07-11,updated_at 2019-07-21,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186502;) #alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEVERE POSTAGE Malware Communication"; flow:established,to_server; ssl_state:client_hello; content:"postage"; priority:4; metadata:cwe_id 506,malware post-infection,created_at 2016-11-24,updated_at 2016-11-26,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186503;) #alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIMITED GLEN Traffic Detected"; flow:established,to_server; ssl_state:client_hello; content:"glen"; priority:4; metadata:created_at 2019-05-03,capec_id 118,updated_at 2019-05-28,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:1; sid:80186504;) #alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCONSCIOUS BACK Traffic Detected"; flow:established,to_server; ssl_state:client_hello; content:"back"; priority:4; metadata:created_at 2019-04-18,capec_id 118,updated_at 2019-04-20,filename acme.rules,priority info,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:1; sid:80186505;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POST-WAR SHOCK Malware Communication"; flow:established; content:"shock"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2016-06-23,updated_at 2016-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186506;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEARY STOCK Malware Communication"; flow:established,to_server; content:"stock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-19,updated_at 2019-04-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186507;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRONT IMAGINATION Traffic Detected"; flow:established,to_server; content:"imagination"; priority:2; metadata:hostile dest_ip,created_at 2019-05-25,capec_id 403,updated_at 2019-05-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186508;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ATTACK Malware Communication"; flow:established,to_server; content:"attack"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2015-06-21,updated_at 2015-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186509;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCLUSIVE HARMONICA Malware Communication"; flow:established,to_server; content:"harmonica"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-19,updated_at 2018-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186510;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BORE Malware Communication"; flow:established,to_server; content:"bore"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-07-17,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186511;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CHIP Malware Communication"; flow:established,to_server; content:"chip"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-02,updated_at 2018-10-02,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186512;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SEGMENT Malware Communication"; flow:established,to_server; content:"segment"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-01-24,updated_at 2017-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186513;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRIVING BAG Malware Communication"; flow:established,to_server; content:"bag"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-07-05,updated_at 2017-07-13,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186514;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PERFECT PILE Malware Communication"; flow:established,to_server; content:"pile"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-08-27,updated_at 2018-08-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186515;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMERICAN NEUROBIOLOGIST Malware Communication"; flow:established,to_server; content:"neurobiologist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-17,updated_at 2019-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186516;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL FANG Malware Communication"; flow:established,to_server; urilen:14,norm; content:"fang"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-15,updated_at 2018-09-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186517;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHAKY MOUTON Malware Communication"; flow:established,to_server; content:"mouton"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-22,updated_at 2018-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186518;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMUSED AIRBUS Malware Communication"; flow:established,to_server; urilen:>100; content:"airbus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-05-09,updated_at 2015-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186519;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELICIOUS CEMENT Traffic Detected"; flow:established,to_server; urilen:<24; content:"cement"; priority:1; metadata:hostile dest_ip,created_at 2019-11-22,updated_at 2019-11-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186520;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIDICULOUS PRODUCE Traffic Detected"; flow:established,to_server; content:"produce"; priority:1; metadata:hostile dest_ip,created_at 2016-11-25,updated_at 2016-11-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186521;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOREIGN DECK Malware Communication"; flow:established,to_server; content:"deck"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-07,updated_at 2016-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186522;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TUNE-UP Malware Communication"; flow:established,to_client; content:"tune-up"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-06-11,updated_at 2018-06-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186523;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CASUAL EVOLUTION Traffic Detected"; flow:established,to_server; content:"evolution"; priority:1; metadata:hostile dest_ip,created_at 2019-09-23,updated_at 2019-09-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186524;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUBBER TORTELLINI Malware Communication"; flow:established,to_server; urilen:>100; content:"tortellini"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-16,updated_at 2019-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186525;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPOSSIBLE CEILING Malware Communication"; flow:established,to_server; content:"ceiling"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-07,updated_at 2019-08-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186526;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUNNY LOYALTY Traffic Detected"; flow:established,to_server; content:"loyalty"; priority:1; metadata:hostile dest_ip,created_at 2018-10-23,updated_at 2018-10-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186527;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIZARRE TOENAIL Malware Communication"; flow:established,to_server; stream_size:server,=,1; content:"toenail"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-10-19,updated_at 2019-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186528;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGNIFICENT AIRBUS Malware Communication"; flow:established,to_server; content:"airbus"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2017-06-07,updated_at 2017-06-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186529;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STINGY TABLETOP Malware Communication"; flow:established,to_server; content:"tabletop"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186530;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEPENDENT DIFFERENCE Malware Communication"; flow:established,to_client; file_data; content:"difference"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-10-14,updated_at 2018-10-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186531;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANUAL SCHIZOPHRENIC Malware Communication"; flow:established,to_server; content:"schizophrenic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-03,updated_at 2017-07-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186532;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLAMOROUS RAG Traffic Detected"; flow:established,to_server; content:"rag"; priority:4; metadata:hostile src_ip,created_at 2019-01-04,capec_id 310,updated_at 2019-01-08,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target sip-server,attack_target server,protocols sip,protocols tcp; rev:2; sid:80186533;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRIM GAIN Traffic Detected"; flow:established,to_server; content:"gain"; priority:1; metadata:hostile dest_ip,created_at 2018-10-16,updated_at 2018-10-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186534;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFUSED INJUSTICE Traffic Detected"; flow:established,to_server; content:"injustice"; priority:1; metadata:hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186535;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SERIOUS IMAGINATION Malware Communication"; flow:established,to_server; content:"imagination"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186536;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KNOWN SPEED Malware Communication"; flow:established; content:"speed"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2019-07-04,updated_at 2019-07-08,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186537;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXUBERANT DINNER Malware Communication"; flow:established,to_server; content:"dinner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-15,updated_at 2018-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186538;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVAILABLE PEOPLE Traffic Detected"; flow:established,to_server; content:"people"; priority:2; metadata:hostile dest_ip,created_at 2016-10-19,updated_at 2016-10-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186539;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROBABLE VIOLA Traffic Detected"; flow:established,to_server; content:"viola"; priority:2; metadata:hostile dest_ip,created_at 2017-10-14,updated_at 2017-10-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186540;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN RAVEN Malware Communication"; flow:established,to_server; content:"raven"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-05-16,updated_at 2015-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186541;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARED SEWER Malware Communication"; flow:established,to_server; content:"sewer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-25,updated_at 2019-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186542;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EARLY WOOLEN Malware Communication"; flow:established,to_server; content:"woolen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-14,updated_at 2017-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186543;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANNUAL UNKNOWNER Traffic Detected"; flow:established,to_server; content:"UNKNOWNer"; priority:2; metadata:hostile dest_ip,created_at 2017-09-16,updated_at 2017-09-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186544;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN OPERATION Malware Communication"; flow:established,to_server; urilen:<40,norm; content:"operation"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-04-10,updated_at 2018-04-18,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186545;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEALTHY NAIL Malware Communication"; flow:established,to_server; content:"nail"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-09-12,updated_at 2016-09-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186546;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COURAGEOUS PARTICIPANT Malware Communication"; flow:established,to_server; content:"participant"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-06,updated_at 2019-04-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186547;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUDE JAGUAR Traffic Detected"; flow:established,to_client; content:"jaguar"; priority:1; metadata:hostile src_ip,created_at 2016-06-16,updated_at 2016-06-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186548;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUBSTANTIAL CALL Traffic Detected"; flow:established,to_client; content:"call"; priority:1; metadata:hostile src_ip,created_at 2019-08-03,updated_at 2019-08-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186549;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAIR LINSEED Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"linseed"; priority:2; metadata:cwe_id 843,cvss_v3_base 6.7,hostile src_ip,created_at 2017-02-10,capec_id 255,updated_at 2017-02-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cvss_v3_temporal 5.9,cve 2017-970914,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80186550;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN OPIUM Malware Communication"; flow:established,to_server; content:"opium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-09-10,updated_at 2015-09-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186551;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRESH GENETICS Traffic Detected"; flow:established,to_server; content:"genetics"; priority:1; metadata:hostile dest_ip,created_at 2017-05-25,updated_at 2017-05-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186552;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONVINCING FIDDLE Malware Communication"; flow:established,to_server; content:"fiddle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-27,updated_at 2016-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186553;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINE ORIGINAL Traffic Detected"; flow:established,to_server; content:"original"; priority:1; metadata:hostile dest_ip,created_at 2017-09-16,updated_at 2017-09-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186554;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAREFUL FLU Malware Communication"; flow:established,from_server; content:"flu"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-14,updated_at 2019-10-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186555;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL POTENTIAL Malware Communication"; flow:established,to_server; content:"potential"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-02-10,updated_at 2017-02-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186556;) drop tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any (msg:"Acme - RIGHT BALANCE Malware Communication"; flow:established,to_client; content:"balance"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-05-13,updated_at 2019-05-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186557;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - YUMMY MOTHER Traffic Detected"; flow:established,to_server; content:"mother"; priority:2; metadata:created_at 2019-07-11,capec_id 404,updated_at 2019-07-12,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80186558;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VAST UNKNOWN TRUCK Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:hostile dest_ip,created_at 2017-07-26,updated_at 2017-07-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186559;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURROUNDING COMIC Malware Communication"; flow:established,to_server; content:"comic"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186560;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEW KILT Traffic Detected"; flow:established,to_client; content:"kilt"; priority:1; metadata:hostile src_ip,created_at 2018-10-10,updated_at 2018-10-11,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186561;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CUTE RESPONSE Malware Communication"; flow:established,to_server; content:"response"; priority:1; metadata:cwe_id 434,malware post-infection,hostile src_ip,created_at 2019-10-27,updated_at 2019-10-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186562;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONCEPTUAL UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 434,malware post-infection,hostile src_ip,created_at 2017-11-18,updated_at 2017-11-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186563;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIVINE ANGLE Traffic Detected"; flow:established,to_server; content:"angle"; priority:3; metadata:cwe_id 134,hostile src_ip,created_at 2019-06-17,capec_id 135,updated_at 2019-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80186564;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REASONABLE GLOVES Traffic Detected"; flow:established,to_server; content:"gloves"; priority:3; metadata:hostile src_ip,created_at 2018-10-01,capec_id 248,updated_at 2018-10-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186565;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIGID GRILL Traffic Detected"; flow:established,to_server; content:"grill"; priority:3; metadata:hostile src_ip,created_at 2019-11-13,capec_id 248,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186566;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINAL RACER Malware Communication"; flow:established,to_server; urilen:>100; content:"racer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-02,updated_at 2019-07-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186567;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELIGHTED PUNKNOWNE Traffic Detected"; flow:established,to_server; content:"pUNKNOWNe"; priority:3; metadata:hostile src_ip,created_at 2018-04-02,capec_id 248,updated_at 2018-04-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186568;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANUAL OWNER Traffic Detected"; flow:established,to_server; content:"owner"; priority:3; metadata:hostile src_ip,created_at 2017-04-16,capec_id 248,updated_at 2017-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186569;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTINCTIVE CASTANET Traffic Detected"; flow:established,to_server; content:"castanet"; priority:3; metadata:hostile src_ip,created_at 2017-09-05,capec_id 248,updated_at 2017-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186570;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR ATHLETE Traffic Detected"; flow:established,to_server; content:"athlete"; priority:3; metadata:hostile src_ip,created_at 2018-02-19,capec_id 248,updated_at 2018-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186571;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIGH TWIST Traffic Detected"; flow:established,to_server; content:"twist"; priority:3; metadata:hostile src_ip,created_at 2019-04-05,capec_id 248,updated_at 2019-04-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186572;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELIGIBLE UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-04-03,capec_id 248,updated_at 2019-04-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186573;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DUSTY ACRYLIC Malware Communication"; flow:established,to_server; content:"acrylic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-23,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186574;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COSTLY STAG Traffic Detected"; flow:established,to_client; content:"stag"; priority:1; metadata:hostile src_ip,created_at 2019-09-20,updated_at 2019-09-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186575;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE CHIVE Traffic Detected"; flow:established,to_server; urilen:>100, norm; content:"chive"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186576;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CASUAL BELLIGERENCY Malware Communication"; flow:established,to_client; content:"belligerency"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-03-16,updated_at 2015-03-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186577;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUSHY KILOMETER Malware Communication"; flow:established,to_server; content:"kilometer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-13,updated_at 2018-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186578;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRESH ACTION Exploitation Attempt Seen"; flow:established,to_client; content:"action"; priority:2; metadata:cwe_id 416,cvss_v3_base 3.7,hostile src_ip,created_at 2017-06-18,capec_id 129,updated_at 2017-06-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target http-client,attack_target client,cvss_v3_temporal 4.1,cve 2015-3323433,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80186579;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRUNK SLAPSTICK Malware Communication"; flow:established,to_server; content:"slapstick"; priority:2; metadata:cwe_id 657,malware post-infection,created_at 2017-07-07,updated_at 2017-07-07,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186580;) drop http any any -> $HOME_NET any (msg:"Acme - UNEXPECTED EXPERT Exploitation Attempt Seen"; flow:established,to_server; content:"expert"; priority:2; metadata:cwe_id 305,cwe_id 285,cvss_v3_base 4.0,hostile src_ip,created_at 2018-08-11,capec_id 115,updated_at 2018-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cvss_v3_temporal 3.7,cve 2018-4246564,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80186581;) drop http any any -> $HOME_NET any (msg:"Acme - INDEPENDENT BOTTLING Exploitation Attempt Seen"; flow:established,to_server; content:"bottling"; priority:2; metadata:cwe_id 305,cwe_id 285,cvss_v3_base 1.8,hostile src_ip,created_at 2017-06-18,capec_id 115,updated_at 2017-06-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target server,attack_target http-server,cvss_v3_temporal 1.4,cve 2016-9955570,cvss_v2_temporal 1.4,protocols http,protocols tcp; rev:2; sid:80186582;) drop http any any -> $HOME_NET any (msg:"Acme - FLAT PLATFORM Traffic Detected"; flow:established,to_server; content:"platform"; priority:2; metadata:cwe_id 657,hostile src_ip,created_at 2015-01-10,capec_id 115,updated_at 2015-01-14,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186583;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POISED FIBER Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"fiber"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-09-23,updated_at 2019-09-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186584;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIRTY OWNER Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"owner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-08-19,updated_at 2019-08-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186585;) drop http any any -> $HOME_NET any (msg:"Acme - SUNKNOWNT REPROCESSING Malware Communication"; flow:established,to_server; content:"reprocessing"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-03-26,updated_at 2017-03-26,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80186586;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLAR VALUE Malware Communication"; flow:established; content:"value"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2018-03-17,updated_at 2018-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186587;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRETTY QUAIL Traffic Detected"; flow:established, to_server; content:"quail"; priority:1; metadata:hostile dest_ip,created_at 2019-04-11,updated_at 2019-04-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186588;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BREAKABLE SAVING Malware Communication"; flow:established, to_server; content:"saving"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2015-07-20,updated_at 2015-07-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80186589;) drop http any any -> $HOME_NET any (msg:"Acme - PERMANENT EXPERIENCE Traffic Detected"; flow:established,to_server; content:"experience"; priority:2; metadata:hostile src_ip,created_at 2019-03-20,capec_id 152,updated_at 2019-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186590;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN COMPOST Traffic Detected"; flow:established,to_server; content:"compost"; priority:3; metadata:hostile src_ip,created_at 2019-03-25,capec_id 310,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80186591;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAFENING LIGHTNING Malware Communication"; flow:established,to_client; content:"lightning"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-08-13,updated_at 2018-08-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186592;) drop http any any -> $HOME_NET any (msg:"Acme - AGREEABLE BLOOM Malware Communication"; flow:established,to_server; content:"bloom"; priority:3; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-03,updated_at 2019-10-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186593;) drop http any any -> $HOME_NET any (msg:"Acme - CAUTIOUS SHINE Malware Communication"; flow:established,to_server; content:"shine"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-07-23,updated_at 2017-07-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186594;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXPERIMENTAL LIP Malware Communication"; flow:established,to_server; content:"lip"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-02-01,updated_at 2019-02-01,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186595;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNY COLLECTION Malware Communication"; flow:established,to_server; content:"collection"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-13,updated_at 2019-01-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186596;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ILL STITCH Malware Communication"; flow:established,to_server; content:"stitch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-11,updated_at 2018-07-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186597;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSERVATIVE RAKE Malware Communication"; flow:established,to_server; content:"rake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-12,updated_at 2017-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186598;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUE LINGUISTICS Traffic Detected"; flow:established,to_server; content:"linguistics"; priority:3; metadata:hostile src_ip,created_at 2019-11-05,capec_id 286,updated_at 2019-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80186599;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG-TERM VEIN Traffic Detected"; flow:established,to_server; content:"vein"; priority:3; metadata:hostile src_ip,created_at 2016-03-23,capec_id 286,updated_at 2016-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186600;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUDE HOBBIES Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"hobbies"; priority:2; metadata:cwe_id 399,cvss_v3_base 3.0,hostile src_ip,created_at 2019-02-09,capec_id 100,updated_at 2019-02-09,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cvss_v3_temporal 1.6,cve 2019-5510122,cvss_v2_temporal 1.6,protocols http,protocols tcp; rev:2; sid:80186601;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD ARCH-RIVAL Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"arch-rival"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-03-13,updated_at 2019-03-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186602;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELECTRONIC TOAST Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"toast"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-03-19,updated_at 2019-03-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186603;) drop http $HOME_NET any -> any any (msg:"Acme - UNKNOWN DRY Malware Communication"; flow:established,to_server; content:"dry"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-09,updated_at 2019-09-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186604;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIMY RUIN Malware Communication"; flow:established,to_server; content:"ruin"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-09-25,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186605;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WHISPERING SEASHORE Exploitation Attempt Seen"; flow:established,to_server; content:"seashore"; priority:4; metadata:cwe_id 20,cvss_v3_base 5.0,hostile src_ip,created_at 2018-02-22,capec_id 232,updated_at 2018-02-28,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target server,attack_target http-server,cvss_v3_temporal 6.2,cve 2018-7923455,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80186606;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY HABIT Exploitation Attempt Seen"; flow:established,to_server; content:"habit"; priority:4; metadata:cwe_id 20,cvss_v3_base 3.1,hostile src_ip,created_at 2017-08-08,capec_id 232,updated_at 2017-08-22,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target server,attack_target http-server,cvss_v3_temporal 4.2,cve 2017-4520428,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80186607;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PANICKY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-02-27,updated_at 2016-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186608;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ADAPTER Malware Communication"; flow:established,to_server; content:"adapter"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-19,updated_at 2018-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186609;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AUNKNOWNIC NEEDLE Malware Communication"; flow:established, to_client; content:"needle"; priority:4; metadata:cwe_id 506,malware download-attempt,created_at 2018-06-17,updated_at 2018-06-23,filename acme.rules,priority info,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186610;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESIDENTIAL SHIP Exploitation Attempt Seen"; flow:established,to_server; content:"ship"; priority:3; metadata:cwe_id 94,cvss_v3_base 7.7,hostile src_ip,created_at 2019-06-08,capec_id 248,updated_at 2019-06-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,attack_target http-server,cvss_v3_temporal 7.9,cve 2019-1009643,cvss_v2_temporal 7.9,protocols http,protocols tcp; rev:5; sid:80186611;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOST CELLAR Malware Communication"; flow:established,to_server; content:"cellar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-18,updated_at 2016-03-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186612;) alert tcp any any -> any any (msg:"Acme - ORGANIC INDIVIDUAL Exploitation Attempt Seen"; flow:established, to_server; content:"individual"; priority:3; metadata:hostile src_ip,created_at 2019-10-05,updated_at 2019-10-08,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2018-662396,protocols sip,protocols tcp; rev:1; sid:80186613;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WHOLE EVIDENCE Malware Communication"; flow:established,to_server; content:"evidence"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-07,updated_at 2016-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186614;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRIED CURSOR Malware Communication"; flow:established,from_server; file_data; content:"cursor"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-09-08,updated_at 2019-09-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186615;) #alert http any any -> $HOME_NET any (msg:"Acme - PRIMARY ISLAND Traffic Detected"; flow:established, to_server; content:"island"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-05-11,capec_id 116,updated_at 2017-05-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186616;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELAXED SPAGHETTI Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"spaghetti"; priority:2; metadata:cwe_id 119,cvss_v3_base 5.1,hostile src_ip,created_at 2018-01-02,capec_id 255,updated_at 2018-01-05,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cvss_v3_temporal 5.0,cve 2018-2436776,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:2; sid:80186617;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CONDOMINIUM Traffic Detected"; flow:established,to_client; content:"condominium"; priority:1; metadata:hostile src_ip,created_at 2019-06-24,updated_at 2019-06-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186618;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MYSTERIOUS GROUPER Traffic Detected"; flow:established,to_server; content:"grouper"; priority:1; metadata:cwe_id 506,hostile dest_ip,created_at 2016-09-24,updated_at 2016-09-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186619;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EDUCATIONAL WARDEN Traffic Detected"; flow:established,to_server; content:"warden"; priority:1; metadata:cwe_id 506,hostile dest_ip,created_at 2017-03-27,updated_at 2017-03-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186620;) drop http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - EMPTY UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2018-03-05,updated_at 2018-03-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186621;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SORE BIRDBATH Malware Communication"; flow:established,to_server; content:"birdbath"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-19,updated_at 2016-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186622;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEVER SNOB Malware Communication"; flow:established,to_server; urilen:>100; content:"snob"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-14,updated_at 2019-05-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186623;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MONEY Malware Communication"; flow:established,to_server; urilen:>100; content:"money"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-02-04,updated_at 2016-02-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186624;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL BOTANY Malware Communication"; flow:established,to_server; content:"botany"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-23,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186625;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELAXED ANTEATER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"anteater"; priority:3; metadata:hostile src_ip,created_at 2019-10-26,capec_id 248,updated_at 2019-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-6874782,cve 2019-6874782,protocols http,protocols tcp; rev:2; sid:80186626;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FINE NAIL Traffic Detected"; flow:established,to_server; content:"nail"; priority:3; metadata:hostile src_ip,created_at 2019-02-10,capec_id 310,updated_at 2019-02-23,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186627;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN TELEPUNKNOWNE Malware Communication"; flow:established,to_client; content:"telepUNKNOWNe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-02-19,updated_at 2017-02-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186628;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PETITE GARBAGE Malware Communication"; flow:established,to_client; file_data; content:"garbage"; priority:2; metadata:cwe_id 20,malware pre-infection,cvss_v3_base 2.0,hostile src_ip,created_at 2019-05-10,updated_at 2019-05-22,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target http-client,attack_target client,cvss_v3_temporal 1.9,cve 2019-9165829,cvss_v2_temporal 1.9,protocols http,protocols tcp; rev:2; sid:80186629;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BOAT-BUILDING Malware Communication"; flow:established,to_server; content:"boat-building"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-09,updated_at 2017-08-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186630;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIRTY PUNKNOWNUM Malware Communication"; flow:established,to_server; content:"pUNKNOWNum"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-23,updated_at 2019-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186631;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SHORTWAVE Malware Communication"; flow:established,to_server; content:"shortwave"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-16,updated_at 2018-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186632;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ETHNIC SMELL Exploitation Attempt Seen"; flow:established, to_server; content:"smell"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2015-11-12,capec_id 100,updated_at 2015-11-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-5240393,protocols http,protocols tcp; rev:2; sid:80186633;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAINY OUTSET Malware Communication"; flow:established,to_server; content:"outset"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-24,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186634;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMBINED ECONOMICS Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"economics"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2017-10-08,capec_id 119,updated_at 2017-10-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-8481842,protocols http,protocols tcp; rev:2; sid:80186635;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAME TAMBOUR Malware Communication"; flow:established,to_server; content:"tambour"; priority:2; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-04-09,updated_at 2019-04-23,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186636;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FREQUENT GANDER Traffic Detected"; flow:established,to_server; content:"gander"; priority:1; metadata:hostile dest_ip,created_at 2017-06-16,updated_at 2017-06-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186637;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORWARD SPOT Malware Communication"; flow:established,to_server; content:"spot"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2018-02-11,updated_at 2018-02-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186638;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPERIOR HIDE Exploitation Attempt Seen"; flow:established,to_server; content:"hide"; priority:2; metadata:cwe_id 434,cvss_v3_base 6.7,hostile src_ip,created_at 2019-07-08,capec_id 262,updated_at 2019-07-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target server,attack_target http-server,cvss_v3_temporal 5.3,cve 2019-1050319,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80186639;) drop tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUNY MANIAC Malware Communication"; flow:established,to_server; ssl_state:client_hello; content:"maniac"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2019-08-27,updated_at 2019-08-27,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186640;) #alert tcp any any -> $HOME_NET any (msg:"Acme - CONSISTENT MENTION Traffic Detected"; flow:established, to_server; content:"mention"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2016-11-07,capec_id 100,updated_at 2016-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80186641;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISTY SAILOR Malware Communication"; flow:established,to_server; content:"sailor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-03-23,updated_at 2015-03-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186642;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORTHCOMING THRUSH Malware Communication"; flow:established,to_server; content:"thrush"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-11-08,updated_at 2017-11-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186643;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OK BONUS Malware Communication"; flow:established,to_server; urilen:>300,norm; content:"bonus"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-05-19,updated_at 2019-05-19,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186644;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAVE SALOON Malware Communication"; flow:established,to_server; content:"saloon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-17,updated_at 2018-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186645;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANCIENT ONE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"one"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2017-10-16,capec_id 100,updated_at 2017-10-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-24612,protocols http,protocols tcp; rev:2; sid:80186646;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARIABLE CRICKET Malware Communication"; flow:established, to_server; content:"cricket"; priority:3; metadata:cwe_id 507,malware pre-infection,hostile src_ip,created_at 2018-11-19,updated_at 2018-11-19,filename email.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80186647;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ECONOMIC LOGIC Malware Communication"; flow:established,to_server; content:"logic"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-17,updated_at 2017-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:2; sid:80186648;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND MARE Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"mare"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-08-27,updated_at 2019-08-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186649;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLORIOUS DROP Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"drop"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-05-24,updated_at 2018-05-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186650;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNINTERESTED FASCIA Malware Communication"; flow:established,to_server; content:"fascia"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-07,updated_at 2017-10-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:2; sid:80186651;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWKWARD THRONE Malware Communication"; flow:established,to_server; content:"throne"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186652;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTIRE RETAILER Malware Communication"; flow:established,to_server; content:"retailer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-11,updated_at 2018-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186653;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CERTAIN PRODUCER Malware Communication"; flow:established,to_server; stream_size:client,<,500; content:"producer"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-05-23,updated_at 2018-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186654;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UGLIEST MEMORY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"memory"; priority:3; metadata:cwe_id 16,hostile src_ip,created_at 2017-09-22,capec_id 253,updated_at 2017-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-3364255,protocols http,protocols tcp; rev:2; sid:80186655;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MID VIRGINAL Traffic Detected"; flow:established,to_server; content:"virginal"; priority:2; metadata:hostile src_ip,created_at 2016-11-07,capec_id 152,updated_at 2016-11-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186656;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILD BUFFER Traffic Detected"; flow:established,to_server; urilen:<64; content:"buffer"; priority:1; metadata:hostile dest_ip,created_at 2019-04-15,updated_at 2019-04-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186657;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCEPTIONAL RETINA Traffic Detected"; flow:established,to_server; content:"retina"; priority:1; metadata:hostile dest_ip,created_at 2019-08-02,updated_at 2019-08-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186658;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAD HUT Malware Communication"; flow:established, to_client; file_data; content:"hut"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-03-01,updated_at 2018-03-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186659;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCHANGED STROKE Malware Communication"; flow:established,to_server; content:"stroke"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-03-21,updated_at 2017-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186660;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRAMATIC SOURWOOD Malware Communication"; flow:established,to_client; file_data; content:"sourwood"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-22,updated_at 2019-03-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186661;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DULL EASEL Traffic Detected"; flow:established,to_server; content:"easel"; priority:1; metadata:hostile dest_ip,created_at 2018-05-08,updated_at 2018-05-09,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186662;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CHUG Malware Communication"; flow:established,to_server; content:"chug"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-04-17,updated_at 2018-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:2; sid:80186663;) drop http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - CRAZY FOLLOWING Exploitation Attempt Seen"; flow:established,to_server; content:"following"; priority:3; metadata:cwe_id 425,cvss_v3_base 3.3,hostile src_ip,created_at 2017-10-22,capec_id 232,updated_at 2017-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target server,attack_target http-server,cvss_v3_temporal 4.1,cve 2017-2110899,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80186664;) alert http any any -> $HOME_NET any (msg:"Acme - RADICAL INVITE Traffic Detected"; flow:established,to_server; content:"invite"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2017-04-27,capec_id 21,updated_at 2017-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186665;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIEF WOODSHED Malware Communication"; flow:established,to_server; content:"woodshed"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-01,updated_at 2016-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186666;) drop http $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - NOSY GO-KART Exploitation Attempt Seen"; flow:established,to_server; content:"go-kart"; priority:3; metadata:cwe_id 425,cvss_v3_base 3.5,hostile src_ip,created_at 2017-09-05,capec_id 232,updated_at 2017-09-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target server,attack_target http-server,cvss_v3_temporal 4.9,cve 2017-4754210,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:2; sid:80186667;) drop http any any -> $HOME_NET any (msg:"Acme - TROUBLED SEMICIRCLE Exploitation Attempt Seen"; flow:established,to_server; content:"semicircle"; priority:2; metadata:cwe_id 78,cvss_v3_base 2.4,hostile src_ip,created_at 2019-06-10,capec_id 248,updated_at 2019-06-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cvss_v3_temporal 3.0,cve 2016-6028030,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80186668;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRAIGHT VIBE Malware Communication"; flow:established,to_server; content:"vibe"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-07-07,updated_at 2019-07-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186669;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PANICKY GANDER Malware Communication"; flow:established,to_server; content:"gander"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-15,updated_at 2019-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80186670;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERESTING GROWTH Malware Communication"; flow:established, to_server; content:"growth"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-11-23,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80186671;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSOLUTE WEDDING Malware Communication"; flow:established,to_client; file_data; content:"wedding"; priority:2; metadata:cwe_id 507,malware pre-infection,hostile src_ip,created_at 2019-09-14,updated_at 2019-09-18,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186672;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MONETARY BELIEVE Malware Communication"; flow:established,to_client; content:"believe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-01-04,updated_at 2015-01-13,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186673;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY OXEN Malware Communication"; flow:established,to_client; file_data; content:"oxen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-08-13,updated_at 2019-08-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186674;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAPABLE NAME Malware Communication"; flow:established,to_client; file_data; content:"name"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-04-07,updated_at 2018-04-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186675;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRAVE KNITTING Traffic Detected"; flow:established,to_server; content:"knitting"; priority:1; metadata:hostile dest_ip,created_at 2019-03-04,updated_at 2019-03-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186676;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARP POLLUTION Traffic Detected"; flow:established,to_server; content:"pollution"; priority:2; metadata:hostile dest_ip,created_at 2018-11-27,capec_id 232,updated_at 2018-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186677;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMATEUR CHEETAH Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"cheetah"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-06-20,updated_at 2016-06-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186678;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COGNITIVE REAR Malware Communication"; flow:established,to_server; content:"rear"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-27,updated_at 2017-04-27,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186679;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - HURT GERBIL Malware Communication"; flow:established, to_server; content:"gerbil"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-10-04,updated_at 2018-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186680;) drop tls $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTINUED EMPLOYEE Malware Communication"; flow:established,to_server; ssl_state:client_hello; content:"employee"; priority:3; metadata:cwe_id 506,malware post-infection,created_at 2017-09-23,updated_at 2017-09-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186681;) #alert tcp any any -> $HOME_NET any (msg:"Acme - GENERAL FROWN Exploitation Attempt Seen"; flow:established, to_server; content:"frown"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-09-02,capec_id 100,updated_at 2018-09-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-292441,protocols tcp; rev:1; sid:80186682;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLYING SCALE Traffic Detected"; flow:established,to_server; content:"scale"; priority:1; metadata:hostile dest_ip,created_at 2018-04-25,updated_at 2018-04-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186683;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YOUNG ASSISTANCE Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"assistance"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-07-26,updated_at 2018-07-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186684;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT DISCIPLINE Malware Communication"; flow:established,to_server; content:"discipline"; priority:1; metadata:cwe_id 507,malware pre-infection,created_at 2018-02-07,updated_at 2018-02-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186685;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ICY MACHINE Malware Communication"; flow:established,to_client; content:"machine"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-04-24,updated_at 2018-04-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186686;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAME OVAL Malware Communication"; flow:established,to_server; content:"oval"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-18,updated_at 2019-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186687;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARP HUMIDITY Traffic Detected"; flow:established,to_server; content:"humidity"; priority:1; metadata:hostile dest_ip,created_at 2019-04-05,updated_at 2019-04-05,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186688;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OPPOSITE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-24,updated_at 2017-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186689;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CABIN Traffic Detected"; flow:established,to_server; content:"cabin"; priority:1; metadata:hostile dest_ip,created_at 2016-01-20,updated_at 2016-01-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186690;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TYPICAL RANDOM Malware Communication"; flow:established,to_server; content:"random"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-06-03,updated_at 2017-06-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186691;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CROOKED MAGAZINE Malware Communication"; flow:established,to_server; content:"magazine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-21,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186692;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPONTANEOUS KENDO Malware Communication"; flow:established,to_server; content:"kendo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-01,updated_at 2016-08-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186693;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNIFORM BEAR Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"bear"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-07-15,updated_at 2019-07-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186694;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURPLE HELICOPTER Malware Communication"; flow:established,to_server; content:"helicopter"; priority:2; metadata:cwe_id 434,malware pre-infection,hostile src_ip,created_at 2019-02-24,updated_at 2019-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186695;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE FIELD Exploitation Attempt Seen"; flow:established,to_server; content:"field"; priority:3; metadata:cwe_id 78,cvss_v3_base 2.7,hostile src_ip,created_at 2018-05-20,capec_id 255,updated_at 2018-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target server,attack_target http-server,cvss_v3_temporal 2.8,cve 2017-5782107,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80186696;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORDINARY STEP-AUNT Exploitation Attempt Seen"; flow:established,to_server; content:"step-aunt"; priority:4; metadata:cwe_id 77,cvss_v3_base 7.4,hostile src_ip,created_at 2019-03-20,capec_id 88,updated_at 2019-03-23,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 8.0,cvss_v3_temporal 8.7,cve 2019-7577725,cvss_v2_temporal 8.7,protocols http,protocols tcp; rev:2; sid:80186697;) drop tcp any any -> $HOME_NET any (msg:"Acme - ABOVE COMPETITOR Traffic Detected"; flow:established,from_client; content:"competitor"; priority:2; metadata:cwe_id 506,hostile src_ip,created_at 2019-03-04,capec_id 286,updated_at 2019-03-12,filename netbios.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80186698;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMATEUR DUNGAREES Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"dungarees"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-05-18,updated_at 2017-05-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186699;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VISUAL PANPIPE Traffic Detected"; flow:established, to_client; file_data; content:"panpipe"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2019-08-21,capec_id 257,updated_at 2019-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186700;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SECONDARY SECRET Malware Communication"; flow:established,to_server; content:"secret"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-11,updated_at 2019-07-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186701;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MYSTERIOUS ETHICS Malware Communication"; flow:established,to_server; content:"ethics"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-19,updated_at 2017-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186702;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLAT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-07,updated_at 2016-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186703;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARED STOCK Malware Communication"; flow:established,to_server; content:"stock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-13,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186704;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DESIRABLE OUTSIDE Malware Communication"; flow:established,to_server; content:"outside"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-05-19,updated_at 2019-05-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186705;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISGUSTED SQUATTER Traffic Detected"; flow:established,to_server; content:"squatter"; priority:1; metadata:hostile dest_ip,created_at 2018-08-25,updated_at 2018-08-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186706;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ARTIFICIAL TUBA Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"tuba"; priority:3; metadata:cwe_id 399,cvss_v3_base 6.1,hostile src_ip,created_at 2018-06-25,capec_id 118,updated_at 2018-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target http-client,attack_target client,cvss_v3_temporal 5.8,cve 2017-2768331,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80186707;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAIR WRAPAROUND Traffic Detected"; flow:established,to_server; content:"wraparound"; priority:1; metadata:hostile dest_ip,created_at 2017-02-03,updated_at 2017-02-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186708;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FINE SHEEP Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"sheep"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-03-22,capec_id 253,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-8679089,protocols http,protocols tcp; rev:2; sid:80186709;) drop http any any -> $HOME_NET any (msg:"Acme - MISSING MILLIMETER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"millimeter"; priority:2; metadata:cwe_id 399,cvss_v3_base 3.8,hostile src_ip,created_at 2019-03-12,capec_id 248,updated_at 2019-03-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cvss_v3_temporal 4.7,cve 2017-5331429,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:3; sid:80186710;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COGNITIVE LEARNING Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"learning"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-04-18,updated_at 2017-04-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186711;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SENIOR TUNE-UP Traffic Detected"; flow:established,to_server; content:"tune-up"; priority:2; metadata:hostile src_ip,created_at 2018-01-16,capec_id 113,updated_at 2018-01-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186712;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNIFORM OBESITY Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"obesity"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-04-15,updated_at 2016-04-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186713;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEGITIMATE HOSTESS Traffic Detected"; flow:established,to_server; content:"hostess"; priority:2; metadata:hostile src_ip,created_at 2019-01-22,capec_id 232,updated_at 2019-01-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186714;) #alert http any any -> $HOME_NET any (msg:"Acme - LOUD BLANK Exploitation Attempt Seen"; flow:established, to_server; content:"blank"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2017-01-16,capec_id 253,updated_at 2017-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-1446279,protocols http,protocols tcp; rev:2; sid:80186715;) drop http any any -> $HOME_NET any (msg:"Acme - COASTAL DISCOUNT Exploitation Attempt Seen"; flow:established,to_server; content:"discount"; priority:3; metadata:cwe_id 79,cvss_v3_base 3.6,hostile src_ip,created_at 2019-09-23,capec_id 63,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cvss_v3_temporal 3.5,cve 2017-3989288,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80186716;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMART CONNECTION Traffic Detected"; flow:established,to_server; content:"connection"; priority:1; metadata:hostile dest_ip,created_at 2019-02-09,updated_at 2019-02-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186717;) alert ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHINY OVERCHARGE Traffic Detected"; flow:established,to_server; content:"overcharge"; priority:4; metadata:hostile dest_ip,created_at 2016-09-22,updated_at 2016-09-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186718;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVANCED LILY Malware Communication"; flow:established,to_server; content:"lily"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2016-02-11,updated_at 2016-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186719;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROKEN CHEETAH Malware Communication"; flow:established,to_server; content:"cheetah"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-09-15,updated_at 2019-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186720;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WISE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-17,updated_at 2019-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186721;) drop http any any -> $HOME_NET any (msg:"Acme - CHEERFUL APPOINTMENT Exploitation Attempt Seen"; flow:established,to_server; content:"appointment"; priority:2; metadata:cwe_id 502,cvss_v3_base 7.6,hostile src_ip,created_at 2019-03-04,capec_id 248,updated_at 2019-03-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cvss_v3_temporal 7.4,cve 2015-6924345,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:3; sid:80186722;) drop http any any -> $HOME_NET any (msg:"Acme - JUDICIAL CENTIMETER Exploitation Attempt Seen"; flow:established,to_server; content:"centimeter"; priority:2; metadata:cwe_id 502,cvss_v3_base 5.5,hostile src_ip,created_at 2017-04-02,capec_id 248,updated_at 2017-04-04,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target http-server,cvss_v3_temporal 6.1,cve 2017-8428056,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:3; sid:80186723;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNPLEASANT CANDIDATE Traffic Detected"; flow:established,to_client; file_data; content:"candidate"; priority:2; metadata:hostile src_ip,created_at 2019-07-08,capec_id 255,updated_at 2019-07-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186724;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN SLICE Traffic Detected"; flow:established,to_client; file_data; content:"slice"; priority:2; metadata:hostile src_ip,created_at 2016-04-11,capec_id 255,updated_at 2016-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186725;) drop http any any -> $HOME_NET any (msg:"Acme - PETITE FEEL Exploitation Attempt Seen"; flow:established, to_client; content:"feel"; priority:2; metadata:cwe_id 843,cvss_v3_base 5.2,hostile src_ip,created_at 2015-08-24,capec_id 248,updated_at 2015-08-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cvss_v3_temporal 5.9,cve 2015-6746555,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:3; sid:80186726;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIM RIVULET Malware Communication"; flow:established,to_server; content:"rivulet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-16,updated_at 2019-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186727;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TERRITORIAL CAPTION Traffic Detected"; flow:established,to_client; file_data; content:"caption"; priority:2; metadata:cwe_id 506,hostile src_ip,created_at 2019-04-02,capec_id 152,updated_at 2019-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186728;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANGRY EVENING-WEAR Exploitation Attempt Seen"; flow:established,to_server; content:"evening-wear"; priority:3; metadata:hostile src_ip,created_at 2016-05-13,updated_at 2016-05-22,filename smtp.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2015-3238343,protocols smtp,protocols tcp; rev:1; sid:80186729;) drop http $HOME_NET any -> any any (msg:"Acme - PRIVATE CONNECTION Malware Communication"; flow:established, to_server; content:"connection"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-03-15,updated_at 2016-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186730;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INHERENT MAMBO Malware Communication"; flow:established,to_server; content:"mambo"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-26,updated_at 2019-04-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186731;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OBJECTIVE SWITCH Malware Communication"; flow:established, to_server; content:"switch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-16,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186732;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTURBED LUNGE Traffic Detected"; flow:established,to_server; content:"lunge"; priority:1; metadata:hostile dest_ip,created_at 2018-07-07,updated_at 2018-07-12,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186733;) drop smtp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WILLING CAREER Malware Communication"; flow:established, to_server; content:"career"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-10-24,updated_at 2018-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80186734;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICK LAP Malware Communication"; flow:established,from_server; file_data; content:"lap"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-07-25,updated_at 2019-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186735;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRAINY RECRUIT Malware Communication"; flow:established, to_server; content:"recruit"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-01-27,updated_at 2018-01-27,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186736;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNUSUAL SAVING Exploitation Attempt Seen"; flow:established, to_server; content:"saving"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-20,capec_id 100,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target smtp-server,cve 2019-4076586,cvss_v2_temporal 3.4,protocols smtp,protocols tcp; rev:2; sid:80186737;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LONELINESS Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"loneliness"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-05-20,updated_at 2019-05-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186738;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCARY CROW Malware Communication"; flow:established,to_server; content:"crow"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-04,updated_at 2019-09-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186739;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENCOURAGING TUNNEL Malware Communication"; flow:established, to_server; content:"tunnel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-12,updated_at 2017-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186740;) #alert tcp any any -> $HOME_NET any (msg:"Acme - COMPACT DANCE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"dance"; priority:3; metadata:hostile dest_ip,created_at 2019-03-11,capec_id 253,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2018-3555325,protocols http,protocols tcp; rev:1; sid:80186741;) drop http $HOME_NET any -> any any (msg:"Acme - POOR GLASS Malware Communication"; flow:established,to_server; content:"glass"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-21,updated_at 2019-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186742;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTINUING UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-11-06,updated_at 2018-11-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186743;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILLY CELERIAC Traffic Detected"; flow:established,to_server; content:"celeriac"; priority:1; metadata:hostile dest_ip,created_at 2019-10-18,updated_at 2019-10-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186744;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HAPPY DECONGESTANT Traffic Detected"; flow:established,to_server; content:"decongestant"; priority:1; metadata:hostile dest_ip,created_at 2018-03-14,updated_at 2018-03-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186745;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRECIOUS RAKE Malware Communication"; flow:established,to_client; ssl_state:server_hello; ssl_state:server_hello; content:"rake"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-03-21,updated_at 2018-03-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186746;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BITTER FLANKER Malware Communication"; flow:established, to_server; content:"flanker"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-13,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186747;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INSUFFICIENT FIELD Traffic Detected"; flow:established,to_server; content:"field"; priority:1; metadata:hostile dest_ip,created_at 2016-10-10,updated_at 2016-10-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186748;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRICT VISUAL Malware Communication"; flow:established, to_server; content:"visual"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-23,updated_at 2019-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186749;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JUST TURNOVER Malware Communication"; flow:established, to_server; content:"turnover"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-08-05,updated_at 2019-08-06,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186750;) drop http any any -> $HOME_NET any (msg:"Acme - CHARMING STEPSON Malware Communication"; flow:established, to_server; content:"stepson"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-05-18,updated_at 2015-05-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186751;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VAST UNKNOWNWATCH Malware Communication"; flow:established, to_server; content:"UNKNOWNwatch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-22,updated_at 2019-06-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186752;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EQUIVALENT CABBAGE Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"cabbage"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-03-04,updated_at 2018-03-11,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186753;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRESIDENTIAL MAILMAN Malware Communication"; flow:established, to_server; content:"mailman"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-04-23,updated_at 2018-04-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186754;) drop http any any -> $EXTERNAL_NET any (msg:"Acme - CONSIDERABLE CREATURE Malware Communication"; flow:established, to_server; content:"creature"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-14,updated_at 2019-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80186755;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WIDE-EYED INNOCENCE Malware Communication"; flow:established,to_server; content:"innocence"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-06,updated_at 2016-03-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186756;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WHISPERING TOTAL Malware Communication"; flow:established,to_server; content:"total"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-19,updated_at 2019-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186757;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLAT SHOFAR Malware Communication"; flow:established,to_server; content:"shofar"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-11,updated_at 2019-11-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186758;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRONG SHAPE Traffic Detected"; flow:established,to_server; content:"shape"; priority:1; metadata:hostile dest_ip,created_at 2019-06-27,updated_at 2019-06-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186759;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STANDARD STRANGER Malware Communication"; flow:established,to_server; content:"stranger"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-06,updated_at 2017-03-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186760;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECIFIC PATH Malware Communication"; flow:established,to_server; content:"path"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-05,updated_at 2018-05-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186761;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WITHDRAWAL Malware Communication"; flow:established,to_server; content:"withdrawal"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-08,updated_at 2016-09-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186762;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUND PARD Malware Communication"; flow:established, to_server; content:"pard"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-11,updated_at 2019-04-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186763;) #alert http $EXTERNAL_NET any -> any any (msg:"Acme - OUTDOOR KINDNESS Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"kindness"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-22,capec_id 253,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-7267794,protocols http,protocols tcp; rev:3; sid:80186764;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAINY CORD Malware Communication"; flow:established, to_client; content:"cord"; priority:3; metadata:cwe_id 506,malware pre-infection,created_at 2015-06-25,updated_at 2015-06-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:4; sid:80186765;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIGITAL FREEDOM Malware Communication"; flow:established, to_server; content:"freedom"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-07-15,updated_at 2018-07-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186766;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURLY ABDOMEN Malware Communication"; flow:established, to_server; content:"abdomen"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-09,updated_at 2018-10-23,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186767;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DETAILED BIRDBATH Malware Communication"; flow:established,to_server; content:"birdbath"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-26,updated_at 2016-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186768;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURPLE BIFOCALS Malware Communication"; flow:established,to_server; content:"bifocals"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186769;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEAN GRAPH Malware Communication"; flow:established,to_client; content:"graph"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-03-16,updated_at 2016-03-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186770;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARP CANNON Malware Communication"; flow:established,to_server; content:"cannon"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-05-27,updated_at 2019-05-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186771;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIEF PARSNIP Malware Communication"; flow:established,to_server; content:"parsnip"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-12,updated_at 2019-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186772;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LABOUR TIRE Traffic Detected"; flow:established,to_server; content:"tire"; priority:3; metadata:hostile src_ip,created_at 2019-10-02,capec_id 248,updated_at 2019-10-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186773;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMAZING GEM Malware Communication"; flow:established, to_server; content:"gem"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-07,updated_at 2019-02-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186774;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE CONGRESSPERSON Malware Communication"; flow:established, to_client; content:"congressperson"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-11-17,updated_at 2016-11-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186775;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPLESS PIZZA Traffic Detected"; flow:established,to_server; content:"pizza"; priority:3; metadata:hostile src_ip,created_at 2018-07-15,capec_id 253,updated_at 2018-07-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186776;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - METROPOLITAN RADIATOR Malware Communication"; flow:established,to_client; content:"radiator"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-06-12,updated_at 2018-06-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186777;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIOR FLOW Traffic Detected"; flow:established,to_server; content:"flow"; priority:4; metadata:cwe_id 200,hostile src_ip,created_at 2019-06-19,capec_id 310,updated_at 2019-06-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186778;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRONG PAGE Traffic Detected"; flow:established,to_server; content:"page"; priority:3; metadata:hostile src_ip,created_at 2017-08-13,capec_id 248,updated_at 2017-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186779;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELEVANT CASCADE Malware Communication"; flow:established, to_server; content:"cascade"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-08,updated_at 2017-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186780;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN GIRAFFE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"giraffe"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2019-07-01,capec_id 253,updated_at 2019-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-8712947,protocols http,protocols tcp; rev:2; sid:80186781;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISTY LINGUISTICS Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"linguistics"; priority:2; metadata:cwe_id 416,cvss_v3_base 5.3,hostile src_ip,created_at 2017-10-24,capec_id 129,updated_at 2017-10-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cvss_v3_temporal 6.5,cve 2015-2118397,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80186782;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEALTHY DIG Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"dig"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-03-25,capec_id 253,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-6836184,protocols http,protocols tcp; rev:2; sid:80186783;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPERB PUMA Malware Communication"; flow:established,to_server; content:"puma"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-22,updated_at 2017-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186784;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRONT MEZZANINE Malware Communication"; flow:established,to_server; content:"mezzanine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-04,updated_at 2017-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186785;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID TRAPEZIUM Malware Communication"; flow:established,to_server; content:"trapezium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-03,updated_at 2018-04-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186786;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENCOURAGING PORTHOLE Exploitation Attempt Seen"; flow:established,to_server; content:"porthole"; priority:3; metadata:cwe_id 78,cvss_v3_base 5.2,hostile src_ip,created_at 2019-07-02,capec_id 248,updated_at 2019-07-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target server,attack_target http-server,cvss_v3_temporal 5.9,cve 2018-2992798,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80186787;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UPPER PERIOD Malware Communication"; flow:established, to_client; content:"period"; priority:4; metadata:cwe_id 506,malware download-attempt,created_at 2018-09-18,updated_at 2018-09-26,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80186788;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AFRAID WEIRD Malware Communication"; flow:established, to_server; content:"weird"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-18,updated_at 2019-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186789;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLD MAP Malware Communication"; flow:established,to_server; content:"map"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-24,updated_at 2019-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186790;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINE METHANE Malware Communication"; flow:established,to_server; content:"methane"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-04-26,updated_at 2019-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186791;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNION Malware Communication"; flow:established,to_server; content:"union"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-02-23,updated_at 2019-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186792;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHRILL LEARNING Malware Communication"; flow:established,to_server; content:"learning"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-07-03,updated_at 2019-07-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186793;) alert ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUEALING SHINGLE Malware Communication"; flow:established,to_server; content:"shingle"; priority:4; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-06,updated_at 2019-02-18,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:2; sid:80186794;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CARROT Malware Communication"; flow:established,to_client; content:"carrot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-09-06,updated_at 2019-09-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186795;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MARKED OCTET Malware Communication"; flow:established,to_server; content:"octet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-03,updated_at 2019-08-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186796;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAPID SOCIOLOGY Exploitation Attempt Seen"; flow:established,to_server; content:"sociology"; priority:3; metadata:hostile src_ip,created_at 2016-05-16,capec_id 253,updated_at 2016-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cve 2016-8687083,cvss_v2_temporal 4.8,protocols tcp; rev:2; sid:80186797;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMBARRASSING WITNESS Traffic Detected"; flow:established,to_server; content:"witness"; priority:2; metadata:hostile src_ip,created_at 2018-11-12,capec_id 210,updated_at 2018-11-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80186798;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLASSIC RECESS Malware Communication"; flow:established,to_server; content:"recess"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2015-05-16,updated_at 2015-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186799;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRESH SURNAME Malware Communication"; flow:established,to_server; content:"surname"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-08-02,updated_at 2019-08-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186800;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MATURE STUMBLING Traffic Detected"; flow:established,to_server; content:"stumbling"; priority:1; metadata:hostile dest_ip,created_at 2015-02-03,updated_at 2015-02-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186801;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORANGE LINK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"link"; priority:2; metadata:cwe_id 119,cvss_v3_base 5.8,hostile src_ip,created_at 2018-10-23,capec_id 248,updated_at 2018-10-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cvss_v3_temporal 6.0,cve 2017-503582,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80186802;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPETENT SETTLER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"settler"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-06-16,capec_id 242,updated_at 2019-06-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-2910520,protocols http,protocols tcp; rev:2; sid:80186803;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN CIRRUS Malware Communication"; flow:established,to_client; content:"cirrus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-09-18,updated_at 2018-09-19,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186804;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY STORM Traffic Detected"; flow:established,to_server; content:"storm"; priority:3; metadata:hostile src_ip,created_at 2019-07-22,capec_id 310,updated_at 2019-07-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186805;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JUDICIAL EQUIPMENT Malware Communication"; flow:established,to_server; content:"equipment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-27,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186806;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RED STEEL Malware Communication"; flow:established,to_server; content:"steel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-22,updated_at 2018-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186807;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCONSCIOUS UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-26,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186808;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREGNANT THRILL Malware Communication"; flow:established,to_server; content:"thrill"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-25,updated_at 2016-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186809;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUDE PROPERTY Malware Communication"; flow:established, to_server; content:"property"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-25,updated_at 2018-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186810;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMMERCIAL SPANDEX Malware Communication"; flow:established,to_client; content:"spandex"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-11-02,updated_at 2018-11-02,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186811;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OVERWHELMING RAWHIDE Traffic Detected"; flow:established,to_client; content:"rawhide"; priority:2; metadata:hostile src_ip,created_at 2017-11-27,capec_id 165,updated_at 2017-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186812;) #alert tcp any any -> $HOME_NET any (msg:"Acme - FUZZY SHINGLE Exploitation Attempt Seen"; flow:established, to_server; content:"shingle"; priority:3; metadata:hostile src_ip,created_at 2015-02-06,capec_id 232,updated_at 2015-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-8265578,protocols tcp; rev:1; sid:80186813;) #alert tcp any any -> $HOME_NET any (msg:"Acme - PASSING CLERK Exploitation Attempt Seen"; flow:established, to_server; content:"clerk"; priority:3; metadata:hostile src_ip,created_at 2016-06-22,capec_id 232,updated_at 2016-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-9290703,protocols tcp; rev:1; sid:80186814;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DOMESTIC SOCK Malware Communication"; flow:established, to_server; content:"sock"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-08,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186815;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIBERAL UNBLINKING Malware Communication"; flow:established,to_server; urilen:<40,norm; content:"unblinking"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-02-11,updated_at 2019-02-11,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186816;) drop http any any -> $HOME_NET any (msg:"Acme - LOW UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 78,cvss_v3_base 6.1,hostile src_ip,created_at 2018-06-17,capec_id 88,updated_at 2018-06-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,attack_target http-server,cvss_v3_temporal 6.6,cve 2015-8397831,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80186817;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTERESTING UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-01-24,capec_id 310,updated_at 2018-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186818;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ABBEY Traffic Detected"; flow:established,to_server; content:"abbey"; priority:3; metadata:hostile src_ip,created_at 2019-11-11,capec_id 310,updated_at 2019-11-15,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186819;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STORMY COMPORTMENT Traffic Detected"; flow:established,to_server; content:"comportment"; priority:3; metadata:hostile src_ip,created_at 2017-08-16,capec_id 310,updated_at 2017-08-21,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186820;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAF UNKNOWNEY Traffic Detected"; flow:established,to_server; content:"UNKNOWNey"; priority:3; metadata:hostile src_ip,created_at 2019-03-13,capec_id 310,updated_at 2019-03-22,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186821;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMOGGY CELLAR Traffic Detected"; flow:established,to_server; content:"cellar"; priority:3; metadata:hostile src_ip,created_at 2019-06-12,capec_id 310,updated_at 2019-06-18,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186822;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EFFECTIVE CUNKNOWNAU Traffic Detected"; flow:established,to_server; content:"cUNKNOWNau"; priority:3; metadata:hostile src_ip,created_at 2018-06-24,capec_id 310,updated_at 2018-06-27,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186823;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWN STINGER Traffic Detected"; flow:established,to_server; content:"stinger"; priority:3; metadata:hostile src_ip,created_at 2019-02-20,capec_id 310,updated_at 2019-02-25,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186824;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG BIDET Traffic Detected"; flow:established,to_server; content:"bidet"; priority:3; metadata:hostile src_ip,created_at 2019-09-07,capec_id 310,updated_at 2019-09-23,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186825;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOOSE CARD Traffic Detected"; flow:established,to_server; content:"card"; priority:3; metadata:hostile src_ip,created_at 2016-06-26,capec_id 310,updated_at 2016-06-28,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186826;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENDER PAJAMA Traffic Detected"; flow:established,to_server; content:"pajama"; priority:3; metadata:hostile src_ip,created_at 2019-11-16,capec_id 310,updated_at 2019-11-21,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186827;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT KIDNEY Traffic Detected"; flow:established,to_server; content:"kidney"; priority:3; metadata:hostile src_ip,created_at 2019-11-07,capec_id 310,updated_at 2019-11-18,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186828;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN WHIRLPOOL Traffic Detected"; flow:established,to_server; content:"whirlpool"; priority:3; metadata:hostile src_ip,created_at 2016-08-22,capec_id 310,updated_at 2016-08-23,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186829;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRECIOUS HAPPINESS Traffic Detected"; flow:established,to_server; content:"happiness"; priority:3; metadata:hostile src_ip,created_at 2016-05-05,capec_id 310,updated_at 2016-05-10,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186830;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNPY TERRITORY Traffic Detected"; flow:established,to_server; content:"territory"; priority:3; metadata:hostile src_ip,created_at 2019-03-17,capec_id 310,updated_at 2019-03-28,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186831;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXACT CUCKOO Malware Communication"; flow:established,to_server; content:"cuckoo"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-24,updated_at 2018-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186832;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GRACEFUL CAPTION Traffic Detected"; flow:established,to_server; content:"caption"; priority:3; metadata:hostile src_ip,created_at 2019-06-06,capec_id 310,updated_at 2019-06-14,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186833;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CROOKED UNKNOWNDY Traffic Detected"; flow:established,to_server; content:"UNKNOWNdy"; priority:3; metadata:hostile src_ip,created_at 2019-08-16,capec_id 310,updated_at 2019-08-16,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186834;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EASTERN CONSULATE Malware Communication"; flow:established,to_server; content:"consulate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-05,updated_at 2018-06-06,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186835;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MARACAS Malware Communication"; flow:established,to_server; content:"maracas"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-08-18,updated_at 2018-08-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186836;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CALM LOW Malware Communication"; flow:established,to_client; content:"low"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-03-11,updated_at 2018-03-21,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186837;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - OUTDOOR FEATHER Traffic Detected"; flow:established, to_client; content:"feather"; priority:3; metadata:cwe_id 346,hostile src_ip,created_at 2019-07-09,capec_id 262,updated_at 2019-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186838;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUBJECTIVE TOSSER Traffic Detected"; flow:established,to_client; content:"tosser"; priority:3; metadata:cwe_id 346,hostile src_ip,created_at 2018-01-16,capec_id 262,updated_at 2018-01-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186839;) #alert http any any -> $HOME_NET any (msg:"Acme - POSITIVE EDUCATION Exploitation Attempt Seen"; flow:established, to_server; content:"education"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-11-24,capec_id 248,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-1983395,protocols http,protocols tcp; rev:2; sid:80186840;) #alert http any any -> $HOME_NET any (msg:"Acme - LTD GANDER Exploitation Attempt Seen"; flow:established, to_server; content:"gander"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-05-11,capec_id 253,updated_at 2019-05-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-8812925,protocols http,protocols tcp; rev:2; sid:80186841;) #alert http any any -> $HOME_NET any (msg:"Acme - FOLLOWING VIRTUE Exploitation Attempt Seen"; flow:established, to_server; content:"virtue"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-05-12,capec_id 253,updated_at 2019-05-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-8849312,protocols http,protocols tcp; rev:2; sid:80186842;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIVATE BOOK Malware Communication"; flow:established,to_server; content:"book"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-27,updated_at 2016-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186843;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRATEGIC UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-10,updated_at 2017-03-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186844;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AUTONOMOUS ENVY Traffic Detected"; flow:established,to_server; content:"envy"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2019-10-16,capec_id 253,updated_at 2019-10-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186845;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXACT UNKNOWNITY Traffic Detected"; flow:established,to_server; content:"UNKNOWNity"; priority:2; metadata:hostile src_ip,created_at 2019-02-07,capec_id 253,updated_at 2019-02-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186846;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOVIET CLASS Traffic Detected"; flow:established, to_server; content:"class"; priority:2; metadata:hostile src_ip,created_at 2018-10-13,capec_id 253,updated_at 2018-10-15,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186847;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSERVATION GRANDFATHER Traffic Detected"; flow:established, to_server; content:"grandfather"; priority:2; metadata:hostile src_ip,created_at 2018-07-26,capec_id 253,updated_at 2018-07-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186848;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN DOOR Traffic Detected"; flow:established,to_client; content:"door"; priority:2; metadata:hostile src_ip,created_at 2017-05-25,capec_id 225,updated_at 2017-05-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target smb-client,attack_target client,protocols smb,protocols tcp; rev:2; sid:80186849;) drop tcp any any -> $HOME_NET any (msg:"Acme - TAME SOY Traffic Detected"; flow:established,to_client; content:"soy"; priority:2; metadata:hostile src_ip,created_at 2019-08-02,capec_id 225,updated_at 2019-08-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target smb-client,attack_target client,protocols smb,protocols tcp; rev:2; sid:80186850;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN VISITOR Traffic Detected"; flow:established,to_server; content:"visitor"; priority:2; metadata:hostile src_ip,created_at 2018-06-20,capec_id 253,updated_at 2018-06-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186851;) drop http any any -> $HOME_NET any (msg:"Acme - OBEDIENT FREON Traffic Detected"; flow:established,to_server; content:"freon"; priority:2; metadata:hostile src_ip,created_at 2018-06-27,capec_id 253,updated_at 2018-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186852;) drop http any any -> $HOME_NET any (msg:"Acme - LOST ADVANTAGE Traffic Detected"; flow:established,to_server; content:"advantage"; priority:2; metadata:hostile src_ip,created_at 2019-05-12,capec_id 253,updated_at 2019-05-17,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186853;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMALL SULTAN Exploitation Attempt Seen"; flow:established,to_server; content:"sultan"; priority:3; metadata:cwe_id 78,cvss_v3_base 2.9,hostile src_ip,created_at 2018-08-07,capec_id 248,updated_at 2018-08-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 4.3,cve 2017-4227285,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:2; sid:80186854;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUDE MANIAC Traffic Detected"; flow:established,to_server; content:"maniac"; priority:3; metadata:hostile src_ip,created_at 2018-11-03,capec_id 119,updated_at 2018-11-26,filename ddos.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80186855;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRUEL CANNON Traffic Detected"; flow:established, to_server; content:"cannon"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2018-07-11,capec_id 253,updated_at 2018-07-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186856;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REDUCED STORYBOARD Traffic Detected"; flow:established,to_client; content:"storyboard"; priority:1; metadata:cwe_id 507,hostile src_ip,created_at 2019-07-11,updated_at 2019-07-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186857;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEDIEVAL RECEIPT Traffic Detected"; flow:established,to_server; content:"receipt"; priority:1; metadata:hostile dest_ip,created_at 2017-05-10,updated_at 2017-05-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186858;) drop http any any -> $HOME_NET any (msg:"Acme - INTELLIGENT GLOVE Exploitation Attempt Seen"; flow:established, to_server; content:"glove"; priority:3; metadata:cwe_id 20,cvss_v3_base 3.5,hostile src_ip,created_at 2018-07-18,capec_id 248,updated_at 2018-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target server,attack_target http-server,cvss_v3_temporal 2.6,cve 2016-3710994,cvss_v2_temporal 2.6,protocols http,protocols tcp; rev:3; sid:80186859;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMPTY OUTLAY Traffic Detected"; flow:established,to_server; content:"outlay"; priority:3; metadata:cwe_id 200,created_at 2018-09-12,capec_id 286,updated_at 2018-09-15,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80186860;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS ACCELERANT Traffic Detected"; flow:established,to_client; content:"accelerant"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-06-06,capec_id 286,updated_at 2019-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186861;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRICKLY NOTHING Malware Communication"; flow:established,to_client; content:"nothing"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-06-01,updated_at 2019-06-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186862;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABUNDANT ROSE Malware Communication"; flow:established,to_server; content:"rose"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2015-11-16,updated_at 2015-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186863;) drop http any any -> $HOME_NET any (msg:"Acme - CLOUDY CRIME Exploitation Attempt Seen"; flow:established,to_server; content:"crime"; priority:2; metadata:cwe_id 20,cvss_v3_base 6.6,hostile src_ip,created_at 2019-02-25,capec_id 248,updated_at 2019-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,attack_target http-server,cvss_v3_temporal 6.1,cve 2019-8696143,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80186864;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNAWARE THRONE Malware Communication"; flow:established,to_server; content:"throne"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-06,updated_at 2018-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186865;) drop tcp any any -> $HOME_NET any (msg:"Acme - QUIET CHIP Traffic Detected"; flow:established,to_client; content:"chip"; priority:2; metadata:hostile src_ip,created_at 2019-08-20,capec_id 225,updated_at 2019-08-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target smb-client,attack_target client,protocols smb,protocols tcp; rev:2; sid:80186866;) drop http any any -> $HOME_NET any (msg:"Acme - STRICT VALUE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"value"; priority:2; metadata:cwe_id 22,cvss_v3_base 2.5,hostile src_ip,created_at 2018-01-23,capec_id 213,updated_at 2018-01-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.1,attack_target http-client,attack_target client,cvss_v3_temporal 3.8,cve 2015-9772291,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80186867;) drop http any any -> $HOME_NET any (msg:"Acme - INTENSE POSTBOX Traffic Detected"; flow:established,to_server; content:"postbox"; priority:3; metadata:cwe_id 200,hostile dest_ip,created_at 2016-11-27,capec_id 286,updated_at 2016-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80186868;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRESENT COMPOSER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"composer"; priority:3; metadata:cwe_id 22,hostile dest_ip,created_at 2018-10-03,capec_id 253,updated_at 2018-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2018-4167604,protocols http,protocols tcp; rev:2; sid:80186869;) drop http any any -> $HOME_NET any (msg:"Acme - BOTUNKNOWN LATENCY Traffic Detected"; flow:established,to_server; content:"latency"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2018-09-24,capec_id 286,updated_at 2018-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186870;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HIGH-PITCHED YURT Traffic Detected"; flow:established, to_client; file_data; content:"yurt"; priority:1; metadata:hostile src_ip,created_at 2016-09-02,updated_at 2016-09-22,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186871;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POSITIVE TRANSACTION Malware Communication"; flow:established,from_server; file_data; content:"transaction"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2016-11-14,updated_at 2016-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186872;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ACCIDENT Malware Communication"; flow:established, to_server; content:"accident"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-09,updated_at 2018-01-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186873;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UPSET BUS Malware Communication"; flow:established,to_client; content:"bus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-08-11,updated_at 2016-08-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186874;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUOUS WEIGHT Traffic Detected"; flow:established, to_client; file_data; content:"weight"; priority:3; metadata:hostile dest_ip,created_at 2019-05-25,capec_id 253,updated_at 2019-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80186875;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - PRINTED DEW Exploitation Attempt Seen"; flow:established,to_server; content:"dew"; priority:3; metadata:cwe_id 502,cvss_v3_base 6.6,hostile src_ip,created_at 2016-07-09,capec_id 253,updated_at 2016-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,attack_target http-server,cvss_v3_temporal 5.1,cve 2015-7614617,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80186876;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AWAKE THINKING Exploitation Attempt Seen"; flow:established, to_server; content:"thinking"; priority:2; metadata:cwe_id 502,cvss_v3_base 8.1,hostile src_ip,created_at 2018-05-26,capec_id 253,updated_at 2018-05-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.3,cve 2016-250405,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:4; sid:80186877;) drop tcp any any -> $HOME_NET any (msg:"Acme - DUE SUNBEAM Exploitation Attempt Seen"; flow:established,to_server; content:"sunbeam"; priority:2; metadata:cwe_id 89,cvss_v3_base 5.7,hostile src_ip,created_at 2019-06-08,capec_id 66,updated_at 2019-06-11,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target server,cvss_v3_temporal 5.5,cve 2018-8197810,cvss_v2_temporal 5.5,protocols tcp; rev:2; sid:80186878;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNCONSCIOUS TIE Malware Communication"; flow:established,to_server; content:"tie"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-17,updated_at 2015-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186879;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD MOTEL Exploitation Attempt Seen"; flow:established, to_server; content:"motel"; priority:2; metadata:cwe_id 502,cvss_v3_base 6.2,hostile src_ip,created_at 2019-05-15,capec_id 253,updated_at 2019-05-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 6.9,cve 2016-565298,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:3; sid:80186880;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUND ACCOMPANIST Exploitation Attempt Seen"; flow:established, to_server; content:"accompanist"; priority:2; metadata:cwe_id 502,cvss_v3_base 5.4,hostile src_ip,created_at 2018-02-06,capec_id 253,updated_at 2018-02-08,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 6.2,cve 2018-8466283,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80186881;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KIND PATROL Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"patrol"; priority:3; metadata:hostile dest_ip,created_at 2017-04-01,capec_id 253,updated_at 2017-04-04,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-3723076,protocols http,protocols tcp; rev:2; sid:80186882;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLLECTIVE NETBALL Malware Communication"; flow:established,to_server; content:"netball"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-07-12,updated_at 2016-07-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186883;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRIVING WHOLESALER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"wholesaler"; priority:3; metadata:cwe_id 119,hostile dest_ip,created_at 2018-11-13,capec_id 100,updated_at 2018-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2016-2894000,protocols http,protocols tcp; rev:2; sid:80186884;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MATURE UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 502,cvss_v3_base 4.8,hostile src_ip,created_at 2017-10-11,capec_id 253,updated_at 2017-10-16,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 5.8,cve 2016-4593883,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80186885;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIABLE PLATFORM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"platform"; priority:3; metadata:cwe_id 119,hostile dest_ip,created_at 2018-05-05,capec_id 100,updated_at 2018-05-16,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-8715991,protocols http,protocols tcp; rev:2; sid:80186886;) drop http any any -> $HOME_NET any (msg:"Acme - INTERMEDIATE JELLYFISH Exploitation Attempt Seen"; flow:established, to_client; file_data; file_data; content:"jellyfish"; priority:3; metadata:cvss_v3_base 6.2,hostile src_ip,created_at 2019-01-21,capec_id 253,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.8,attack_target http-client,attack_target client,cvss_v3_temporal 6.7,cve 2017-1928765,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:3; sid:80186887;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GEOGRAPHICAL SAXOPUNKNOWNE Exploitation Attempt Seen"; flow:established, to_server; content:"saxopUNKNOWNe"; priority:3; metadata:cwe_id 502,cvss_v3_base 6.3,hostile src_ip,created_at 2018-01-13,capec_id 286,updated_at 2018-01-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.5,cve 2018-517675,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:1; sid:80186888;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCESSIBLE CARBON Malware Communication"; flow:established,to_server; content:"carbon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-07,updated_at 2018-01-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186889;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELAXED TENDENCY Malware Communication"; flow:established, to_client; file_data; content:"tendency"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-03-07,updated_at 2019-03-08,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186890;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOSED TENOR Malware Communication"; flow:established, to_client; file_data; content:"tenor"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-04-24,updated_at 2018-04-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186891;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REVOLUTIONARY PRINTER Malware Communication"; flow:established, to_client; file_data; content:"printer"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-06-06,updated_at 2017-06-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186892;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIRTY WOOLEN Malware Communication"; flow:established, to_client; content:"woolen"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-08-27,updated_at 2018-08-27,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186893;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEW EYELID Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"eyelid"; priority:3; metadata:cwe_id 119,cvss_v3_base 7.8,hostile src_ip,created_at 2019-05-06,capec_id 118,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target http-client,attack_target client,cvss_v3_temporal 7.3,cve 2019-9331152,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80186894;) drop tcp any any -> $HOME_NET any (msg:"Acme - GUILTY REAMER Malware Communication"; flow:established; content:"reamer"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-08-11,updated_at 2018-08-13,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tcp; rev:3; sid:80186895;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POPULAR PORTER Malware Communication"; flow:established, to_client; file_data; content:"porter"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-02-09,updated_at 2016-02-10,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186896;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BROKEN CUTTING Malware Communication"; flow:established, to_server; content:"cutting"; priority:2; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-06-27,updated_at 2019-06-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186897;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LEVEL UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 89,cvss_v3_base 7.2,hostile src_ip,created_at 2019-01-12,capec_id 110,updated_at 2019-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.0,cve 2015-1157104,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80186898;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ONLY EARTHQUAKE Malware Communication"; flow:established,to_server; content:"earthquake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-23,updated_at 2018-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186899;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY AMBASSADOR Traffic Detected"; flow:established,to_server; content:"ambassador"; priority:2; metadata:hostile dest_ip,created_at 2019-05-15,updated_at 2019-05-19,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186900;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURPLE SHOW Traffic Detected"; flow:established,to_client; content:"show"; priority:1; metadata:hostile src_ip,created_at 2018-07-20,updated_at 2018-07-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186901;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPOSSIBLE CUTLET Traffic Detected"; flow:established,to_server; content:"cutlet"; priority:1; metadata:hostile dest_ip,created_at 2019-04-16,updated_at 2019-04-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186902;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DETERMINED UNKNOWN Malware Communication"; flow:established,to_server; content:"unknown"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-27,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186903;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BORED IGLOO Malware Communication"; flow:established,to_server; content:"igloo"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-09-17,updated_at 2016-09-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186904;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SORRY MEET Malware Communication"; flow:established, to_server; content:"meet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-06,updated_at 2018-05-08,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186905;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR DIFFERENTIAL Malware Communication"; flow:established, to_client; content:"differential"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-10-09,updated_at 2018-10-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186906;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LUCKY DRIVER Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"driver"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-05-03,updated_at 2018-05-03,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:3; sid:80186907;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRIEVING NOTE Malware Communication"; flow:established,to_server; content:"note"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-01,updated_at 2019-06-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186908;) drop tcp any any -> $HOME_NET any (msg:"Acme - MUTE BADGE Exploitation Attempt Seen"; flow:established,to_server; content:"badge"; priority:2; metadata:cwe_id 119,cvss_v3_base 3.9,hostile src_ip,created_at 2019-07-20,capec_id 253,updated_at 2019-07-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v3_temporal 4.3,cve 2019-7144002,cvss_v2_temporal 4.3,protocols tcp; rev:3; sid:80186909;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWAKE SECTOR Malware Communication"; flow:established,to_server; urilen:<48,norm; content:"sector"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2019-04-25,updated_at 2019-04-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186910;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUSHY PARTY Traffic Detected"; flow:established,to_server; content:"party"; priority:1; metadata:hostile dest_ip,created_at 2019-10-14,updated_at 2019-10-18,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186911;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PUBLIC BAD Traffic Detected"; flow:established,to_server; content:"bad"; priority:1; metadata:hostile dest_ip,created_at 2019-04-06,updated_at 2019-04-14,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186912;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BIOLOGICAL DUNGEON Malware Communication"; flow:established,to_server; content:"dungeon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-22,updated_at 2018-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186913;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFIDENTIAL HEEL Malware Communication"; flow:established, to_client; content:"heel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-11-01,updated_at 2019-11-15,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186914;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELAXED SYCAMORE Exploitation Attempt Seen"; flow:established,to_client; content:"sycamore"; priority:3; metadata:cwe_id 119,cvss_v3_base 2.0,hostile dest_ip,created_at 2018-09-01,capec_id 255,updated_at 2018-09-07,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target tls-server,cvss_v3_temporal 2.0,cve 2017-714885,cvss_v2_temporal 2.0,protocols tls,protocols tcp; rev:2; sid:80186915;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GENETIC INTESTINE Malware Communication"; flow:established, to_server; content:"intestine"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2016-09-13,updated_at 2016-09-27,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186916;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SECONDARY BUCKET Malware Communication"; flow:established,to_server; content:"bucket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-11,updated_at 2019-11-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186917;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FULL ROOSTER Malware Communication"; flow:established,to_client; content:"rooster"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-11-02,updated_at 2019-11-22,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186918;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHOSEN COMPLEX Malware Communication"; flow:established,to_server; content:"complex"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-09,updated_at 2019-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186919;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEERFUL CAPPUCCINO Traffic Detected"; flow:established,to_server; content:"cappuccino"; priority:3; metadata:hostile src_ip,created_at 2018-11-20,capec_id 310,updated_at 2018-11-23,filename scan.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186920;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LONG LUMBER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"lumber"; priority:3; metadata:cwe_id 119,cvss_v3_base 6.8,hostile src_ip,created_at 2016-07-04,capec_id 253,updated_at 2016-07-06,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target http-client,attack_target client,cvss_v3_temporal 8.2,cve 2016-1027946,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80186921;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LIPSTICK Malware Communication"; flow:established,to_server; content:"lipstick"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2018-08-23,updated_at 2018-08-24,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80186922;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISAPPOINTED BLOW Malware Communication"; flow:established,to_client; content:"blow"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-03,updated_at 2018-04-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186923;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IRAQI WORK Malware Communication"; flow:established,to_client; content:"work"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-07,updated_at 2018-03-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186924;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANGRY DESIGNER Malware Communication"; flow:established,to_server; content:"designer"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-01-06,updated_at 2019-01-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186925;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIEF ARTICLE Malware Communication"; flow:established,to_server; content:"article"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-08-09,updated_at 2016-08-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186926;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - COMMERCIAL PRESSURE Malware Communication"; flow:established,to_server; content:"pressure"; priority:4; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-03-09,updated_at 2019-03-16,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:9; sid:80186927;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCITED BANANA Malware Communication"; flow:established,to_server; content:"banana"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-27,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186928;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL UNKNOWN Malware Communication"; flow:established,to_client; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-01-04,updated_at 2019-01-14,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186929;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MONTHLY PROTOCOL Malware Communication"; flow:established,to_server; content:"protocol"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2017-10-15,updated_at 2017-10-24,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186930;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWNSHIP Malware Communication"; flow:established,to_server; content:"UNKNOWNship"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-08,updated_at 2019-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80186931;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEMANTIC PEONY Malware Communication"; flow:established,to_server; content:"peony"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-14,updated_at 2018-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186932;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSISTENT BASKET Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"basket"; priority:2; metadata:cwe_id 22,cvss_v3_base 5.1,hostile src_ip,created_at 2017-02-27,capec_id 213,updated_at 2017-02-27,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cvss_v3_temporal 4.2,cve 2016-5789339,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80186933;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUALIFIED OPIUM Malware Communication"; flow:established,to_server; content:"opium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-25,updated_at 2019-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186934;) drop tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN GEORGE Malware Communication"; flow:established,to_client; content:"george"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-10-15,updated_at 2019-10-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80186935;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBTLE WHEREAS Malware Communication"; flow:established,to_server; content:"whereas"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-20,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186936;) drop http $HOME_NET any -> any any (msg:"Acme - DEAD GREEN Malware Communication"; flow:established,to_server; content:"green"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-05,updated_at 2019-03-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186937;) drop tcp any any -> $HOME_NET any (msg:"Acme - INTENSIVE AUUNKNOWNATON Exploitation Attempt Seen"; flow:established,to_server; content:"auUNKNOWNaton"; priority:2; metadata:cwe_id 502,cvss_v3_base 7.5,hostile src_ip,created_at 2018-04-20,capec_id 248,updated_at 2018-04-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cvss_v3_temporal 7.1,cve 2015-8040367,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:3; sid:80186938;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EQUAL ADVERTISEMENT Malware Communication"; flow:established,to_server; content:"advertisement"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-08-01,updated_at 2019-08-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186939;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPORTANT CLOAKROOM Malware Communication"; flow:established,to_server; content:"cloakroom"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-06,updated_at 2018-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186940;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNSIGHTLY PTARMIGAN Malware Communication"; flow:established,to_server; content:"ptarmigan"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-15,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186941;) reject smtp any any -> $HOME_NET any (msg:"Acme - UNKNOWN PROBATION Exploitation Attempt Seen"; flow:established,to_server; content:"probation"; priority:2; metadata:cwe_id 20,cvss_v3_base 7.3,hostile src_ip,created_at 2019-09-18,capec_id 248,updated_at 2019-09-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target smtp-server,cvss_v3_temporal 6.7,cve 2018-6936647,cvss_v2_temporal 6.7,protocols smtp,protocols tcp; rev:3; sid:80186942;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMMENSE DESTROYER Malware Communication"; flow:established,to_server; content:"destroyer"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-08-15,updated_at 2019-08-28,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186943;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEPENDENT OCCUPATION Malware Communication"; flow:established, to_server; content:"occupation"; priority:3; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2018-10-02,updated_at 2018-10-13,filename adware.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186944;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE VESTMENT Malware Communication"; flow:established,to_server; content:"vestment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-10,updated_at 2016-03-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186945;) drop http any any -> $HOME_NET any (msg:"Acme - RARE CHAMPIONSHIP Exploitation Attempt Seen"; flow:established, to_server; content:"championship"; priority:3; metadata:cwe_id 502,hostile src_ip,created_at 2016-02-12,capec_id 253,updated_at 2016-02-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-3166234,protocols http,protocols tcp; rev:2; sid:80186946;) drop http any any -> $HOME_NET any (msg:"Acme - CONDEMNED UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 502,hostile src_ip,created_at 2018-04-03,capec_id 253,updated_at 2018-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-5087097,protocols http,protocols tcp; rev:2; sid:80186947;) drop http any any -> $HOME_NET any (msg:"Acme - KEY NIGHTINGALE Exploitation Attempt Seen"; flow:established, to_server; content:"nightingale"; priority:3; metadata:cwe_id 502,hostile src_ip,created_at 2016-04-24,capec_id 253,updated_at 2016-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2102973,protocols http,protocols tcp; rev:2; sid:80186948;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BROTHER-IN-LAW Traffic Detected"; flow:established, to_server; content:"brother-in-law"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-10-19,capec_id 213,updated_at 2019-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186949;) drop http any any -> $HOME_NET any (msg:"Acme - PERSISTENT BLOCKER Exploitation Attempt Seen"; flow:established, to_server; content:"blocker"; priority:3; metadata:cwe_id 502,cvss_v3_base 8.2,hostile src_ip,created_at 2018-09-13,capec_id 253,updated_at 2018-09-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target server,attack_target http-server,cvss_v3_temporal 8.6,cve 2017-4961391,cve 2017-4961391,cve 2017-4961391,cve 2017-4961391,cve 2017-4961391,cve 2017-4961391,cve 2017-4961391,cve 2017-4961391,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:3; sid:80186950;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNHAPPY BELL Malware Communication"; flow:established,to_client; content:"bell"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2015-08-15,updated_at 2015-08-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186951;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LOG Exploitation Attempt Seen"; flow:established,to_server; content:"log"; priority:3; metadata:cwe_id 284,cvss_v3_base 10.0,hostile src_ip,created_at 2018-02-20,capec_id 253,updated_at 2018-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target server,attack_target http-server,cvss_v3_temporal 5.9,cve 2018-5422044,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80186952;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARP BEVERAGE Malware Communication"; flow:established,to_server; content:"beverage"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-05-10,updated_at 2016-05-23,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186953;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAIR BEHAVIOR Malware Communication"; flow:established,to_server; content:"behavior"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-05-22,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186954;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNHAPPY RECEIPT Malware Communication"; flow:established,to_server; content:"receipt"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-07-09,updated_at 2019-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186955;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISASTROUS PARSNIP Malware Communication"; flow:established,to_server; content:"parsnip"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-09,updated_at 2019-08-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186956;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WAISTBAND Malware Communication"; flow:established, to_server; content:"waistband"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186957;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRIKING CLASP Malware Communication"; flow:established,to_client; content:"clasp"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-11-05,updated_at 2016-11-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80186958;) alert http any any -> $HOME_NET any (msg:"Acme - VOCATIONAL STOOL Exploitation Attempt Seen"; flow:established, to_server; content:"stool"; priority:3; metadata:hostile dest_ip,created_at 2016-01-16,updated_at 2016-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2015-8949388,protocols http,protocols tcp; rev:3; sid:80186959;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE GOAT Malware Communication"; flow:established,to_server; content:"goat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-13,updated_at 2018-07-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186960;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MIDDLE UNIUNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"uniUNKNOWN"; priority:3; metadata:cwe_id 454,hostile src_ip,created_at 2018-09-07,capec_id 152,updated_at 2018-09-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,attack_target http-server,cve 2016-4690405,cve 2016-4690405,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:1; sid:80186961;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LINEAR UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-16,updated_at 2018-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186962;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRONG FLATBOAT Malware Communication"; flow:established,to_client; content:"flatboat"; priority:1; metadata:cwe_id 434,malware post-infection,hostile src_ip,created_at 2018-01-20,updated_at 2018-01-24,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80186963;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN EDITOR Malware Communication"; flow:established,to_client; content:"editor"; priority:1; metadata:cwe_id 434,malware post-infection,hostile dest_ip,created_at 2019-06-19,updated_at 2019-06-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186964;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRETTY WAIST Malware Communication"; flow:established, to_server; content:"waist"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-18,updated_at 2018-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186965;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNKLY GASTROPOD Malware Communication"; flow:established,to_server; content:"gastropod"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-14,updated_at 2019-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186966;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WRONG GUY Traffic Detected"; flow:established,to_server; content:"guy"; priority:2; metadata:hostile src_ip,created_at 2017-04-11,updated_at 2017-04-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186967;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALIVE TAX Traffic Detected"; flow:established,to_server; content:"tax"; priority:2; metadata:hostile src_ip,created_at 2019-07-12,updated_at 2019-07-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186968;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN GLAND Traffic Detected"; flow:established,to_server; content:"gland"; priority:2; metadata:hostile src_ip,created_at 2019-08-19,updated_at 2019-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186969;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BANDANA Traffic Detected"; flow:established,to_server; content:"bandana"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2017-01-18,capec_id 248,updated_at 2017-01-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v2_temporal 7.9,protocols http,protocols tcp; rev:2; sid:80186970;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WILLING SUNBEAM Traffic Detected"; flow:established,to_server; content:"sunbeam"; priority:2; metadata:cwe_id 434,hostile src_ip,created_at 2017-03-12,capec_id 193,updated_at 2017-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80186971;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXACT DISGUST Traffic Detected"; flow:established,to_server; content:"disgust"; priority:2; metadata:cwe_id 78,hostile src_ip,created_at 2019-10-04,capec_id 248,updated_at 2019-10-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v2_temporal 5.5,protocols http,protocols tcp; rev:2; sid:80186972;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WOODEN HOLD Traffic Detected"; flow:established,to_server; content:"hold"; priority:2; metadata:cwe_id 611,hostile src_ip,created_at 2019-04-20,capec_id 250,updated_at 2019-04-20,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target server,attack_target http-server,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:2; sid:80186973;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SERIOUS TUNE Malware Communication"; flow:established,to_client; content:"tune"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-01-05,updated_at 2016-01-13,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186974;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BRIGHT ELEVATOR Malware Communication"; flow:established,to_server; content:"elevator"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-24,updated_at 2019-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186975;) drop ftp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BAD STRENGTH Malware Communication"; flow:established,to_server; content:"strength"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-11,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,attack_target ftp-client,protocols ftp,protocols tcp; rev:1; sid:80186976;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UPPER SPY Malware Communication"; flow:established, to_server; content:"spy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-03-21,updated_at 2016-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186977;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISERABLE DIGGER Malware Communication"; flow:established,to_server; content:"digger"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-27,updated_at 2017-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80186978;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VERTICAL HILL Malware Communication"; flow:established,to_server; content:"hill"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-09-03,updated_at 2018-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186979;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREPARED SOLITAIRE Malware Communication"; flow:established,to_server; content:"solitaire"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2017-08-10,updated_at 2017-08-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186980;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPENSIVE CARRIER Exploitation Attempt Seen"; flow:established, to_server; content:"carrier"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2016-01-11,capec_id 100,updated_at 2016-01-15,filename rpc.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-3745786,protocols tcp; rev:1; sid:80186981;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENVIRONMENTAL FORESTRY Exploitation Attempt Seen"; flow:established,to_client; content:"forestry"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-20,capec_id 253,updated_at 2019-07-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,attack_target http-client,attack_target client,cve 2019-8279784,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80186982;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURE DRESS Exploitation Attempt Seen"; flow:established,to_client; content:"dress"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-06-20,capec_id 118,updated_at 2017-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target http-client,attack_target client,cve 2016-7850809,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80186983;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRYING DANCING Malware Communication"; flow:established,to_server; content:"dancing"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-25,updated_at 2018-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186984;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVIDENT TOWEL Exploitation Attempt Seen"; flow:established,to_server; content:"towel"; priority:3; metadata:cwe_id 200,hostile dest_ip,created_at 2018-07-09,capec_id 129,updated_at 2018-07-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2018-3784540,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80186985;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONELY FLECK Malware Communication"; flow:established, to_server; content:"fleck"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-24,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186986;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGULAR LATEX Traffic Detected"; flow:established, to_server; content:"latex"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-01-25,capec_id 255,updated_at 2019-01-27,filename netbios.rules,priority low,rule_source acme-rule-factory,protocols tcp; rev:1; sid:80186987;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TAN MORTGAGE Malware Communication"; flow:established, to_server; urilen:6,norm; content:"mortgage"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-26,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186988;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELFISH PROPERTY Traffic Detected"; flow:established,to_client; content:"property"; priority:1; metadata:hostile src_ip,created_at 2019-07-19,updated_at 2019-07-24,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186989;) drop http any any -> $HOME_NET any (msg:"Acme - UNKNOWN DESTROYER Traffic Detected"; flow:established,to_client; content:"destroyer"; priority:2; metadata:hostile src_ip,created_at 2017-06-08,capec_id 310,updated_at 2017-06-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186990;) drop http any any -> $HOME_NET any (msg:"Acme - STEEP MONITOR Malware Communication"; flow:established,to_client; content:"monitor"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-10-20,updated_at 2016-10-26,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186991;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SICK RESPOND Malware Communication"; flow:established,to_server; content:"respond"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile dest_ip,created_at 2018-04-18,updated_at 2018-04-24,filename adware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186992;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WRITTEN ARGUMENT Malware Communication"; flow:established,to_server; content:"argument"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-21,updated_at 2019-06-21,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80186993;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPULSORY FUTON Malware Communication"; flow:established,to_server; content:"futon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-18,updated_at 2019-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186994;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROGRESSIVE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-21,updated_at 2019-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186995;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHALLOW HOOK Malware Communication"; flow:established,to_server; content:"hook"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2019-02-09,updated_at 2019-02-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80186996;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WELCOME PATIENT Malware Communication"; flow:established, to_client; content:"patient"; priority:2; metadata:cwe_id 506,malware post-infection,created_at 2017-01-20,updated_at 2017-01-27,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186997;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STORMY LOVE Malware Communication"; flow:established,to_server; content:"love"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-15,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80186998;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BEWILDERED LIZARD Traffic Detected"; flow:established,to_server; content:"lizard"; priority:3; metadata:hostile src_ip,created_at 2019-05-05,capec_id 100,updated_at 2019-05-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:6; sid:80186999;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JOLLY UNKNOWN-BAR Malware Communication"; flow:established,to_server; content:"UNKNOWN-bar"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-11-12,updated_at 2016-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187000;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPLEX UNKNOWNH Traffic Detected"; flow:established,to_server; content:"UNKNOWNh"; priority:3; metadata:hostile src_ip,created_at 2017-10-13,capec_id 100,updated_at 2017-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80187001;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SAFE BANQUETTE Traffic Detected"; flow:established, to_server; content:"banquette"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2016-05-11,updated_at 2016-05-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80187002;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMAGIUNKNOWN TRANSOM Exploitation Attempt Seen"; flow:established, to_server; content:"transom"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-10-08,capec_id 100,updated_at 2017-10-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target nntp-server,cve 2017-3321108,protocols nntp,protocols tcp; rev:1; sid:80187003;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NINEUNKNOWNTH-CENTURY UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-04-14,capec_id 100,updated_at 2016-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target nntp-server,cve 2015-6414036,protocols nntp,protocols tcp; rev:1; sid:80187004;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DELIGHTFUL HEART-THROB Exploitation Attempt Seen"; flow:established, to_server; content:"heart-throb"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-14,capec_id 123,updated_at 2019-04-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-6303720,protocols tcp; rev:1; sid:80187005;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INTENSIVE REFLECTION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"reflection"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-16,capec_id 100,updated_at 2019-08-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6639120,protocols http,protocols tcp; rev:2; sid:80187006;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HYDROFOIL Malware Communication"; flow:established,to_client; content:"hydrofoil"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-01-13,updated_at 2017-01-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187007;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNSIGHTLY PARTICIPANT Exploitation Attempt Seen"; flow:established, to_server; content:"participant"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2015-11-16,capec_id 100,updated_at 2015-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-1617041,protocols tcp; rev:1; sid:80187008;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CANOPY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"canopy"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-04-25,capec_id 253,updated_at 2019-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-9404062,protocols http,protocols tcp; rev:2; sid:80187009;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - CLOSED DISCIPLINE Exploitation Attempt Seen"; flow:established, to_server; content:"discipline"; priority:3; metadata:cwe_id 89,cwe_id 399,cwe_id 119,hostile src_ip,created_at 2019-06-04,updated_at 2019-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cve 2016-9484907,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:1; sid:80187010;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHOCKED FILE Exploitation Attempt Seen"; flow:established, to_server; content:"file"; priority:3; metadata:cwe_id 89,cwe_id 399,cwe_id 119,hostile src_ip,created_at 2019-01-21,capec_id 66,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,attack_target database-server,attack_target http-server,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cve 2018-9106029,cvss_v2_temporal 4.7,protocols http,protocols tcp; rev:1; sid:80187011;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - YOUNG BEHEST Exploitation Attempt Seen"; flow:established, to_server; content:"behest"; priority:3; metadata:cwe_id 89,cwe_id 399,cwe_id 119,hostile src_ip,created_at 2017-08-17,capec_id 66,updated_at 2017-08-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target server,attack_target database-server,attack_target http-server,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cve 2017-6861988,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:1; sid:80187012;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIAL GOODIE Exploitation Attempt Seen"; flow:established, to_server; content:"goodie"; priority:3; metadata:cwe_id 89,cwe_id 399,cwe_id 119,hostile src_ip,created_at 2018-08-13,capec_id 66,updated_at 2018-08-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cve 2018-1055914,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:1; sid:80187013;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROSPECTIVE CHORD Exploitation Attempt Seen"; flow:established, to_client; content:"chord"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-04-24,capec_id 100,updated_at 2018-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-8864522,protocols http,protocols tcp; rev:1; sid:80187014;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENDER EMERY Exploitation Attempt Seen"; flow:established,to_client; content:"emery"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-01-14,capec_id 118,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cve 2016-4129064,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80187015;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANGRY PANDA Malware Communication"; flow:established,to_server; content:"panda"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-11-07,updated_at 2016-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187016;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMILIAR FRAUDSTER Exploitation Attempt Seen"; flow:established, to_server; content:"fraudster"; priority:3; metadata:cwe_id 425,hostile src_ip,created_at 2018-08-22,capec_id 310,updated_at 2018-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.3,attack_target server,attack_target http-server,cve 2018-1313800,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:2; sid:80187017;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSISTENT KEY Malware Communication"; flow:established; content:"key"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2018-06-07,updated_at 2018-06-11,filename acme.rules,priority high,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:5; sid:80187018;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CUPBOARD Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"cupboard"; priority:2; metadata:cwe_id 200,hostile src_ip,created_at 2018-10-04,capec_id 182,updated_at 2018-10-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target http-client,attack_target client,cve 2016-9298693,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80187019;) #alert http any any -> $HOME_NET any (msg:"Acme - DESPERATE UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2017-05-24,capec_id 66,updated_at 2017-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187020;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RED SAD Malware Communication"; flow:established,to_server; content:"sad"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-05,updated_at 2018-07-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187021;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - RELAXED HEADREST Exploitation Attempt Seen"; flow:established, to_client; content:"headrest"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-02-13,capec_id 100,updated_at 2018-02-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-3557509,protocols http,protocols tcp; rev:1; sid:80187022;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - POSSIBLE LOTION Exploitation Attempt Seen"; flow:established, to_client; content:"lotion"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-05-16,capec_id 253,updated_at 2019-05-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-539592,cve 2018-539592,cve 2018-539592,protocols http,protocols tcp; rev:1; sid:80187023;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTINGUISHED SPECTACLES Exploitation Attempt Seen"; flow:established, to_client; content:"spectacles"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-07-01,capec_id 100,updated_at 2018-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-client,attack_target client,cve 2016-5777118,protocols imap,protocols tcp; rev:2; sid:80187024;) #drop tcp $EXTERNAL_NET any -> any any (msg:"Acme - UNKNOWN LONELINESS Exploitation Attempt Seen"; flow:established, to_server; content:"loneliness"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-21,capec_id 100,updated_at 2019-07-21,filename smtp.rules,priority low,rule_source acme-rule-factory,cve 2019-2152387,protocols smtp,protocols tcp; rev:1; sid:80187025;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUITABLE RECOMMENDATION Exploitation Attempt Seen"; flow:established, to_server; content:"recommendation"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-02,capec_id 100,updated_at 2019-07-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,cve 2016-1876447,protocols smtp,protocols tcp; rev:1; sid:80187026;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DULL PLAYER Malware Communication"; flow:established,to_client; content:"player"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-10-01,updated_at 2019-10-07,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187027;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELFISH UNKNOWNWATCH Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWNwatch"; priority:3; metadata:cwe_id 78,hostile src_ip,created_at 2017-04-07,capec_id 253,updated_at 2017-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-4893787,protocols http,protocols tcp; rev:2; sid:80187028;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLID CROUP Exploitation Attempt Seen"; flow:established, to_server; content:"croup"; priority:3; metadata:cwe_id 94,created_at 2019-04-05,updated_at 2019-04-19,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2019-6179416,protocols smb,protocols tcp; rev:1; sid:80187029;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRAB DIGITAL Exploitation Attempt Seen"; flow:established, to_server; content:"digital"; priority:3; metadata:cwe_id 94,hostile dest_ip,created_at 2019-04-03,capec_id 100,updated_at 2019-04-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-client,attack_target client,cve 2019-3716812,protocols smb,protocols tcp; rev:1; sid:80187030;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LEAD Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"lead"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-06-15,capec_id 253,updated_at 2019-06-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-9983655,protocols http,protocols tcp; rev:2; sid:80187031;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALRIGHT GEOLOGY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"geology"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-02-11,capec_id 253,updated_at 2018-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-4946446,protocols http,protocols tcp; rev:2; sid:80187032;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - RAPID OAR Malware Communication"; flow:established, to_client; content:"oar"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2018-10-06,updated_at 2018-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187033;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISTY PRIVATE Traffic Detected"; flow:established, to_server; content:"private"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-05-22,capec_id 213,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80187034;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COOPERATIVE DICTIONARY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"dictionary"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-03-04,capec_id 253,updated_at 2019-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-8628723,protocols http,protocols tcp; rev:2; sid:80187035;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAD TACHOMETER Exploitation Attempt Seen"; flow:established, to_server; content:"tachometer"; priority:3; metadata:cwe_id 16,created_at 2019-04-07,updated_at 2019-04-07,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-2297672,protocols http,protocols tcp; rev:2; sid:80187036;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEARBY UNIUNKNOWN Traffic Detected"; flow:established, to_client; file_data; content:"uniUNKNOWN"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2015-09-25,capec_id 63,updated_at 2015-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187037;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2015-05-25,capec_id 242,updated_at 2015-05-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187038;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUED THEATER Traffic Detected"; flow:established, to_client; content:"theater"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-11-12,capec_id 248,updated_at 2019-11-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187039;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXACT LEPROSY Traffic Detected"; flow:established, to_server; content:"leprosy"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2017-09-03,capec_id 100,updated_at 2017-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80187040;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SPONTANEOUS GRADE Exploitation Attempt Seen"; flow:established, to_client; content:"grade"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-02-18,capec_id 100,updated_at 2015-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-1589426,protocols http,protocols tcp; rev:1; sid:80187041;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - LOCAL DEPUTY Malware Communication"; flow:established, to_client; content:"deputy"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2016-07-25,updated_at 2016-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187042;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EAGER DIPLOMA Traffic Detected"; flow:established, to_client; file_data; content:"diploma"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2019-08-06,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187043;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - COMMERCIAL CONIFER Traffic Detected"; flow:established, to_client; content:"conifer"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2018-05-17,updated_at 2018-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187044;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - AVAILABLE LOBSTER Malware Communication"; flow:established, to_client; content:"lobster"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2019-04-17,updated_at 2019-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187045;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - GOOD LANAI Malware Communication"; flow:established, to_client; content:"lanai"; priority:3; metadata:cwe_id 506,malware malware,hostile src_ip,created_at 2019-08-25,updated_at 2019-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187046;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLUSHING PYJAMA Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pyjama"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-11-24,capec_id 100,updated_at 2016-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-2697544,protocols http,protocols tcp; rev:2; sid:80187047;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WIDE-EYED MOUND Exploitation Attempt Seen"; flow:established, to_server; content:"mound"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-01-12,capec_id 165,updated_at 2018-01-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2293654,protocols http,protocols tcp; rev:1; sid:80187048;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - NEGATIVE BESTSELLER Exploitation Attempt Seen"; flow:established, to_server; content:"bestseller"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-07-27,capec_id 118,updated_at 2019-07-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-3394499,protocols http,protocols tcp; rev:1; sid:80187049;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIRCULAR COMMISSION Traffic Detected"; flow:established, to_client; file_data; content:"commission"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-05-26,updated_at 2019-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187050;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIVELY BIRD-WATCHER Traffic Detected"; flow:established, to_client; file_data; content:"bird-watcher"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2017-05-16,updated_at 2017-05-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187051;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAR DARK Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"dark"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-07-07,capec_id 100,updated_at 2016-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-918189,protocols http,protocols tcp; rev:2; sid:80187052;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEAP ALIBI Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"alibi"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-09-09,capec_id 100,updated_at 2018-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-6633935,protocols http,protocols tcp; rev:2; sid:80187053;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OVERALL SALOON Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"saloon"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-02,capec_id 100,updated_at 2019-07-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4682032,protocols http,protocols tcp; rev:2; sid:80187054;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINEAR CITY Exploitation Attempt Seen"; flow:established, to_server; content:"city"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-01,capec_id 100,updated_at 2019-08-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target database-server,attack_target server,cve 2019-8950702,protocols tcp; rev:1; sid:80187055;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREFERRED BRIBERY Exploitation Attempt Seen"; flow:established, to_server; content:"bribery"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2015-09-02,capec_id 119,updated_at 2015-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-60717,protocols http,protocols tcp; rev:2; sid:80187056;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALTERUNKNOWN UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-27,updated_at 2017-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187057;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WORRYING RECREATION Traffic Detected"; flow:established,to_server; content:"recreation"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-03-21,capec_id 63,updated_at 2019-03-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187058;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TABERNACLE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"tabernacle"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-05,capec_id 100,updated_at 2019-09-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-7146384,protocols http,protocols tcp; rev:2; sid:80187059;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXCELLENT CUPCAKE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"cupcake"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-10-19,capec_id 253,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-8914870,protocols http,protocols tcp; rev:2; sid:80187060;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASHIONABLE DIRECTION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"direction"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-07-13,capec_id 100,updated_at 2015-07-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-4887299,protocols http,protocols tcp; rev:2; sid:80187061;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIME SHORTS Traffic Detected"; flow:established, to_server; content:"shorts"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2017-10-24,capec_id 63,updated_at 2017-10-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187062;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANUAL EDITOR Traffic Detected"; flow:established, to_server; content:"editor"; priority:3; metadata:hostile src_ip,created_at 2018-04-06,capec_id 253,updated_at 2018-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187063;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY POUND Traffic Detected"; flow:established, to_client; file_data; content:"pound"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-03-19,capec_id 100,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187064;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIVERSE LEI Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"lei"; priority:3; metadata:hostile src_ip,created_at 2016-06-24,capec_id 253,updated_at 2016-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-1933110,protocols http,protocols tcp; rev:2; sid:80187065;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ENTHUSIASTIC IRON Traffic Detected"; flow:established, to_server; content:"iron"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2015-01-27,capec_id 100,updated_at 2015-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187066;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENDER JELLYFISH Traffic Detected"; flow:established, to_server; content:"jellyfish"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2017-09-24,capec_id 100,updated_at 2017-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187067;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DRUNK HABIT Traffic Detected"; flow:established, to_server; content:"habit"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2018-02-08,capec_id 100,updated_at 2018-02-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187068;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD-FASHIONED MORTGAGE Traffic Detected"; flow:established, to_server; content:"mortgage"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2015-03-06,capec_id 100,updated_at 2015-03-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187069;) #alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - SUPPOSED SARONG Traffic Detected"; flow:established, to_server; content:"sarong"; priority:3; metadata:created_at 2017-01-02,capec_id 253,updated_at 2017-01-12,filename scada.rules,priority low,rule_source acme-rule-factory,protocols modbus,protocols tcp; rev:1; sid:80187070;) #alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - POLITE CENTURY Traffic Detected"; flow:established, to_server; content:"century"; priority:3; metadata:created_at 2016-10-20,updated_at 2016-10-26,filename scada.rules,priority low,rule_source acme-rule-factory,protocols modbus,protocols tcp; rev:1; sid:80187071;) #alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - GIGANTIC HURDLER Traffic Detected"; flow:established, to_server; content:"hurdler"; priority:3; metadata:created_at 2019-07-03,updated_at 2019-07-22,filename scada.rules,priority low,rule_source acme-rule-factory,protocols modbus,protocols tcp; rev:1; sid:80187072;) #alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - MANUAL LINSEED Traffic Detected"; flow:established, to_server; content:"linseed"; priority:3; metadata:created_at 2017-01-12,updated_at 2017-01-18,filename scada.rules,priority low,rule_source acme-rule-factory,protocols modbus,protocols tcp; rev:1; sid:80187073;) #alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - CALM UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:created_at 2018-05-12,updated_at 2018-05-23,filename scada.rules,priority low,rule_source acme-rule-factory,protocols modbus,protocols tcp; rev:1; sid:80187074;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLAR SHACK Traffic Detected"; flow:established, to_server; content:"shack"; priority:3; metadata:created_at 2017-02-19,capec_id 232,updated_at 2017-02-23,filename scada.rules,priority low,rule_source acme-rule-factory,protocols modbus,protocols tcp; rev:1; sid:80187075;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FRAGILE MALLET Traffic Detected"; flow:established, to_server; content:"mallet"; priority:3; metadata:created_at 2018-10-15,capec_id 232,updated_at 2018-10-22,filename scada.rules,priority low,rule_source acme-rule-factory,protocols modbus,protocols tcp; rev:1; sid:80187076;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GLIDING Exploitation Attempt Seen"; flow:established, to_server; content:"gliding"; priority:3; metadata:cwe_id 22,cwe_id 399,hostile src_ip,created_at 2019-05-12,capec_id 119,updated_at 2019-05-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-7268673,cve 2019-7268673,cve 2019-7268673,cve 2019-7268673,cve 2019-7268673,protocols tcp; rev:1; sid:80187077;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEPENDENT MOWER Exploitation Attempt Seen"; flow:established, to_client; content:"mower"; priority:3; metadata:cwe_id 122,created_at 2019-10-25,updated_at 2019-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.0,cve 2019-973493,cvss_v2_temporal 5.2,protocols pop,protocols tcp; rev:1; sid:80187078;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINE POPSICLE Exploitation Attempt Seen"; flow:established, to_server; content:"popsicle"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2016-05-08,updated_at 2016-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,cve 2015-7236495,cvss_v2_temporal 1.8,protocols http,protocols tcp; rev:3; sid:80187079;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UPSET VIRUS Exploitation Attempt Seen"; flow:established, to_client; content:"virus"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2019-03-05,updated_at 2019-03-08,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.8,attack_target imap-client,attack_target client,cve 2019-5234430,cvss_v2_temporal 3.9,protocols imap,protocols tcp; rev:1; sid:80187080;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RADICAL RECIPE Exploitation Attempt Seen"; flow:established, to_server; content:"recipe"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2017-05-04,updated_at 2017-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target server,attack_target smtp-server,cve 2017-1537167,cvss_v2_temporal 2.7,protocols smtp,protocols tcp; rev:1; sid:80187081;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BASIC BOLT Exploitation Attempt Seen"; flow:established, to_server; content:"bolt"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2018-01-01,updated_at 2018-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,cve 2018-1961097,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:2; sid:80187082;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IDEAL SEAGULL Exploitation Attempt Seen"; flow:established, to_server; content:"seagull"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-11-18,updated_at 2019-11-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.4,attack_target server,attack_target smtp-server,cve 2019-4982161,cvss_v2_temporal 6.3,protocols smtp,protocols tcp; rev:1; sid:80187083;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONVINCED DIFFERENTIAL Traffic Detected"; flow:established, to_client; file_data; content:"differential"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-01-24,updated_at 2018-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187084;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REMAINING WOMBAT Malware Communication"; flow:established, to_server; content:"wombat"; priority:3; metadata:cwe_id 200,malware malware,hostile src_ip,created_at 2019-11-07,updated_at 2019-11-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187085;) #alert tcp any any -> $HOME_NET any (msg:"Acme - GRAND CANCEL Exploitation Attempt Seen"; flow:established, to_server; content:"cancel"; priority:3; metadata:hostile src_ip,created_at 2019-03-27,capec_id 100,updated_at 2019-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-5226599,protocols tcp; rev:2; sid:80187086;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN INITIATIVE Exploitation Attempt Seen"; flow:established, to_server; content:"initiative"; priority:3; metadata:hostile src_ip,created_at 2019-05-12,updated_at 2019-05-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-5266441,protocols tcp; rev:1; sid:80187087;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FOOLISH FIND Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"find"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-06-07,capec_id 253,updated_at 2019-06-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-6305081,protocols http,protocols tcp; rev:2; sid:80187088;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALRIGHT BATHTUB Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"bathtub"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-10-06,capec_id 253,updated_at 2017-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-7273312,protocols http,protocols tcp; rev:2; sid:80187089;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LOT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"lot"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-05-10,capec_id 253,updated_at 2018-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-923689,protocols http,protocols tcp; rev:2; sid:80187090;) drop http $HOME_NET any -> any any (msg:"Acme - CONSTANT HIGH-RISE Malware Communication"; flow:established,to_server; content:"high-rise"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-02,updated_at 2019-06-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187091;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANUAL TRASH Traffic Detected"; flow:established, to_server; content:"trash"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-06-27,capec_id 119,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187092;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SNOWMOBILING Traffic Detected"; flow:established,to_server; content:"snowmobiling"; priority:3; metadata:created_at 2018-11-03,capec_id 63,updated_at 2018-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187093;) #alert tcp any any -> $HOME_NET any (msg:"Acme - TENDER GRASSLAND Exploitation Attempt Seen"; flow:established, to_client; content:"grassland"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2015-02-05,capec_id 128,updated_at 2015-02-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,attack_target dns-client,cve 2015-7128734,protocols dns,protocols tcp; rev:1; sid:80187094;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCESSIBLE POLO Traffic Detected"; flow:established,to_server; content:"polo"; priority:3; metadata:hostile src_ip,created_at 2016-02-19,capec_id 66,updated_at 2016-02-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80187095;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNUSUAL MARSH Traffic Detected"; flow:established, to_server; content:"marsh"; priority:3; metadata:hostile src_ip,created_at 2018-10-10,capec_id 66,updated_at 2018-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187096;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REMOTE SUBUNKNOWN Traffic Detected"; flow:established, to_server; content:"subUNKNOWN"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2016-04-02,capec_id 115,updated_at 2016-04-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187097;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMOOTH RUGBY Traffic Detected"; flow:established, to_client; file_data; content:"rugby"; priority:3; metadata:hostile src_ip,created_at 2017-11-06,capec_id 253,updated_at 2017-11-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187098;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERESTED PANSY Malware Communication"; flow:established, to_server; content:"pansy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-01-05,updated_at 2015-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187099;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMART ROTATE Malware Communication"; flow:established,to_server; content:"rotate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-20,updated_at 2019-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187100;) #alert tcp any any -> any any (msg:"Acme - RATIONAL ARTICLE Traffic Detected"; flow:established, to_server; content:"article"; priority:3; metadata:cwe_id 657,created_at 2017-04-03,updated_at 2017-04-04,filename acme.rules,priority low,rule_source acme-rule-factory,protocols ssh,protocols tcp; rev:1; sid:80187101;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CREEPY GOVERNANCE Malware Communication"; flow:established, to_server; content:"governance"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-11,updated_at 2018-09-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187102;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SIMPLE MANIAC Malware Communication"; flow:established, to_server; content:"maniac"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-05,updated_at 2019-05-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187103;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PAST RESOLVE Malware Communication"; flow:established,to_server; content:"resolve"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-14,updated_at 2018-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187104;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIDDLE CRYSTALLOGRAPHY Malware Communication"; flow:established, to_server; content:"crystallography"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-07,updated_at 2017-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187105;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN TRIPOD Exploitation Attempt Seen"; flow:established,to_client; content:"tripod"; priority:3; metadata:cwe_id 843,hostile src_ip,created_at 2019-05-20,capec_id 152,updated_at 2019-05-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cve 2018-4306975,cvss_v2_temporal 8.7,protocols http,protocols tcp; rev:2; sid:80187106;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PROCEDURE Exploitation Attempt Seen"; flow:established, to_server; content:"procedure"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2015-08-16,capec_id 100,updated_at 2015-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,cve 2015-8089513,protocols imap,protocols tcp; rev:1; sid:80187107;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEVELOPING SAIL Traffic Detected"; flow:established,to_server; content:"sail"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-01-12,capec_id 248,updated_at 2019-01-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187108;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GOOD YOGURT Traffic Detected"; flow:established,to_server; content:"yogurt"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-06-23,capec_id 248,updated_at 2018-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187109;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVERSE SLEEP Malware Communication"; flow:established, to_server; urilen:33,norm; content:"sleep"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-08-24,updated_at 2018-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187110;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIGH RUBRIC Malware Communication"; flow:established, to_server; urilen:33,norm; content:"rubric"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187111;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LATE OBOE Malware Communication"; flow:established, to_server; urilen:33,norm; content:"oboe"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-20,updated_at 2018-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187112;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RUBBER SENTENCE Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"sentence"; priority:2; metadata:cwe_id 119,hostile src_ip,created_at 2017-03-21,capec_id 129,updated_at 2017-03-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target http-client,attack_target client,cve 2017-7107259,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80187113;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPLEX FALLING-OUT Malware Communication"; flow:established,to_server; content:"falling-out"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2015-04-08,updated_at 2015-04-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187114;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MILLISECOND Malware Communication"; flow:established,to_server; content:"millisecond"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-01,updated_at 2019-10-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187115;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SAFE OWL Malware Communication"; flow:established,to_client; ssl_state:server_hello; content:"owl"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-07-02,updated_at 2019-07-13,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:4; sid:80187116;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILLY CAUTION Traffic Detected"; flow:established, to_client; file_data; content:"caution"; priority:3; metadata:cwe_id 89,created_at 2015-04-04,capec_id 242,updated_at 2015-04-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187117;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLEAMING PUSH Malware Communication"; flow:established,to_client; file_data; content:"push"; priority:4; metadata:cwe_id 89,malware pre-infection,hostile src_ip,created_at 2019-04-26,updated_at 2019-04-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187118;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRAZY TYPEWRITER Exploitation Attempt Seen"; flow:established, to_server; content:"typewriter"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2016-03-12,capec_id 248,updated_at 2016-03-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-7394292,protocols tcp; rev:1; sid:80187119;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUTUAL PREPARATION Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"preparation"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-09-13,capec_id 118,updated_at 2019-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cve 2019-7086888,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80187120;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECIFIC CHIME Malware Communication"; flow:established, to_server; content:"chime"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-12,updated_at 2018-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187121;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELATIVE PINWORM Malware Communication"; flow:established, to_server; content:"pinworm"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-09,updated_at 2019-08-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187122;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIMARY OMELET Malware Communication"; flow:established, to_server; content:"omelet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-18,updated_at 2019-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187123;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREEK SCHOOL Malware Communication"; flow:established, to_server; content:"school"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-16,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187124;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSERVATION JEEP Malware Communication"; flow:established, to_server; content:"jeep"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187125;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTACT FLASH Malware Communication"; flow:established, to_server; content:"flash"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-04,updated_at 2018-03-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187126;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRECIOUS ARCHEOLOGY Malware Communication"; flow:established,to_server; content:"archeology"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-08,updated_at 2017-01-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187127;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MONETARY HALL Malware Communication"; flow:established,to_client; file_data; content:"hall"; priority:1; metadata:cwe_id 89,malware post-infection,hostile dest_ip,created_at 2018-08-20,updated_at 2018-08-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187128;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - APPLICABLE LUNCHROOM Traffic Detected"; flow:established,to_server; content:"lunchroom"; priority:3; metadata:hostile src_ip,created_at 2018-02-06,capec_id 63,updated_at 2018-02-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187129;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HARSH CROOK Malware Communication"; flow:established,to_client; file_data; content:"crook"; priority:1; metadata:cwe_id 89,malware post-infection,hostile dest_ip,created_at 2017-10-05,updated_at 2017-10-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187130;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MENTAL ODOMETER Malware Communication"; flow:established,to_client; file_data; content:"odometer"; priority:4; metadata:cwe_id 89,malware pre-infection,hostile src_ip,created_at 2019-05-05,updated_at 2019-05-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187131;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DETERMINED CLASP Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"clasp"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-10-18,capec_id 253,updated_at 2017-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6962154,protocols http,protocols tcp; rev:2; sid:80187132;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTENT COW Exploitation Attempt Seen"; flow:established, to_client; content:"cow"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-03-20,updated_at 2019-03-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2017-1481482,protocols tcp; rev:1; sid:80187133;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREEK PRESSURE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"pressure"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2019-08-06,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-5581256,protocols http,protocols tcp; rev:2; sid:80187134;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROBABLE DRESS Exploitation Attempt Seen"; flow:established, to_client; content:"dress"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2019-04-16,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2019-5556465,protocols tcp; rev:1; sid:80187135;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ELABORATE AGREEMENT Exploitation Attempt Seen"; flow:established, to_client; content:"agreement"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2019-04-05,updated_at 2019-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2017-4346029,protocols tcp; rev:1; sid:80187136;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUSICAL COURSE Traffic Detected"; flow:established,to_server; content:"course"; priority:4; metadata:cwe_id 89,hostile src_ip,created_at 2017-06-08,capec_id 66,updated_at 2017-06-09,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187137;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OBLIGATION Exploitation Attempt Seen"; flow:established, to_client; content:"obligation"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-02-13,capec_id 253,updated_at 2019-02-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-1674864,protocols http,protocols tcp; rev:1; sid:80187138;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIME CONCENTRATE Traffic Detected"; flow:established, to_server; content:"concentrate"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2017-03-16,capec_id 66,updated_at 2017-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:5; sid:80187139;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMBARRASSING INNERVATION Traffic Detected"; flow:established, to_server; content:"innervation"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-01-06,capec_id 100,updated_at 2019-01-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187140;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEPARATE LANTERN Exploitation Attempt Seen"; flow:established, to_client; content:"lantern"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-04-01,capec_id 123,updated_at 2015-04-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2015-1058377,protocols tcp; rev:1; sid:80187141;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CREATIVE PERIODICAL Exploitation Attempt Seen"; flow:established, to_server; content:"periodical"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-10,capec_id 100,updated_at 2019-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-1589986,protocols http,protocols tcp; rev:2; sid:80187142;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FORTHCOMING FIR Exploitation Attempt Seen"; flow:established, to_server; content:"fir"; priority:4; metadata:cwe_id 119,hostile src_ip,created_at 2016-09-17,capec_id 123,updated_at 2016-09-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-3670875,protocols http,protocols tcp; rev:2; sid:80187143;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SYMPATHETIC LIGHTNING Malware Communication"; flow:established, to_server; content:"lightning"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-21,updated_at 2019-04-21,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187144;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WRITTEN WINTER Malware Communication"; flow:established, to_server; content:"winter"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-04,updated_at 2019-03-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187145;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TALL BELL Malware Communication"; flow:established, to_server; content:"bell"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-26,updated_at 2019-03-26,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187146;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLOSED CONDOMINIUM Malware Communication"; flow:established, to_server; content:"condominium"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-24,updated_at 2019-09-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187147;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GALN Exploitation Attempt Seen"; flow:established,to_client; content:"galn"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-01-14,capec_id 100,updated_at 2018-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cve 2017-6334728,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80187148;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FISCAL CREAM Traffic Detected"; flow:established, to_server; content:"cream"; priority:3; metadata:cwe_id 657,created_at 2016-08-06,updated_at 2016-08-12,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187149;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PURE BLADDER Malware Communication"; flow:established, to_server; content:"bladder"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-22,updated_at 2017-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187150;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - QUICK ATTEMPT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"attempt"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-09-16,capec_id 253,updated_at 2018-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-4635465,cve 2018-4635465,protocols http,protocols tcp; rev:2; sid:80187151;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWNY BONUS Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"bonus"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-06-08,capec_id 253,updated_at 2019-06-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-4893873,protocols http,protocols tcp; rev:2; sid:80187152;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CRITICAL STEW Exploitation Attempt Seen"; flow:established, to_client; content:"stew"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-02-11,capec_id 255,updated_at 2017-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2016-4429522,protocols tcp; rev:1; sid:80187153;) #alert tcp $EXTERNAL_NET any -> any any (msg:"Acme - ORANGE FOUNTAIN Exploitation Attempt Seen"; flow:established, to_server; content:"fountain"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-20,capec_id 255,updated_at 2019-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2017-8467916,protocols tcp; rev:1; sid:80187154;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BITTER TOGA Traffic Detected"; flow:established, to_client; file_data; content:"toga"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-09-25,capec_id 100,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187155;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAJOR PERSONALITY Malware Communication"; flow:established,to_client; file_data; content:"personality"; priority:1; metadata:cwe_id 89,malware post-infection,hostile dest_ip,created_at 2017-02-25,updated_at 2017-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187156;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNCONSCIOUS CASEMENT Exploitation Attempt Seen"; flow:established, to_server; content:"casement"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-02-14,capec_id 213,updated_at 2018-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target server,attack_target http-server,cve 2018-6641917,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:2; sid:80187157;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMUSED COMPASSION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"compassion"; priority:3; metadata:cwe_id 121,cwe_id 623,hostile src_ip,created_at 2018-01-11,capec_id 253,updated_at 2018-01-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cve 2016-3178569,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:3; sid:80187158;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FISCAL STAND Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"stand"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-08-25,capec_id 248,updated_at 2018-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-355945,protocols http,protocols tcp; rev:2; sid:80187159;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUOUS FEDELINI Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"fedelini"; priority:3; metadata:hostile src_ip,created_at 2016-05-11,capec_id 253,updated_at 2016-05-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-757403,protocols http,protocols tcp; rev:2; sid:80187160;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VERTICAL TALE Exploitation Attempt Seen"; flow:established, to_client; content:"tale"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2016-08-26,updated_at 2016-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2015-2701044,protocols tcp; rev:1; sid:80187161;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELATIVE GAZELLE Exploitation Attempt Seen"; flow:established, to_client; content:"gazelle"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-02,capec_id 100,updated_at 2019-08-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-9688398,protocols http,protocols tcp; rev:1; sid:80187162;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVERYDAY LANDMINE Malware Communication"; flow:established,to_server; content:"landmine"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-18,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187163;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUARE OCTET Malware Communication"; flow:established, to_server; content:"octet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-11,updated_at 2019-08-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187164;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE CLOUDBURST Malware Communication"; flow:established, to_server; content:"cloudburst"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-08-12,updated_at 2018-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187165;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MELODIC INSTUNKNOWNENTALIST Exploitation Attempt Seen"; flow:established, to_server; content:"instUNKNOWNentalist"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-01-12,capec_id 248,updated_at 2017-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target server,attack_target http-server,cve 2016-6630940,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80187166;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN PRODUCT Exploitation Attempt Seen"; flow:established, to_server; content:"product"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-06-23,capec_id 100,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-9048014,cve 2018-9048014,protocols http,protocols tcp; rev:1; sid:80187167;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIEVED SHIELD Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"shield"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-09-03,capec_id 253,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-5045387,protocols http,protocols tcp; rev:2; sid:80187168;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COGNITIVE ALPACA Traffic Detected"; flow:established, to_client; file_data; content:"alpaca"; priority:3; metadata:hostile src_ip,created_at 2019-03-14,capec_id 253,updated_at 2019-03-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187169;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EVOLUTIONARY BALALAIKA Traffic Detected"; flow:established, to_client; file_data; content:"balalaika"; priority:3; metadata:hostile src_ip,created_at 2019-09-20,capec_id 253,updated_at 2019-09-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187170;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPERIAL UNKNOWNBOARD Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNboard"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2019-09-02,updated_at 2019-09-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-4029222,protocols http,protocols tcp; rev:2; sid:80187171;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CORRESPONDING EMERY Traffic Detected"; flow:established, to_server; content:"emery"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2018-09-23,capec_id 100,updated_at 2018-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80187172;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCARY RADISH Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"radish"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2019-02-01,capec_id 255,updated_at 2019-02-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-843250,protocols http; rev:2; sid:80187173;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUBSTANTIAL SUN Exploitation Attempt Seen"; flow:established, to_server; content:"sun"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2019-03-23,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target rpc-server,attack_target server,cve 2018-481922,protocols rpc,protocols tcp; rev:1; sid:80187174;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SIGNATURE Malware Communication"; flow:established, to_server; content:"signature"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-13,updated_at 2017-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187175;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN OX Exploitation Attempt Seen"; flow:established, to_server; content:"ox"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-10-22,capec_id 248,updated_at 2017-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-8532716,protocols tcp; rev:1; sid:80187176;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RATIONAL CABBAGE Exploitation Attempt Seen"; flow:established, to_server; content:"cabbage"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-07-12,capec_id 100,updated_at 2019-07-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2017-2031251,protocols smb,protocols tcp; rev:1; sid:80187177;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAVY STICK Exploitation Attempt Seen"; flow:established, to_server; content:"stick"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-07-14,capec_id 100,updated_at 2018-07-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2018-97032,protocols smb,protocols tcp; rev:1; sid:80187178;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN STORE Exploitation Attempt Seen"; flow:established, to_server; content:"store"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-05-05,capec_id 100,updated_at 2017-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2015-8901009,protocols smb,protocols tcp; rev:1; sid:80187179;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CURVED CONCRETE Exploitation Attempt Seen"; flow:established, to_server; content:"concrete"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-11-25,capec_id 100,updated_at 2019-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2017-9881311,protocols smb,protocols tcp; rev:1; sid:80187180;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOSE FORMAL Exploitation Attempt Seen"; flow:established, to_server; content:"formal"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-06-09,capec_id 100,updated_at 2018-06-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2018-5251974,protocols smb,protocols tcp; rev:1; sid:80187181;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PUBLIC LANAI Exploitation Attempt Seen"; flow:established, to_server; content:"lanai"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2016-05-01,capec_id 100,updated_at 2016-05-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2015-8505485,protocols smb,protocols tcp; rev:1; sid:80187182;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DOUBTFUL BLIZZARD Exploitation Attempt Seen"; flow:established, to_server; content:"blizzard"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-08-13,capec_id 100,updated_at 2018-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2018-3886036,protocols smb,protocols tcp; rev:1; sid:80187183;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOISY UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-01-20,capec_id 100,updated_at 2018-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target smb-server,attack_target server,cve 2018-1706332,protocols smb,protocols tcp; rev:1; sid:80187184;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILLY SIDECAR Exploitation Attempt Seen"; flow:established, to_server; content:"sidecar"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-03-15,capec_id 100,updated_at 2017-03-28,filename scada.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2015-5821741,protocols tcp; rev:1; sid:80187185;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AUNKNOWNIC CRICKET Malware Communication"; flow:established,to_server; content:"cricket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-19,updated_at 2018-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187186;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HORIZONTAL PROTOCOL Malware Communication"; flow:established, to_server; content:"protocol"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-04,updated_at 2018-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187187;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOICELESS VENOM Exploitation Attempt Seen"; flow:established, to_client; content:"venom"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-03-26,capec_id 255,updated_at 2019-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2018-2072035,protocols tcp; rev:1; sid:80187188;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - KIND DISTRIBUTION Traffic Detected"; flow:established, to_server; content:"distribution"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-11-19,capec_id 66,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187189;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAN FORTNIGHT Traffic Detected"; flow:established,to_server; content:"fortnight"; priority:4; metadata:cwe_id 89,hostile src_ip,created_at 2019-06-26,capec_id 66,updated_at 2019-06-26,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187190;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRIMITIVE POUCH Malware Communication"; flow:established,to_client; content:"pouch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2017-03-05,updated_at 2017-03-12,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80187191;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MINOR SUBCONSCIOUS Exploitation Attempt Seen"; flow:established, to_server; content:"subconscious"; priority:3; metadata:hostile src_ip,created_at 2019-09-05,capec_id 100,updated_at 2019-09-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-4664090,protocols tcp; rev:1; sid:80187192;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - APPARENT CRACKER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"cracker"; priority:3; metadata:hostile src_ip,created_at 2019-03-21,capec_id 253,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-915810,protocols http,protocols tcp; rev:2; sid:80187193;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEAN HIT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"hit"; priority:3; metadata:hostile src_ip,created_at 2017-09-24,capec_id 253,updated_at 2017-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-7043300,protocols http,protocols tcp; rev:2; sid:80187194;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - USUAL CLIFF Traffic Detected"; flow:established, to_client; file_data; content:"cliff"; priority:3; metadata:hostile src_ip,created_at 2016-02-10,capec_id 253,updated_at 2016-02-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187195;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRESIDENTIAL UNKNOWN Traffic Detected"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-08-08,capec_id 253,updated_at 2018-08-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187196;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BARN Traffic Detected"; flow:established, to_client; file_data; content:"barn"; priority:3; metadata:hostile src_ip,created_at 2019-06-13,capec_id 253,updated_at 2019-06-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187197;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SICK NUDGE Traffic Detected"; flow:established, to_client; file_data; content:"nudge"; priority:3; metadata:hostile src_ip,created_at 2016-01-14,capec_id 253,updated_at 2016-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187198;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEVERE TEXTBOOK Traffic Detected"; flow:established, to_client; file_data; content:"textbook"; priority:3; metadata:hostile src_ip,created_at 2019-07-15,capec_id 253,updated_at 2019-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187199;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FRAME Traffic Detected"; flow:established, to_client; file_data; content:"frame"; priority:3; metadata:hostile src_ip,created_at 2019-08-09,capec_id 253,updated_at 2019-08-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187200;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UPPER COVER Malware Communication"; flow:established,to_server; content:"cover"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-20,updated_at 2019-07-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187201;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANAGERIAL DEPRESSIVE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"depressive"; priority:3; metadata:hostile src_ip,created_at 2019-11-04,capec_id 253,updated_at 2019-11-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-2067952,protocols http,protocols tcp; rev:2; sid:80187202;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANNOYED GEYSER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"geyser"; priority:3; metadata:hostile src_ip,created_at 2019-04-15,capec_id 253,updated_at 2019-04-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-800480,protocols http,protocols tcp; rev:2; sid:80187203;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LUCKY HUTCH Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"hutch"; priority:3; metadata:hostile src_ip,created_at 2019-03-07,capec_id 253,updated_at 2019-03-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-531108,protocols http,protocols tcp; rev:2; sid:80187204;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LOBOUNKNOWNY Traffic Detected"; flow:established, to_client; file_data; content:"loboUNKNOWNy"; priority:3; metadata:hostile src_ip,created_at 2018-08-18,capec_id 253,updated_at 2018-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187205;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROKEN BUILDING Traffic Detected"; flow:established, to_client; content:"building"; priority:3; metadata:hostile src_ip,created_at 2019-08-12,capec_id 100,updated_at 2019-08-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target irc-client,attack_target client,protocols irc,protocols tcp; rev:1; sid:80187206;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - IDENTICAL WILDLIFE Traffic Detected"; flow:established, to_server; content:"wildlife"; priority:3; metadata:hostile src_ip,created_at 2019-04-18,capec_id 216,updated_at 2019-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,protocols ssh,protocols tcp; rev:1; sid:80187207;) #alert tcp any any -> any any (msg:"Acme - WRONG ROAST Traffic Detected"; flow:established, to_server; content:"roast"; priority:3; metadata:created_at 2018-04-23,updated_at 2018-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols ssh,protocols tcp; rev:1; sid:80187208;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPARE DESERT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"desert"; priority:3; metadata:hostile src_ip,created_at 2018-05-05,capec_id 253,updated_at 2018-05-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-3389760,protocols http,protocols tcp; rev:3; sid:80187209;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNLIKELY GRANDMOTHER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"grandmother"; priority:3; metadata:hostile src_ip,created_at 2018-05-22,capec_id 253,updated_at 2018-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-854613,protocols http,protocols tcp; rev:2; sid:80187210;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SEVERE CLOAKROOM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"cloakroom"; priority:3; metadata:hostile src_ip,created_at 2019-07-20,capec_id 253,updated_at 2019-07-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-8880319,protocols http,protocols tcp; rev:2; sid:80187211;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSTRACT ASHRAM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"ashram"; priority:3; metadata:hostile src_ip,created_at 2017-01-23,capec_id 253,updated_at 2017-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-3640947,protocols http,protocols tcp; rev:2; sid:80187212;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RUNNING FOG Traffic Detected"; flow:established, to_client; file_data; content:"fog"; priority:3; metadata:hostile src_ip,created_at 2018-11-22,capec_id 253,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187213;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUZZY SYNOD Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"synod"; priority:3; metadata:hostile src_ip,created_at 2017-03-25,capec_id 253,updated_at 2017-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-9982805,protocols http,protocols tcp; rev:2; sid:80187214;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - LINEAR GRANDMOM Traffic Detected"; flow:established, to_server; content:"grandmom"; priority:3; metadata:created_at 2016-09-27,updated_at 2016-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80187215;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAREFUL TATTOO Traffic Detected"; flow:established, to_client; content:"tattoo"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-05-18,capec_id 100,updated_at 2018-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187216;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DISTANT WAITRESS Traffic Detected"; flow:established, to_server; content:"waitress"; priority:3; metadata:hostile src_ip,created_at 2019-10-19,updated_at 2019-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187217;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INDIVIDUAL BAGGAGE Exploitation Attempt Seen"; flow:established, to_server; content:"baggage"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-02-23,updated_at 2019-02-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-1110501,protocols tcp; rev:1; sid:80187218;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLAR LEADING Exploitation Attempt Seen"; flow:established, to_server; content:"leading"; priority:3; metadata:hostile src_ip,created_at 2019-01-24,updated_at 2019-01-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-4220011,protocols tcp; rev:1; sid:80187219;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN THRONE Exploitation Attempt Seen"; flow:established, to_server; content:"throne"; priority:3; metadata:hostile src_ip,created_at 2018-10-16,updated_at 2018-10-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-1203497,protocols tcp; rev:1; sid:80187220;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEVELOPED INDEPENDENCE Exploitation Attempt Seen"; flow:established, to_server; content:"independence"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-11,updated_at 2019-06-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2019-2022362,protocols tcp; rev:1; sid:80187221;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEPENDENT SEASHORE Exploitation Attempt Seen"; flow:established, to_client; content:"seashore"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-10-01,updated_at 2019-10-02,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2017-324543,protocols tcp; rev:1; sid:80187222;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN JAGUAR Exploitation Attempt Seen"; flow:established, to_server; content:"jaguar"; priority:3; metadata:cwe_id 189,created_at 2019-03-05,capec_id 92,updated_at 2019-03-07,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2019-8313754,protocols dns,protocols tcp; rev:1; sid:80187223;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP FINGERNAIL Traffic Detected"; flow:established, to_server; content:"fingernail"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2017-11-20,capec_id 233,updated_at 2017-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187224;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESIDENTIAL SOMEWHERE Exploitation Attempt Seen"; flow:established, to_server; content:"somewhere"; priority:3; metadata:hostile src_ip,created_at 2018-09-17,updated_at 2018-09-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-1093930,protocols http,protocols tcp; rev:2; sid:80187225;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISTY WORTH Exploitation Attempt Seen"; flow:established, to_server; content:"worth"; priority:3; metadata:hostile src_ip,created_at 2018-09-26,updated_at 2018-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-893804,protocols http,protocols tcp; rev:1; sid:80187226;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHIEF UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-03-01,updated_at 2018-03-07,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-4723527,protocols http,protocols tcp; rev:2; sid:80187227;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REGULAR RECOGNITION Traffic Detected"; flow:established, to_server; content:"recognition"; priority:3; metadata:hostile src_ip,created_at 2019-07-05,updated_at 2019-07-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80187228;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CAPABLE WING Exploitation Attempt Seen"; flow:established, to_server; content:"wing"; priority:3; metadata:hostile src_ip,created_at 2017-01-10,capec_id 100,updated_at 2017-01-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-6401887,protocols http,protocols tcp; rev:1; sid:80187229;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DAMAGED PEDAL Exploitation Attempt Seen"; flow:established, to_server; content:"pedal"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-03-23,capec_id 248,updated_at 2018-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-9493462,protocols http; rev:2; sid:80187230;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STILL MEASURE Exploitation Attempt Seen"; flow:established, to_server; content:"measure"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2019-01-13,capec_id 251,updated_at 2019-01-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-4219299,protocols http,protocols tcp; rev:2; sid:80187231;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - OLD-FASHIONED CRECHE Exploitation Attempt Seen"; flow:established, to_server; content:"creche"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-10-04,capec_id 255,updated_at 2019-10-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-723767,cve 2017-723767,protocols http,protocols tcp; rev:1; sid:80187232;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LAZY SOW Traffic Detected"; flow:established, to_server; content:"sow"; priority:3; metadata:cwe_id 134,hostile src_ip,created_at 2018-01-23,capec_id 135,updated_at 2018-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187233;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GUILTY SHOAT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"shoat"; priority:3; metadata:cwe_id 264,cwe_id 399,cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-01-08,capec_id 253,updated_at 2019-01-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target http-client,attack_target client,cve 2019-5210224,cve 2019-5210224,cve 2019-5210224,cve 2019-5210224,cve 2019-5210224,cve 2019-5210224,cvss_v2_temporal 2.3,protocols http,protocols tcp; rev:3; sid:80187234;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIVELY CORK Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"cork"; priority:3; metadata:cwe_id 264,cwe_id 399,cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-11-16,capec_id 253,updated_at 2019-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2017-4240766,cve 2017-4240766,cve 2017-4240766,cve 2017-4240766,cve 2017-4240766,cve 2017-4240766,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:3; sid:80187235;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOCAL UNKNOWN-BAR Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWN-bar"; priority:3; metadata:cwe_id 264,cwe_id 399,cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-05-03,capec_id 253,updated_at 2019-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.1,attack_target http-client,attack_target client,cve 2016-5598187,cve 2016-5598187,cve 2016-5598187,cve 2016-5598187,cve 2016-5598187,cve 2016-5598187,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:3; sid:80187236;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ODD BIG-RIG Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"big-rig"; priority:3; metadata:cwe_id 264,cwe_id 399,cwe_id 189,cwe_id 119,hostile src_ip,created_at 2017-02-07,capec_id 253,updated_at 2017-02-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target http-client,attack_target client,cve 2015-8979441,cve 2015-8979441,cve 2015-8979441,cve 2015-8979441,cve 2015-8979441,cve 2015-8979441,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:3; sid:80187237;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COASTAL UNKNOWNITY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWNity"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2019-04-16,capec_id 255,updated_at 2019-04-16,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-5779713,protocols http,protocols tcp; rev:2; sid:80187238;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BASIC OPEN Malware Communication"; flow:established,to_server; content:"open"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-21,updated_at 2018-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187239;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BRIEF LEISURE Exploitation Attempt Seen"; flow:established, to_client; content:"leisure"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2018-10-16,capec_id 255,updated_at 2018-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,cve 2018-5360914,protocols tcp; rev:1; sid:80187240;) drop tcp any any -> $HOME_NET any (msg:"Acme - DREADFUL ZEBRA Exploitation Attempt Seen"; flow:established,from_server; content:"zebra"; priority:2; metadata:cwe_id 120,cvss_v3_base 2.8,hostile src_ip,created_at 2019-07-20,capec_id 100,updated_at 2019-07-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target smb-client,attack_target client,cvss_v3_temporal 2.5,cve 2018-4036426,cvss_v2_temporal 2.5,protocols smb,protocols tcp; rev:3; sid:80187241;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OVERALL LUNCHROOM Traffic Detected"; flow:established,to_server; content:"lunchroom"; priority:3; metadata:hostile src_ip,created_at 2019-02-03,capec_id 63,updated_at 2019-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187242;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HARSH UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-01-12,capec_id 63,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187243;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FREQUENT BARRACKS Malware Communication"; flow:established, to_server; content:"barracks"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-08,updated_at 2018-07-18,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187244;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPETITIVE PEACOAT Malware Communication"; flow:established, to_server; content:"peacoat"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-13,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187245;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIVINE PSYCHOLOGY Malware Communication"; flow:established, to_server; content:"psychology"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-16,updated_at 2018-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187246;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURRING JUSTICE Traffic Detected"; flow:established, to_server; content:"justice"; priority:3; metadata:hostile src_ip,created_at 2019-07-02,updated_at 2019-07-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187247;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TREMENDOUS KITTY Traffic Detected"; flow:established, to_server; content:"kitty"; priority:3; metadata:hostile src_ip,created_at 2019-03-10,updated_at 2019-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187248;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MARGINAL GEORGE Exploitation Attempt Seen"; flow:established, to_server; content:"george"; priority:3; metadata:hostile src_ip,created_at 2019-03-23,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-7506275,protocols http,protocols tcp; rev:2; sid:80187249;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DESPERATE STORY-TELLING Exploitation Attempt Seen"; flow:established, to_server; content:"story-telling"; priority:3; metadata:hostile src_ip,created_at 2016-11-10,updated_at 2016-11-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-7922587,protocols http,protocols tcp; rev:1; sid:80187250;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORGANISATIONAL UNKNOWNEON Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNeon"; priority:3; metadata:hostile src_ip,created_at 2019-01-24,updated_at 2019-01-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2016-1285633,protocols tcp; rev:1; sid:80187251;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STICKY GRANNY Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"granny"; priority:3; metadata:hostile src_ip,created_at 2018-04-09,capec_id 253,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-6406851,protocols http,protocols tcp; rev:2; sid:80187252;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP SPOON Traffic Detected"; flow:established, to_client; file_data; content:"spoon"; priority:3; metadata:hostile src_ip,created_at 2019-02-25,capec_id 253,updated_at 2019-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target http-client,attack_target client,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:2; sid:80187253;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SCENT Malware Communication"; flow:established,to_client; content:"scent"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-10-08,updated_at 2016-10-20,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80187254;) alert http $HOME_NET any -> any any (msg:"Acme - ALIVE EDITOR Malware Communication"; flow:established, to_client; file_data; content:"editor"; priority:3; metadata:cwe_id 89,malware post-infection,created_at 2017-08-07,updated_at 2017-08-17,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187255;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEAP VIOLET Exploitation Attempt Seen"; flow:established, to_server; content:"violet"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2017-06-03,capec_id 63,updated_at 2017-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cve 2017-6125577,cvss_v2_temporal 4.5,protocols http; rev:2; sid:80187256;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEMICAL ACCOUNT Malware Communication"; flow:established, to_server; content:"account"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-06-23,updated_at 2016-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187257;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIABLE UNKNOWN Malware Communication"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 89,malware pre-infection,hostile src_ip,created_at 2019-10-01,updated_at 2019-10-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187258;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STICKY BIFOCALS Traffic Detected"; flow:established, to_server; content:"bifocals"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-08-17,capec_id 63,updated_at 2018-08-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target server,attack_target http-server,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80187259;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREFERRED DISTRICT Exploitation Attempt Seen"; flow:established,to_server; content:"district"; priority:3; metadata:cwe_id 78,cvss_v3_base 2.7,hostile src_ip,created_at 2019-08-24,capec_id 248,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v3_temporal 1.7,cve 2019-4261258,cvss_v2_temporal 1.7,protocols http,protocols tcp; rev:2; sid:80187260;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNKNOWN CONSULATE Malware Communication"; flow:established, to_server; content:"consulate"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187261;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN JOGGING Malware Communication"; flow:established, to_server; content:"jogging"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-17,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187262;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EAGER FINGER Malware Communication"; flow:established, to_server; content:"finger"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-26,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187263;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TROPICAL OCTAVE Malware Communication"; flow:established, to_server; content:"octave"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-27,updated_at 2018-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187264;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPER IRON Malware Communication"; flow:established, to_server; content:"iron"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-03,updated_at 2017-01-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187265;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRANGE TANKFUL Exploitation Attempt Seen"; flow:established, to_server; content:"tankful"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-08-21,capec_id 118,updated_at 2019-08-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target server,attack_target http-server,cve 2016-6997130,cvss_v2_temporal 6.7,protocols http,protocols tcp; rev:2; sid:80187266;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELECTUNKNOWN LYMPHOCYTE Malware Communication"; flow:established, to_server; content:"lymphocyte"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-07,updated_at 2019-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187267;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - AWKWARD UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-06-05,capec_id 119,updated_at 2019-06-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-564892,protocols http,protocols tcp; rev:1; sid:80187268;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBJECTIVE PITCHING Malware Communication"; flow:established,to_server; urilen:11,norm; content:"pitching"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-11-13,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187269;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURPLE FIX Traffic Detected"; flow:established, to_client; file_data; content:"fix"; priority:3; metadata:hostile src_ip,created_at 2019-09-12,capec_id 253,updated_at 2019-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187270;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIG MIGRANT Traffic Detected"; flow:established, to_client; file_data; content:"migrant"; priority:3; metadata:hostile src_ip,created_at 2015-07-14,capec_id 253,updated_at 2015-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187271;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STATISTICAL PRIEST Traffic Detected"; flow:established, to_client; file_data; content:"priest"; priority:3; metadata:hostile src_ip,created_at 2017-03-02,capec_id 253,updated_at 2017-03-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187272;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BAD BRATWURST Exploitation Attempt Seen"; flow:established, to_server; content:"bratwurst"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-07-05,capec_id 66,updated_at 2019-07-05,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target ftp-server,attack_target server,cve 2017-7346380,cvss_v2_temporal 7.4,protocols ftp,protocols tcp; rev:1; sid:80187273;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FLAT DRILL Traffic Detected"; flow:established, to_server; content:"drill"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-08-27,capec_id 63,updated_at 2016-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187275;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DAILY MEN Malware Communication"; flow:established, to_server; content:"men"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-06,updated_at 2017-04-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187276;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ELDEST PILE Exploitation Attempt Seen"; flow:established, to_client; content:"pile"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-26,capec_id 100,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-3337745,protocols http,protocols tcp; rev:1; sid:80187277;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - WORRIED LADY Exploitation Attempt Seen"; flow:established, to_client; content:"lady"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-08-23,capec_id 100,updated_at 2015-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-1471303,protocols http,protocols tcp; rev:1; sid:80187278;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORGANISATIONAL HYPOCUNKNOWNDRIA Traffic Detected"; flow:established, to_server; content:"hypocUNKNOWNdria"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2015-10-05,capec_id 251,updated_at 2015-10-10,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,attack_target http-server,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80187279;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUNNY FAIRY Malware Communication"; flow:established, to_server; content:"fairy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-27,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187280;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HUNGRY TOW-TRUCK Malware Communication"; flow:established,to_server; content:"tow-truck"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-02-22,updated_at 2015-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187281;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUND LIE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"lie"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-06-19,capec_id 253,updated_at 2017-06-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-37680,protocols http,protocols tcp; rev:2; sid:80187282;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POOR CALCULUS Exploitation Attempt Seen"; flow:established, to_server; content:"calculus"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-01-08,capec_id 100,updated_at 2018-01-08,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-5477485,protocols tcp; rev:3; sid:80187283;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RELIGIOUS TRIPOD Exploitation Attempt Seen"; flow:established, to_server; content:"tripod"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-08-24,capec_id 100,updated_at 2019-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,cve 2018-9659952,protocols tcp; rev:3; sid:80187284;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PSYCHIATRIC MOM Traffic Detected"; flow:established, to_server; content:"mom"; priority:1; metadata:cwe_id 507,hostile dest_ip,created_at 2019-07-21,updated_at 2019-07-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187285;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EERIE CHARACTER Malware Communication"; flow:established,from_server; file_data; content:"character"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2015-06-12,updated_at 2015-06-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187286;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PECULIAR CONSPIRATOR Traffic Detected"; flow:established, to_server; content:"conspirator"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2017-08-25,updated_at 2017-08-27,filename misc.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80187287;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INFLUENTIAL ATTACHMENT Traffic Detected"; flow:established, to_client; file_data; content:"attachment"; priority:3; metadata:cwe_id 657,created_at 2018-06-09,updated_at 2018-06-28,filename misc.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187288;) #drop tcp any any -> $HOME_NET any (msg:"Acme - BEWILDERED CONTRAIL Traffic Detected"; flow:established, to_server; content:"contrail"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2018-06-24,updated_at 2018-06-24,filename misc.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:2; sid:80187289;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVIL TOY Malware Communication"; flow:established, to_server; content:"toy"; priority:3; metadata:cwe_id 657,malware pre-infection,created_at 2016-02-09,updated_at 2016-02-14,filename misc.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187290;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GORGEOUS START Traffic Detected"; flow:established, to_server; content:"start"; priority:3; metadata:cwe_id 657,created_at 2019-09-07,updated_at 2019-09-21,filename misc.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187291;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - URBAN PRIMARY Malware Communication"; flow:established,to_server; content:"primary"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-06,updated_at 2018-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187292;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFEATED CRACKERS Malware Communication"; flow:established, to_server; content:"crackers"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-26,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187293;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEPENDENT DILL Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"dill"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-26,capec_id 253,updated_at 2019-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2017-2129281,protocols http,protocols tcp; rev:2; sid:80187294;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSOLUTE CULTIVAR Malware Communication"; flow:established, to_server; content:"cultivar"; priority:3; metadata:cwe_id 507,malware post-infection,created_at 2018-06-08,updated_at 2018-06-17,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187295;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANNOYED TAXI Malware Communication"; flow:established, to_server; content:"taxi"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-27,updated_at 2017-02-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187296;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - SIMILAR CALL Traffic Detected"; flow:established, to_server; content:"call"; priority:3; metadata:cwe_id 434,hostile src_ip,created_at 2018-08-20,capec_id 248,updated_at 2018-08-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80187297;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ECONOMIC DETECTIVE Traffic Detected"; flow:established, to_server; content:"detective"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2018-10-19,capec_id 248,updated_at 2018-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80187298;) drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNKNOWN UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2017-10-14,capec_id 248,updated_at 2017-10-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80187299;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THUNDERING SAXOPUNKNOWNE Traffic Detected"; flow:established, to_client; file_data; content:"saxopUNKNOWNe"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2018-07-08,updated_at 2018-07-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187300;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SURPRISED THRUSH Traffic Detected"; flow:established, to_client; content:"thrush"; priority:4; metadata:cwe_id 506,created_at 2017-05-11,updated_at 2017-05-16,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80187301;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIPE COMMISSION Malware Communication"; flow:established, to_server; content:"commission"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-08,updated_at 2017-01-19,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187302;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSTRACT IMPRESSION Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"impression"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-06-03,capec_id 100,updated_at 2019-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-2296930,protocols http,protocols tcp; rev:2; sid:80187303;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RARE UNKNOWN Traffic Detected"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2015-07-17,capec_id 253,updated_at 2015-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187304;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCEPTED SLEEP Malware Communication"; flow:established, to_server; content:"sleep"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-02,updated_at 2016-09-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187305;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRY OBESITY Malware Communication"; flow:established, to_server; content:"obesity"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-27,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187306;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREGNANT GROUSE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"grouse"; priority:2; metadata:cwe_id 120,cvss_v3_base 2.5,hostile src_ip,created_at 2017-06-05,capec_id 129,updated_at 2017-06-17,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target http-client,attack_target client,cvss_v3_temporal 2.4,cve 2017-6981310,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80187307;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EARLY NOTEBOOK Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"notebook"; priority:2; metadata:cwe_id 119,cvss_v3_base 4.7,hostile src_ip,created_at 2016-01-10,capec_id 129,updated_at 2016-01-21,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target http-client,attack_target client,cvss_v3_temporal 3.5,cve 2016-2592009,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80187308;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACTUAL SURVEY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"survey"; priority:2; metadata:cwe_id 416,cvss_v3_base 4.6,hostile src_ip,created_at 2019-03-02,capec_id 255,updated_at 2019-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target http-client,attack_target client,cvss_v3_temporal 4.2,cve 2019-3449185,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80187309;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LIBERAL THORN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"thorn"; priority:2; metadata:cwe_id 416,cvss_v3_base 5.8,hostile src_ip,created_at 2019-02-10,capec_id 255,updated_at 2019-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target http-client,attack_target client,cvss_v3_temporal 6.5,cve 2019-2352820,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80187310;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN AUDITORIUM Exploitation Attempt Seen"; flow:established,from_server; content:"auditorium"; priority:2; metadata:cwe_id 119,cvss_v3_base 8.3,hostile src_ip,created_at 2019-04-23,capec_id 255,updated_at 2019-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cvss_v3_temporal 8.2,cve 2019-559519,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:2; sid:80187311;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANAGING SHOPPER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"shopper"; priority:3; metadata:cwe_id 119,cvss_v3_base 7.9,hostile src_ip,created_at 2017-05-05,capec_id 129,updated_at 2017-05-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target http-client,attack_target client,cvss_v3_temporal 7.5,cve 2015-1422850,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:2; sid:80187312;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONSCIOUS UNKNOWN Exploitation Attempt Seen"; flow:established,from_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 119,cvss_v3_base 3.1,hostile src_ip,created_at 2018-04-07,capec_id 255,updated_at 2018-04-12,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cvss_v3_temporal 4.2,cve 2018-3614250,cvss_v2_temporal 4.2,protocols http,protocols tcp; rev:2; sid:80187313;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ACCEPTED HOURGLASS Malware Communication"; flow:established,to_client; file_data; content:"hourglass"; priority:4; metadata:cwe_id 89,malware pre-infection,hostile src_ip,created_at 2019-03-04,updated_at 2019-03-09,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187314;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TALL PLAYGROUND Traffic Detected"; flow:established, to_client; file_data; content:"playground"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-01-05,capec_id 253,updated_at 2019-01-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target http-client,attack_target client,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:2; sid:80187315;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LITTLE OPERA Malware Communication"; flow:established,to_server; content:"opera"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-01,updated_at 2019-02-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187316;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHY UNKNOWNH Malware Communication"; flow:established,to_server; content:"UNKNOWNh"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-16,updated_at 2019-05-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187317;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANY CONTRACT Malware Communication"; flow:established,to_server; content:"contract"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-26,updated_at 2019-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187318;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSIDERABLE SNOW Malware Communication"; flow:established,to_server; content:"snow"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-21,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187319;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PREVIOUS UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2018-06-06,capec_id 310,updated_at 2018-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187320;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERESTING TITANIUM Malware Communication"; flow:established, to_server; content:"titanium"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-03,updated_at 2018-01-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187321;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VARIOUS NUTRITION Malware Communication"; flow:established, to_server; content:"nutrition"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-02,updated_at 2017-04-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187322;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HANDSOME DEMUR Malware Communication"; flow:established, to_server; content:"demur"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-11,updated_at 2019-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187323;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIM PARAMEDIC Malware Communication"; flow:established, to_server; content:"paramedic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-09,updated_at 2018-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187324;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNIVE HEMP Malware Communication"; flow:established; content:"hemp"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-09-11,updated_at 2017-09-12,filename acme.rules,priority high,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80187325;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEPRESSED FREEDOM Malware Communication"; flow:established, to_server; content:"freedom"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-04,updated_at 2018-06-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187326;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EDUCATIONAL TOQUE Malware Communication"; flow:established,to_server; content:"toque"; priority:2; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-03-04,updated_at 2019-03-05,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187327;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - USUAL LINEN Malware Communication"; flow:established, to_server; content:"linen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-23,updated_at 2019-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187328;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAVOURITE SUNLAMP Traffic Detected"; flow:established, to_server; content:"sunlamp"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-09-27,capec_id 66,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cvss_v2_temporal 3.8,protocols http,protocols tcp; rev:2; sid:80187329;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BEET Exploitation Attempt Seen"; flow:established, to_server; content:"beet"; priority:3; metadata:hostile src_ip,created_at 2018-04-10,capec_id 248,updated_at 2018-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2016-333784,cvss_v2_temporal 10.0,protocols http,protocols tcp; rev:1; sid:80187330;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANY BUFFET Malware Communication"; flow:established, to_server; content:"buffet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-11,updated_at 2017-03-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187331;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - STICKY FINE Exploitation Attempt Seen"; flow:established, to_server; content:"fine"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2018-11-23,capec_id 115,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target server,attack_target http-server,cve 2017-9726054,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:1; sid:80187332;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - UNKNOWN MUSIC Exploitation Attempt Seen"; flow:established, to_server; content:"music"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2019-10-20,capec_id 115,updated_at 2019-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,attack_target http-server,cve 2015-2547768,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:1; sid:80187333;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - DELICIOUS CAMEL Exploitation Attempt Seen"; flow:established, to_server; content:"camel"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2016-11-21,capec_id 115,updated_at 2016-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cve 2015-6321361,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:1; sid:80187334;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABSOLUTE HEART-THROB Malware Communication"; flow:established,to_server; content:"heart-throb"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-26,updated_at 2018-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187335;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ARROGANT EDITOR Malware Communication"; flow:established, to_server; content:"editor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-02,updated_at 2019-06-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187336;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCESSIVE APPLIANCE Malware Communication"; flow:established, to_server; content:"appliance"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-21,updated_at 2019-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187337;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROTTEN EGGHEAD Exploitation Attempt Seen"; flow:established,to_server; content:"egghead"; priority:2; metadata:cwe_id 78,cvss_v3_base 3.7,hostile src_ip,created_at 2019-08-19,capec_id 248,updated_at 2019-08-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target server,attack_target http-server,cvss_v3_temporal 3.7,cve 2019-4805686,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80187338;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRY CHIN Malware Communication"; flow:established, to_server; content:"chin"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-02-23,updated_at 2016-02-23,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187339;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COLOSSAL SIMPLE Traffic Detected"; flow:established, to_server; content:"simple"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2015-05-04,capec_id 49,updated_at 2015-05-07,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,protocols imap,protocols tcp; rev:1; sid:80187340;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLONDE JOCKEY Traffic Detected"; flow:established, to_server; content:"jockey"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2017-02-25,capec_id 49,updated_at 2017-02-27,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target pop-server,attack_target server,protocols pop,protocols tcp; rev:1; sid:80187341;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SORBET Traffic Detected"; flow:established, to_server; content:"sorbet"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2019-02-08,capec_id 49,updated_at 2019-02-09,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80187342;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALERT SWEDISH Traffic Detected"; flow:established, to_server; content:"swedish"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2018-06-26,capec_id 49,updated_at 2018-06-27,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80187343;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DELIBERATE SUSTAINMENT Malware Communication"; flow:established, to_server; content:"sustainment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-13,updated_at 2019-04-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187344;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STABLE TORTOISE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"tortoise"; priority:3; metadata:cwe_id 618,hostile src_ip,created_at 2017-05-19,capec_id 253,updated_at 2017-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target http-client,attack_target client,cve 2016-7749989,cvss_v2_temporal 2.0,protocols http,protocols tcp; rev:2; sid:80187345;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BAD MANKIND Malware Communication"; flow:established, to_server; content:"mankind"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-09,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187346;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MANAGING EDDY Malware Communication"; flow:established,to_client; file_data; content:"eddy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-09,updated_at 2019-02-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187347;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDIRECT FORMER Malware Communication"; flow:established, to_server; content:"former"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-03,updated_at 2019-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187348;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISTY HEAVY Malware Communication"; flow:established, to_server; content:"heavy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-26,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187349;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LITERARY SISTER-IN-LAW Malware Communication"; flow:established, to_server; content:"sister-in-law"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-14,updated_at 2018-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187350;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GORGEOUS PARCHMENT Malware Communication"; flow:established, to_server; content:"parchment"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-27,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187351;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINGUISTIC FLASH Traffic Detected"; flow:established, to_server; content:"flash"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2019-10-08,capec_id 49,updated_at 2019-10-23,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target imap-server,attack_target server,protocols imap,protocols tcp; rev:1; sid:80187352;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLID FORCE Traffic Detected"; flow:established,to_server; content:"force"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2018-07-25,capec_id 112,updated_at 2018-07-25,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target pop-server,attack_target server,protocols pop,protocols tcp; rev:1; sid:80187353;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISTY UNKNOWN Traffic Detected"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2018-02-26,capec_id 49,updated_at 2018-02-27,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80187354;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VERY EDITOR Traffic Detected"; flow:established, to_server; content:"editor"; priority:3; metadata:cwe_id 307,hostile src_ip,created_at 2019-10-09,capec_id 49,updated_at 2019-10-12,filename bruteforce.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80187355;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BOILING ICICLE Malware Communication"; flow:established, to_server; content:"icicle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-10,updated_at 2017-11-16,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187356;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISLEADING EXPRESSION Malware Communication"; flow:established, to_server; content:"expression"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-15,updated_at 2019-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187357;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NICE NECESSARY Traffic Detected"; flow:established, to_server; content:"necessary"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2019-10-13,updated_at 2019-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,attack_target http-server,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:2; sid:80187358;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORIGINAL SLIDE Malware Communication"; flow:established, to_server; content:"slide"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-12,updated_at 2018-03-26,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187359;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AMAZING EVENING-WEAR Malware Communication"; flow:established, to_server; content:"evening-wear"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-24,updated_at 2017-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187360;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHEAP POSTBOX Exploitation Attempt Seen"; flow:established, to_client; content:"postbox"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2019-03-03,capec_id 92,updated_at 2019-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6767183,protocols http,protocols tcp; rev:2; sid:80187361;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRANGE UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-27,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187362;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STUCK REFRIGERATOR Malware Communication"; flow:established, to_server; content:"refrigerator"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-22,updated_at 2019-03-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187363;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIGHTY SUNDAY Malware Communication"; flow:established, to_server; content:"sunday"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-16,updated_at 2017-06-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187364;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLUMSY WRAP Malware Communication"; flow:established,to_server; content:"wrap"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-27,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187365;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BANK Malware Communication"; flow:established, to_server; content:"bank"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-04,updated_at 2016-10-24,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187366;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN VAN Malware Communication"; flow:established, to_server; content:"van"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-03,updated_at 2019-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187367;) drop tcp $HOME_NET any -> any any (msg:"Acme - YOUNG HALF Malware Communication"; flow:established,to_server; content:"half"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-13,updated_at 2017-04-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187368;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LINGUISTIC COTTON Malware Communication"; flow:established, to_client; content:"cotton"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2016-03-08,updated_at 2016-03-12,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187369;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STORMY WEAKNESS Malware Communication"; flow:established,to_client; content:"weakness"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-11-15,updated_at 2018-11-23,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187370;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FORTUNATE ECONOMY Malware Communication"; flow:established, to_client; content:"economy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-04-20,updated_at 2017-04-25,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187371;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HUNGRY SINGLE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"single"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-02-13,capec_id 100,updated_at 2017-02-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-4689582,protocols http,protocols tcp; rev:2; sid:80187372;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPLICIT PLANET Traffic Detected"; flow:established, to_server; content:"planet"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2019-04-05,capec_id 253,updated_at 2019-04-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.7,attack_target server,attack_target http-server,cvss_v2_temporal 1.8,protocols http,protocols tcp; rev:2; sid:80187373;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ISOLATED DISUNKNOWN Malware Communication"; flow:established, to_server; content:"disUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-12,updated_at 2018-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187375;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SATISFACTORY LEADERSHIP Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"leadership"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-10-14,capec_id 253,updated_at 2019-10-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2017-9228902,cvss_v2_temporal 10.0,protocols http,protocols tcp; rev:2; sid:80187376;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DUE SORBET Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"sorbet"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-05-19,capec_id 253,updated_at 2018-05-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2016-1918860,cvss_v2_temporal 10.0,protocols http,protocols tcp; rev:2; sid:80187377;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEW WAR Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"war"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-11-27,capec_id 253,updated_at 2019-11-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2019-2313569,cvss_v2_temporal 10.0,protocols http; rev:2; sid:80187378;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEAT HOUR Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"hour"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2015-03-03,capec_id 253,updated_at 2015-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2015-2100942,cvss_v2_temporal 10.0,protocols http; rev:2; sid:80187379;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOVELY CRADLE Exploitation Attempt Seen"; flow:established, to_server; content:"cradle"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2018-11-25,capec_id 115,updated_at 2018-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.0,attack_target server,attack_target http-server,cve 2017-3678388,cvss_v2_temporal 1.8,protocols http,protocols tcp; rev:2; sid:80187380;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GENETIC MONSTER Exploitation Attempt Seen"; flow:established,to_server; content:"monster"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2019-03-25,capec_id 115,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cve 2017-1952601,cvss_v2_temporal 2.7,protocols http,protocols tcp; rev:2; sid:80187381;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SABRE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"sabre"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-03-21,capec_id 253,updated_at 2018-03-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target http-client,attack_target client,cve 2017-9430253,cvss_v2_temporal 10.0,protocols http,protocols tcp; rev:2; sid:80187382;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPETITIVE GYMNAST Traffic Detected"; flow:established, to_server; content:"gymnast"; priority:3; metadata:hostile src_ip,created_at 2017-08-25,updated_at 2017-08-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187383;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADORABLE ACCELERANT Traffic Detected"; flow:established, to_client; file_data; content:"accelerant"; priority:3; metadata:hostile src_ip,created_at 2019-05-09,capec_id 253,updated_at 2019-05-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187384;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BACK UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; content:"UNKNOWN"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2016-06-20,capec_id 248,updated_at 2016-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-8662134,protocols http,protocols tcp; rev:1; sid:80187385;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNIFORM HILL Malware Communication"; flow:established, to_server; content:"hill"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-03,updated_at 2018-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187386;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUDDY FILL Malware Communication"; flow:established, to_server; content:"fill"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-20,updated_at 2018-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187387;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERN RAINCOAT Malware Communication"; flow:established, to_server; content:"raincoat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-19,updated_at 2017-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187388;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POST-WAR MAYONNAISE Malware Communication"; flow:established, to_server; content:"mayonnaise"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-10,updated_at 2017-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187389;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELEGANT PANIC Malware Communication"; flow:established, to_server; content:"panic"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-07,updated_at 2019-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187390;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNEST UMBRELLA Malware Communication"; flow:established, to_server; content:"umbrella"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-23,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187391;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFUSED SHOPPING Malware Communication"; flow:established, to_server; content:"shopping"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-23,updated_at 2017-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187392;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RUNNING COMMUNICATION Malware Communication"; flow:established, to_server; content:"communication"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-11,updated_at 2016-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187393;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MODERN CONVERT Exploitation Attempt Seen"; flow:established, to_server; content:"convert"; priority:3; metadata:cwe_id 255,hostile src_ip,created_at 2019-01-13,capec_id 114,updated_at 2019-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target server,attack_target http-server,cve 2019-3027531,cvss_v2_temporal 2.2,protocols http,protocols tcp; rev:2; sid:80187394;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIGITAL CLASSROOM Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"classroom"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2019-03-23,capec_id 253,updated_at 2019-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-7305555,protocols http,protocols tcp; rev:2; sid:80187395;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THEORETICAL RAGE Malware Communication"; flow:established, to_server; content:"rage"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2019-02-04,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187396;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMFORTABLE DILAPIDATION Malware Communication"; flow:established, to_server; content:"dilapidation"; priority:1; metadata:cwe_id 509,malware post-infection,hostile dest_ip,created_at 2015-02-12,updated_at 2015-02-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187397;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CURSOR Malware Communication"; flow:established, to_server; content:"cursor"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-23,updated_at 2019-03-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187398;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLAMOROUS WATER Malware Communication"; flow:established, to_server; content:"water"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2015-06-21,updated_at 2015-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187399;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISTURBED SPIDER Malware Communication"; flow:established, to_server; content:"spider"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-22,updated_at 2017-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187400;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PREVIOUS RUCKUS Malware Communication"; flow:established, to_server; content:"ruckus"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-13,updated_at 2019-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187401;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABUNDANT CONTROL Malware Communication"; flow:established, to_server; content:"control"; priority:1; metadata:cwe_id 94,malware post-infection,hostile dest_ip,created_at 2019-07-09,updated_at 2019-07-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-7037790,protocols http,protocols tcp; rev:2; sid:80187402;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SYMPATHETIC UNKNOWN-HAT Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWN-hat"; priority:3; metadata:cwe_id 346,cvss_v3_base 5.8,hostile src_ip,created_at 2019-09-27,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cvss_v3_temporal 5.9,cve 2015-9180858,cvss_v2_temporal 5.9,protocols http,protocols tcp; rev:2; sid:80187403;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNEXPECTED CLOTHING Malware Communication"; flow:established, to_client; content:"clothing"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-01-05,updated_at 2017-01-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187404;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - ADVANCED STAFF Malware Communication"; flow:established, to_client; content:"staff"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2016-01-27,updated_at 2016-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187405;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEAN CHIEF Malware Communication"; flow:established,to_server; content:"chief"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-19,updated_at 2019-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187406;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUND SLED Malware Communication"; flow:established, to_server; content:"sled"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-11-02,updated_at 2016-11-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187407;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRONG STATION-WAGON Malware Communication"; flow:established, to_server; content:"station-wagon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-01,updated_at 2018-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187408;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CREEPY BALCONY Malware Communication"; flow:established, to_server; content:"balcony"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-09,updated_at 2018-01-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187409;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GREAT READING Malware Communication"; flow:established, to_server; content:"reading"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-19,updated_at 2017-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187410;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PALE GRANDMOM Malware Communication"; flow:established, to_server; content:"grandmom"; priority:3; metadata:cwe_id 434,malware pre-infection,hostile src_ip,created_at 2018-04-11,updated_at 2018-04-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187411;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NATIONAL SHORTWAVE Malware Communication"; flow:established, to_server; content:"shortwave"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-23,updated_at 2019-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187412;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTINUED MAESTRO Malware Communication"; flow:established, to_server; content:"maestro"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-19,updated_at 2017-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187413;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIENDLY CREAM Malware Communication"; flow:established, to_server; content:"cream"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-15,updated_at 2019-05-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187414;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SALTY DEFENSE Malware Communication"; flow:established, to_server; content:"defense"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-15,updated_at 2017-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187415;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DECENT JURY Malware Communication"; flow:established, to_server; content:"jury"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-16,updated_at 2019-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187416;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLEXIBLE CHAP Malware Communication"; flow:established, to_server; content:"chap"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-02-20,updated_at 2016-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187417;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SIGNIFICANT TRADITION Malware Communication"; flow:established, to_server; content:"tradition"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-17,updated_at 2019-11-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187418;) #alert tcp any any -> $HOME_NET any (msg:"Acme - GREEK COPYWRITER Exploitation Attempt Seen"; flow:established, to_server; content:"copywriter"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-20,capec_id 100,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,attack_target ftp-server,attack_target server,cve 2017-7739167,cvss_v2_temporal 3.1,protocols ftp,protocols tcp; rev:1; sid:80187419;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTER LENTIL Malware Communication"; flow:established, to_server; content:"lentil"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-05,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187420;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HOSTILE CASTLE Malware Communication"; flow:established,to_server; content:"castle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-23,updated_at 2018-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187421;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - METROPOLITAN SUNDAY Malware Communication"; flow:established,to_server; content:"sunday"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-14,updated_at 2018-10-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187422;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACUTE VITALITY Malware Communication"; flow:established,to_server; content:"vitality"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-10,updated_at 2018-06-13,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187423;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LABOUR HOOD Malware Communication"; flow:established, to_server; content:"hood"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-13,updated_at 2017-03-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187424;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAMOUS BRACKET Malware Communication"; flow:established, to_server; content:"bracket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-25,updated_at 2017-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187425;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUEL UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-22,updated_at 2019-10-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187426;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RAPID PITCH Malware Communication"; flow:established,to_server; content:"pitch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-12,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187427;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SQUARE PROMPT Exploitation Attempt Seen"; flow:established, to_server; content:"prompt"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-09,capec_id 100,updated_at 2019-05-19,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-7250458,cve 2019-7250458,cve 2019-7250458,cve 2019-7250458,cve 2019-7250458,cve 2019-7250458,cve 2019-7250458,cve 2019-7250458,protocols ftp,protocols tcp; rev:1; sid:80187428;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT LIFT Exploitation Attempt Seen"; flow:established, to_server; content:"lift"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-07-19,capec_id 100,updated_at 2015-07-25,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2015-4744095,cve 2015-4744095,cve 2015-4744095,cve 2015-4744095,cve 2015-4744095,cve 2015-4744095,cve 2015-4744095,cve 2015-4744095,protocols ftp,protocols tcp; rev:1; sid:80187429;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FURIOUS FACET Exploitation Attempt Seen"; flow:established, to_server; content:"facet"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-11,capec_id 100,updated_at 2019-07-12,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2018-9381709,cve 2018-9381709,cve 2018-9381709,cve 2018-9381709,cve 2018-9381709,cve 2018-9381709,cve 2018-9381709,cve 2018-9381709,protocols ftp,protocols tcp; rev:1; sid:80187430;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNNECESSARY THUMB Exploitation Attempt Seen"; flow:established, to_server; content:"thumb"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-05-22,capec_id 100,updated_at 2017-05-26,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2017-5245952,cve 2017-5245952,cve 2017-5245952,cve 2017-5245952,cve 2017-5245952,cve 2017-5245952,cve 2017-5245952,cve 2017-5245952,protocols ftp,protocols tcp; rev:1; sid:80187431;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MINIATURE TOSSER Exploitation Attempt Seen"; flow:established, to_server; content:"tosser"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-06-22,capec_id 100,updated_at 2018-06-27,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2017-8633532,cve 2017-8633532,cve 2017-8633532,cve 2017-8633532,cve 2017-8633532,cve 2017-8633532,cve 2017-8633532,cve 2017-8633532,protocols ftp,protocols tcp; rev:1; sid:80187432;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BUSY STUDIO Exploitation Attempt Seen"; flow:established, to_server; content:"studio"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-01-26,capec_id 100,updated_at 2019-01-28,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-7940290,cve 2019-7940290,cve 2019-7940290,cve 2019-7940290,cve 2019-7940290,cve 2019-7940290,cve 2019-7940290,cve 2019-7940290,protocols ftp,protocols tcp; rev:1; sid:80187433;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNITED TOLERANCE Exploitation Attempt Seen"; flow:established, to_server; content:"tolerance"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-07-01,capec_id 100,updated_at 2019-07-17,filename ftp.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2017-7964225,cve 2017-7964225,cve 2017-7964225,cve 2017-7964225,cve 2017-7964225,cve 2017-7964225,cve 2017-7964225,cve 2017-7964225,protocols ftp,protocols tcp; rev:1; sid:80187434;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FANTASTIC CARRY Exploitation Attempt Seen"; flow:established, to_server; content:"carry"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-05-23,capec_id 100,updated_at 2019-05-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,cve 2019-6597260,cve 2019-6597260,cve 2019-6597260,cve 2019-6597260,cve 2019-6597260,cve 2019-6597260,cve 2019-6597260,cve 2019-6597260,protocols ftp,protocols tcp; rev:1; sid:80187435;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERIOR EMERGENCE Malware Communication"; flow:established,to_server; content:"emergence"; priority:1; metadata:cwe_id 507,malware post-infection,created_at 2019-05-02,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187436;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIVAL RAMBLER Exploitation Attempt Seen"; flow:established, to_server; content:"rambler"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-06-20,capec_id 248,updated_at 2017-06-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target server,attack_target http-server,cve 2015-9388184,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80187437;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN SHOESTRING Exploitation Attempt Seen"; flow:established,to_client; content:"shoestring"; priority:3; metadata:cwe_id 20,cwe_id 310,hostile src_ip,created_at 2018-04-09,updated_at 2018-04-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target tls-client,attack_target client,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,cve 2018-2059287,protocols tls,protocols tcp; rev:1; sid:80187438;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BREAK Malware Communication"; flow:established, to_server; content:"break"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-10,updated_at 2017-06-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187439;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SAD DRESSING Malware Communication"; flow:established, to_server; content:"dressing"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-14,updated_at 2018-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187440;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUTE SPECIALIST Malware Communication"; flow:established, to_server; content:"specialist"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-19,updated_at 2018-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187441;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTSTANDING DISCUSSION Traffic Detected"; flow:established, to_client; content:"discussion"; priority:4; metadata:cwe_id 307,created_at 2019-09-13,capec_id 130,updated_at 2019-09-21,filename ftp.rules,priority info,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80187442;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LESSER UNKNOWN Malware Communication"; flow:established, to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-06,updated_at 2019-10-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187443;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OPTIMISTIC SCRATCH Malware Communication"; flow:established, to_server; content:"scratch"; priority:3; metadata:cwe_id 507,malware post-infection,created_at 2018-04-17,updated_at 2018-04-23,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187444;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AVERAGE FOUNKNOWN Malware Communication"; flow:established, to_server; content:"foUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187445;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REMOTE ACRYLIC Malware Communication"; flow:established, to_server; content:"acrylic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-02,updated_at 2018-02-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187446;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MISTY ABROAD Malware Communication"; flow:established, to_server; content:"abroad"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-25,updated_at 2018-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187447;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHEAP CLASSROOM Malware Communication"; flow:established,to_server; content:"classroom"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-17,updated_at 2017-09-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187448;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ABOVE INDUSTRY Malware Communication"; flow:established,to_server; content:"industry"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-21,updated_at 2018-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187449;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASCINATING CITY Malware Communication"; flow:established, to_client; content:"city"; priority:2; metadata:cwe_id 507,malware pre-infection,hostile src_ip,created_at 2018-11-25,updated_at 2018-11-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187450;) #drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DIRECT CONSONANT Exploitation Attempt Seen"; flow:established, to_client; content:"consonant"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-09-06,capec_id 255,updated_at 2019-09-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.1,attack_target http-client,attack_target client,cve 2019-5048146,cvss_v2_temporal 4.3,protocols http,protocols tcp; rev:1; sid:80187451;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POISED BOUGH Traffic Detected"; flow:established, to_client; file_data; content:"bough"; priority:3; metadata:hostile src_ip,created_at 2017-06-22,capec_id 253,updated_at 2017-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187452;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HOPS Traffic Detected"; flow:established, to_client; file_data; content:"hops"; priority:3; metadata:hostile src_ip,created_at 2018-06-06,capec_id 253,updated_at 2018-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187453;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TERRIBLE GUN Traffic Detected"; flow:established, to_client; file_data; content:"gun"; priority:3; metadata:hostile src_ip,created_at 2017-06-06,capec_id 253,updated_at 2017-06-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187454;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STORMY CENTER Traffic Detected"; flow:established, to_client; file_data; content:"center"; priority:3; metadata:hostile src_ip,created_at 2019-01-27,capec_id 253,updated_at 2019-01-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187455;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAPID DIVISION Traffic Detected"; flow:established, to_client; file_data; content:"division"; priority:3; metadata:hostile src_ip,created_at 2019-02-07,capec_id 253,updated_at 2019-02-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187456;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAT FATIGUES Traffic Detected"; flow:established, to_client; file_data; content:"fatigues"; priority:3; metadata:hostile src_ip,created_at 2019-09-23,capec_id 253,updated_at 2019-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187457;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEEP BRATWURST Traffic Detected"; flow:established, to_client; file_data; content:"bratwurst"; priority:3; metadata:hostile src_ip,created_at 2019-06-27,capec_id 253,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187458;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXPERIENCED EDITOR Traffic Detected"; flow:established, to_client; file_data; content:"editor"; priority:3; metadata:hostile src_ip,created_at 2019-11-25,capec_id 253,updated_at 2019-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187459;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - REMARKABLE SEAGULL Traffic Detected"; flow:established, to_client; file_data; content:"seagull"; priority:3; metadata:hostile src_ip,created_at 2018-09-24,capec_id 253,updated_at 2018-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187460;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPONTANEOUS ADJUSTMENT Traffic Detected"; flow:established, to_client; file_data; content:"adjustment"; priority:3; metadata:hostile src_ip,created_at 2019-11-22,capec_id 253,updated_at 2019-11-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187461;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUBJECTIVE GRAIN Traffic Detected"; flow:established, to_client; file_data; content:"grain"; priority:3; metadata:hostile src_ip,created_at 2019-01-24,capec_id 253,updated_at 2019-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187462;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LATE TRADITIONALISM Traffic Detected"; flow:established, to_client; file_data; content:"traditionalism"; priority:3; metadata:hostile src_ip,created_at 2019-09-13,capec_id 253,updated_at 2019-09-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187463;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TRADITIONAL KNICKERS Malware Communication"; flow:established, to_server; content:"knickers"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-21,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187464;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LINEAR ABACUS Malware Communication"; flow:established, to_server; content:"abacus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-14,updated_at 2016-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187465;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORTUNATE DRY Malware Communication"; flow:established, to_server; content:"dry"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-17,updated_at 2018-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187466;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOOLISH BRIEFS Malware Communication"; flow:established, to_server; content:"briefs"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-26,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187467;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIFFICULT DISH Malware Communication"; flow:established, to_server; content:"dish"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-03,updated_at 2019-11-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187468;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOREIGN SNUGGLE Malware Communication"; flow:established, to_server; content:"snuggle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-18,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187469;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DISCIPLINARY TRACHOMA Malware Communication"; flow:established, to_server; content:"trachoma"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-05,updated_at 2017-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187470;) #alert http any any -> $HOME_NET any (msg:"Acme - HELPLESS KIDNEYS Traffic Detected"; flow:established, to_server; content:"kidneys"; priority:3; metadata:cwe_id 79,hostile dest_ip,created_at 2015-05-12,capec_id 63,updated_at 2015-05-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187471;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPERB RESPOND Malware Communication"; flow:established, to_client; content:"respond"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-06-11,updated_at 2018-06-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187472;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARED BRONCO Malware Communication"; flow:established, to_server; content:"bronco"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-21,updated_at 2019-08-25,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187473;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LTD NEXUS Malware Communication"; flow:established, to_server; content:"nexus"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-27,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187474;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTROVERSIAL GALL-BLADDER Malware Communication"; flow:established, to_client; content:"gall-bladder"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-02-04,updated_at 2018-02-15,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187475;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAVY AUTHOR Malware Communication"; flow:established, to_server; content:"author"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-19,updated_at 2019-03-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187476;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THOUGHTFUL UNKNOWN Traffic Detected"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-10-14,capec_id 253,updated_at 2019-10-21,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187477;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STANDARD STRUGGLE Malware Communication"; flow:established, to_server; content:"struggle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-06,updated_at 2016-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187478;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROTECTIVE EXECUTOR Malware Communication"; flow:established, to_server; content:"executor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-13,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187479;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALLEGED SHOES Malware Communication"; flow:established, to_server; content:"shoes"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-04,updated_at 2019-06-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187480;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUNNY POPSICLE Malware Communication"; flow:established, to_server; content:"popsicle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-09-23,updated_at 2016-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187481;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILLY CHIEF Malware Communication"; flow:established, to_server; content:"chief"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-27,updated_at 2018-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80187482;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGNIFICENT CITIZENSHIP Malware Communication"; flow:established, to_server; content:"citizenship"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-12,updated_at 2019-07-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187483;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPPORTING SARDINE Malware Communication"; flow:established, to_server; content:"sardine"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-23,updated_at 2018-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187484;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HIGH KIELBASA Malware Communication"; flow:established, to_server; content:"kielbasa"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-18,updated_at 2017-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187485;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UGLY PARAMEDIC Malware Communication"; flow:established, to_server; content:"paramedic"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-26,updated_at 2019-10-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187486;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVENTUAL COMIC Malware Communication"; flow:established, to_server; content:"comic"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-27,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187487;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REAL FRIENDSHIP Malware Communication"; flow:established, to_server; content:"friendship"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-05,updated_at 2019-10-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187488;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FOREIGN PINWORM Exploitation Attempt Seen"; flow:established,to_server; content:"pinworm"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-03-06,capec_id 100,updated_at 2015-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cve 2015-3317734,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80187489;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRAIGHTFORWARD DECRYPTION Malware Communication"; flow:established, to_server; content:"decryption"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-10,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187490;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALLIED HOMOGENATE Malware Communication"; flow:established, to_server; content:"homogenate"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-06,updated_at 2019-11-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187491;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NOVEL CHALICE Malware Communication"; flow:established,to_server; content:"chalice"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-26,updated_at 2018-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187492;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LARGE JOB Malware Communication"; flow:established,to_server; content:"job"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-26,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187493;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUPER LUCK Malware Communication"; flow:established,to_server; content:"luck"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-07,updated_at 2019-08-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187494;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BAD TUB Exploitation Attempt Seen"; flow:established,to_client; content:"tub"; priority:3; metadata:cwe_id 94,created_at 2018-01-24,updated_at 2018-01-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,cve 2015-1205480,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:1; sid:80187495;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEVOTED BIRTH Exploitation Attempt Seen"; flow:established,to_server; content:"birth"; priority:3; metadata:cwe_id 94,created_at 2019-11-26,updated_at 2019-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,cve 2018-9459327,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80187496;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HAPPY HUT Exploitation Attempt Seen"; flow:established,to_client; content:"hut"; priority:3; metadata:cwe_id 94,created_at 2019-06-17,updated_at 2019-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,cve 2019-3127831,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80187497;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FASCINATING DOWNTOWN Malware Communication"; flow:established,to_server; content:"downtown"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-06,updated_at 2017-04-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187498;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIVID THUNDER Malware Communication"; flow:established,to_server; content:"thunder"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-16,updated_at 2019-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187499;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EARLY ISLAND Traffic Detected"; flow:established,to_server; content:"island"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2018-03-06,capec_id 66,updated_at 2018-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187500;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - INNOVATIVE FIBRE Traffic Detected"; flow:established, to_client; content:"fibre"; priority:3; metadata:cwe_id 506,hostile src_ip,created_at 2019-01-06,updated_at 2019-01-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187501;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELAXED COMPLEX Malware Communication"; flow:established,to_server; content:"complex"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-26,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187502;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWFUL LINE Malware Communication"; flow:established,to_server; content:"line"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-10,updated_at 2019-09-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187503;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRONG THANKS Malware Communication"; flow:established,to_server; content:"thanks"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-14,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187504;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROUD BEDROOM Malware Communication"; flow:established,to_server; content:"bedroom"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-20,updated_at 2019-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187505;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROMINENT PORTHOLE Malware Communication"; flow:established,to_client; content:"porthole"; priority:3; metadata:cwe_id 507,malware malware,hostile src_ip,created_at 2018-09-16,updated_at 2018-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187506;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SURGERY Malware Communication"; flow:established,to_server; content:"surgery"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-17,updated_at 2018-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187507;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STATISTICAL OBESITY Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"obesity"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-03-27,capec_id 248,updated_at 2019-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.0,attack_target http-client,attack_target client,cve 2018-9576934,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:2; sid:80187508;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAGENTA CHAP Malware Communication"; flow:established,to_server; content:"chap"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-10-09,updated_at 2018-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80187509;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONFUSED LEVER Malware Communication"; flow:established,to_server; content:"lever"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-16,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187510;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONELY DRAMA Malware Communication"; flow:established,to_server; content:"drama"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-19,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187511;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PHYSICAL PANNIER Malware Communication"; flow:established, to_server; content:"pannier"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-24,updated_at 2016-01-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187512;) alert http any any -> $HOME_NET any (msg:"Acme - BLUSHING BOATYARD Exploitation Attempt Seen"; flow:established,to_server; content:"boatyard"; priority:3; metadata:cwe_id 20,hostile dest_ip,created_at 2017-08-19,capec_id 248,updated_at 2017-08-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.0,cve 2017-5764423,cvss_v2_temporal 3.0,protocols http,protocols tcp; rev:2; sid:80187513;) alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - DEAFENING DISCONNECTION Malware Communication"; flow:established,to_client; content:"disconnection"; priority:3; metadata:cwe_id 189,malware pre-infection,hostile src_ip,created_at 2018-04-09,updated_at 2018-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target http-client,attack_target client,cve 2017-3029061,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:1; sid:80187514;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THEORETICAL MORTISE Malware Communication"; flow:established,to_client; content:"mortise"; priority:2; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-06-07,updated_at 2018-06-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187515;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INNER MIXTURE Malware Communication"; flow:established,to_client; content:"mixture"; priority:3; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2018-06-05,updated_at 2018-06-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187516;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRIKING LITTER Exploitation Attempt Seen"; flow:established,to_server; content:"litter"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-08-06,capec_id 100,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2017-2239272,cvss_v2_temporal 8.5,protocols http,protocols tcp; rev:2; sid:80187517;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROYAL UNKNOWNFISH Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNfish"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-07-18,capec_id 100,updated_at 2017-07-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-8553230,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80187518;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HARSH WOMEN Exploitation Attempt Seen"; flow:established,to_server; content:"women"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-02-08,capec_id 100,updated_at 2019-02-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2016-2915910,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80187519;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLOODY UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 77,hostile src_ip,created_at 2019-07-26,capec_id 248,updated_at 2019-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2018-4913012,cvss_v2_temporal 6.6,protocols http,protocols tcp; rev:1; sid:80187520;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - READY RIDDLE Exploitation Attempt Seen"; flow:established,to_server; content:"riddle"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-03-06,capec_id 100,updated_at 2018-03-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2015-5884081,cvss_v2_temporal 6.3,protocols http,protocols tcp; rev:2; sid:80187521;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ALIVE OUTFIT Traffic Detected"; flow:established,to_client; content:"outfit"; priority:3; metadata:created_at 2017-01-16,updated_at 2017-01-17,filename web.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:1; sid:80187522;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FREE ALBATROSS Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"albatross"; priority:4; metadata:cwe_id 399,created_at 2017-03-19,updated_at 2017-03-24,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.8,cve 2016-940702,cvss_v2_temporal 4.6,protocols http,protocols tcp; rev:2; sid:80187523;) alert tcp any any -> $HOME_NET any (msg:"Acme - EVIL MOUSTACHE Malware Communication"; flow:established,to_client; content:"moustache"; priority:4; metadata:cwe_id 399,malware post-infection,created_at 2018-01-08,updated_at 2018-01-12,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.0,cve 2017-3220975,cvss_v2_temporal 5.2,protocols imap,protocols tcp; rev:1; sid:80187524;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAPID BAR Traffic Detected"; flow:established,to_server; content:"bar"; priority:3; metadata:hostile src_ip,created_at 2019-09-15,capec_id 175,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187525;) alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN LYNX Malware Communication"; flow:established,to_client; content:"lynx"; priority:4; metadata:cwe_id 657,malware post-infection,hostile dest_ip,created_at 2019-02-16,updated_at 2019-02-17,filename acme.rules,priority info,rule_source acme-rule-factory,protocols pop,protocols tcp; rev:1; sid:80187526;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RAPID MOUSTACHE Traffic Detected"; flow:established, to_server; content:"moustache"; priority:4; metadata:created_at 2017-08-16,capec_id 125,updated_at 2017-08-17,filename ddos.rules,priority info,infected src_ip,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187527;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORTUNATE HOUR Malware Communication"; flow:established,to_server; content:"hour"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-02-10,updated_at 2018-02-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187528;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIANT LADY Malware Communication"; flow:established,to_server; content:"lady"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-22,updated_at 2018-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187529;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GIANT BOTANY Malware Communication"; flow:established,to_server; content:"botany"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-02,updated_at 2019-08-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187530;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURPLE SALE Traffic Detected"; flow:established, to_server; content:"sale"; priority:3; metadata:hostile src_ip,created_at 2019-02-22,updated_at 2019-02-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187531;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BORING BONNET Traffic Detected"; flow:established, to_server; content:"bonnet"; priority:3; metadata:hostile src_ip,created_at 2019-11-13,updated_at 2019-11-23,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187532;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURE DOLMAN Traffic Detected"; flow:established, to_server; content:"dolman"; priority:3; metadata:hostile src_ip,created_at 2019-09-25,updated_at 2019-09-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187533;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SAD CIRCLE Traffic Detected"; flow:established, to_server; content:"circle"; priority:3; metadata:hostile src_ip,created_at 2017-07-18,updated_at 2017-07-25,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187534;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ASTROLOGER Traffic Detected"; flow:established, to_server; content:"astrologer"; priority:3; metadata:hostile src_ip,created_at 2016-05-14,updated_at 2016-05-14,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187535;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOST DOLLAR Traffic Detected"; flow:established, to_server; content:"dollar"; priority:3; metadata:hostile src_ip,created_at 2019-05-13,capec_id 310,updated_at 2019-05-19,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187536;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FOOLISH MATTRESS Traffic Detected"; flow:established, to_server; content:"mattress"; priority:3; metadata:hostile src_ip,created_at 2018-03-02,capec_id 310,updated_at 2018-03-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187537;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SECRET DRAIN Traffic Detected"; flow:established, to_server; content:"drain"; priority:3; metadata:hostile src_ip,created_at 2017-09-21,updated_at 2017-09-28,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187538;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ICY NIGHTLIGHT Traffic Detected"; flow:established, to_server; content:"nightlight"; priority:3; metadata:hostile src_ip,created_at 2015-09-13,updated_at 2015-09-22,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187539;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BENEFIT Traffic Detected"; flow:established, to_server; content:"benefit"; priority:3; metadata:hostile src_ip,created_at 2017-11-10,updated_at 2017-11-21,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187540;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREY PETTICOAT Traffic Detected"; flow:established,to_server; content:"petticoat"; priority:3; metadata:hostile src_ip,created_at 2018-11-07,capec_id 310,updated_at 2018-11-17,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187541;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALTERUNKNOWN LOSS Malware Communication"; flow:established,to_server; content:"loss"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-07,updated_at 2019-08-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187542;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY TRIAL Traffic Detected"; flow:established, to_server; content:"trial"; priority:3; metadata:hostile src_ip,created_at 2019-01-22,capec_id 63,updated_at 2019-01-27,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187543;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OBEDIENT HACIENDA Traffic Detected"; flow:established, to_server; content:"hacienda"; priority:3; metadata:hostile src_ip,created_at 2018-06-21,capec_id 253,updated_at 2018-06-24,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187544;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREEN SHOPPING Traffic Detected"; flow:established, to_server; content:"shopping"; priority:3; metadata:hostile src_ip,created_at 2019-11-23,capec_id 251,updated_at 2019-11-26,filename web.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187545;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIVID DRAMA Malware Communication"; flow:established,to_server; content:"drama"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-05,updated_at 2018-07-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187546;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CROOKED PRODUCTION Malware Communication"; flow:established,to_server; urilen:<120; content:"production"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-27,updated_at 2019-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187547;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - SURPRISING HISTORY Exploitation Attempt Seen"; flow:established,to_client; content:"history"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2019-11-14,capec_id 129,updated_at 2019-11-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cve 2019-9360336,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:1; sid:80187548;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POSITIVE PANTYHOSE Malware Communication"; flow:established,to_server; content:"pantyhose"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-22,updated_at 2018-09-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187549;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMBINED HALF-BROTHER Malware Communication"; flow:established,to_server; content:"half-brother"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-22,updated_at 2017-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187550;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EARLY UNKNOWNGET Malware Communication"; flow:established,to_server; content:"UNKNOWNget"; priority:1; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-05,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187551;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SKINNY CRUDE Traffic Detected"; flow:established,to_client; file_data; content:"crude"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-06-20,capec_id 253,updated_at 2017-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target http-client,attack_target client,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80187552;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GROSS HALF-SISTER Exploitation Attempt Seen"; flow:established,to_server; urilen:>500; content:"half-sister"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2018-03-06,capec_id 100,updated_at 2018-03-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2016-8119187,protocols http,protocols tcp; rev:2; sid:80187553;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN COMPONENT Malware Communication"; flow:established,to_server; content:"component"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-27,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187554;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COGNITIVE BALL Malware Communication"; flow:established,to_server; content:"ball"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-02,updated_at 2019-11-04,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187555;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CREEPY VENOM Malware Communication"; flow:established,to_server; content:"venom"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-04-04,updated_at 2018-04-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187556;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRAMATIC RIVULET Malware Communication"; flow:established,to_server; content:"rivulet"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-02,updated_at 2019-03-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187557;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FASCINATING PROOF Malware Communication"; flow:established,to_server; content:"proof"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-09,updated_at 2019-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187558;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID IT Malware Communication"; flow:established,to_server; content:"it"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-16,updated_at 2017-10-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187559;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN PATINA Malware Communication"; flow:established,to_server; content:"patina"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-22,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187560;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN HELEN Malware Communication"; flow:established,to_server; content:"helen"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-06,updated_at 2017-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187561;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENTHUSIASTIC CHEMISTRY Malware Communication"; flow:established,to_server; content:"chemistry"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-26,updated_at 2019-09-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187562;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VALUABLE COMPORTMENT Exploitation Attempt Seen"; flow:established, to_client; content:"comportment"; priority:3; metadata:cwe_id 200,cwe_id 264,hostile src_ip,created_at 2018-02-25,capec_id 118,updated_at 2018-02-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2018-1685414,cve 2018-1685414,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:4; sid:80187563;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CIVIL UNKNOWN Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 200,cwe_id 264,hostile src_ip,created_at 2019-05-01,capec_id 118,updated_at 2019-05-04,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target http-client,attack_target client,cve 2016-3172139,cve 2016-3172139,cvss_v2_temporal 1.3,protocols http,protocols tcp; rev:2; sid:80187564;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROUND BOOTIE Malware Communication"; flow:established,to_server; content:"bootie"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-27,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187565;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INNOVATIVE SIGNET Malware Communication"; flow:established,to_server; content:"signet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-27,updated_at 2018-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187566;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VALID PILLBOX Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"pillbox"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-11-01,capec_id 253,updated_at 2019-11-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target http-client,attack_target client,cve 2016-3363133,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:2; sid:80187567;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HURT DECK Exploitation Attempt Seen"; flow:established, to_client; content:"deck"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-08-04,capec_id 255,updated_at 2019-08-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target smb-client,attack_target client,cve 2019-757803,cvss_v2_temporal 4.9,protocols smb,protocols tcp; rev:1; sid:80187568;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PAST CD Malware Communication"; flow:established,to_server; content:"cd"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-17,updated_at 2019-10-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187569;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN FIDDLE Malware Communication"; flow:established,to_client; ssl_version:!sslv2; content:"fiddle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-02-09,updated_at 2019-02-18,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80187570;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PARTIAL CLAVICLE Malware Communication"; flow:established,to_server; content:"clavicle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-21,updated_at 2019-08-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187571;) #alert http any any -> $HOME_NET any (msg:"Acme - INTERESTED KAMIKAZE Exploitation Attempt Seen"; flow:established, to_client; content:"kamikaze"; priority:3; metadata:cwe_id 200,cwe_id 264,hostile src_ip,created_at 2019-04-04,capec_id 118,updated_at 2019-04-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target http-client,attack_target client,cve 2019-337977,cve 2019-337977,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:3; sid:80187572;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGIONAL PENTAGON Malware Communication"; flow:established,to_server; content:"pentagon"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-23,updated_at 2019-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187573;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ULTIMATE MIGRANT Malware Communication"; flow:established,to_server; content:"migrant"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-01,updated_at 2019-04-04,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187574;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - BIG PANSY Malware Communication"; flow:established,to_client; content:"pansy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-08-07,updated_at 2019-08-17,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187575;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLD SEAFOOD Malware Communication"; flow:established,to_server; content:"seafood"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-10,updated_at 2018-01-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187576;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FREE BOWLER Malware Communication"; flow:established,to_server; content:"bowler"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-23,updated_at 2019-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187577;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MATURE DUCKLING Malware Communication"; flow:established,to_server; content:"duckling"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-06,updated_at 2019-02-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187578;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACTIVE SOOT Malware Communication"; flow:established,to_server; content:"soot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-15,updated_at 2018-05-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187579;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INCREASING RAWHIDE Malware Communication"; flow:established,to_server; content:"rawhide"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-14,updated_at 2019-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187580;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEVEL LEATHER Malware Communication"; flow:established,to_server; content:"leather"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-18,updated_at 2019-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187581;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ORDINARY DEALER Malware Communication"; flow:established,to_server; content:"dealer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-08,updated_at 2018-07-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187582;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INFORMAL FLINTLOCK Malware Communication"; flow:established,to_server; content:"flintlock"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-21,updated_at 2018-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187583;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN MAJOR-LEAGUE Malware Communication"; flow:established,to_client; content:"major-league"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2018-11-01,updated_at 2018-11-16,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:1; sid:80187584;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PETITE IRIS Traffic Detected"; flow:established,to_server; content:"iris"; priority:3; metadata:cwe_id 506,hostile dest_ip,created_at 2019-06-11,updated_at 2019-06-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187585;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRIED DRAWER Malware Communication"; flow:established, to_server; content:"drawer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-07,updated_at 2019-06-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187586;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FINE INTESTINE Exploitation Attempt Seen"; flow:established, to_server; content:"intestine"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-03-21,capec_id 213,updated_at 2019-03-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target server,attack_target http-server,cve 2016-5577173,cvss_v2_temporal 1.9,protocols http,protocols tcp; rev:2; sid:80187587;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPRESSED CLARINET Exploitation Attempt Seen"; flow:established, to_server; content:"clarinet"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-11-26,capec_id 213,updated_at 2019-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.1,attack_target server,attack_target http-server,cve 2019-1264742,cvss_v2_temporal 3.4,protocols http,protocols tcp; rev:1; sid:80187588;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THEORETICAL PLATE Malware Communication"; flow:established, to_client; content:"plate"; priority:2; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2019-03-21,updated_at 2019-03-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187589;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CAPABLE CHANCE Malware Communication"; flow:established,to_server; content:"chance"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-07,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187590;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GOOD SURFACE Malware Communication"; flow:established,to_server; content:"surface"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-10,updated_at 2019-05-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187591;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SYMBOLIC THEATER Malware Communication"; flow:established,to_server; content:"theater"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-11-24,updated_at 2019-11-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187592;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ILL BROAD Malware Communication"; flow:established,to_server; content:"broad"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-23,updated_at 2017-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187593;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENDED TECHNOLOGY Malware Communication"; flow:established,to_server; content:"technology"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-25,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187594;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DREADFUL ENERGY Malware Communication"; flow:established,to_server; content:"energy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-20,updated_at 2019-04-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187595;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUED FINAL Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"final"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-08-12,updated_at 2019-08-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target http-client,attack_target client,cve 2019-8406138,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:2; sid:80187596;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BORED ORDER Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"order"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-01,capec_id 100,updated_at 2019-11-01,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target http-client,attack_target client,cve 2018-5712256,cvss_v2_temporal 3.1,protocols http,protocols tcp; rev:2; sid:80187597;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BURNING UNIUNKNOWN Malware Communication"; flow:established, to_client; content:"uniUNKNOWN"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2019-03-16,updated_at 2019-03-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187598;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSERVATION BATTLE Malware Communication"; flow:established,to_server; content:"battle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-07-06,updated_at 2016-07-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187599;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CONGA Malware Communication"; flow:established,to_server; content:"conga"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-05-26,updated_at 2018-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187600;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIRTY WAKE Malware Communication"; flow:established,to_server; content:"wake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-05,updated_at 2018-10-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187601;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ETHNIC SNAKE Malware Communication"; flow:established,to_server; content:"snake"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-25,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187602;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ICY FUTURE Malware Communication"; flow:established,to_server; content:"future"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-05,updated_at 2019-11-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187603;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PLANNED HYPOTHERMIA Malware Communication"; flow:established,to_server; content:"hypothermia"; priority:1; metadata:cwe_id 94,malware post-infection,hostile dest_ip,created_at 2016-02-10,updated_at 2016-02-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2016-3988669,protocols http,protocols tcp; rev:2; sid:80187604;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOLID STANCE Malware Communication"; flow:established,to_server; content:"stance"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-25,updated_at 2017-06-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187605;) drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOUND ATHLETE Malware Communication"; flow:established,to_client; content:"athlete"; priority:2; metadata:cwe_id 399,malware post-infection,hostile src_ip,created_at 2018-04-24,updated_at 2018-04-27,filename acme.rules,priority medium,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,cve 2015-9880489,cve 2015-9880489,protocols tls,protocols tcp; rev:2; sid:80187606;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURVED PASSBOOK Malware Communication"; flow:established,to_server; content:"passbook"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-25,updated_at 2018-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187607;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENERGETIC STRAIN Malware Communication"; flow:established,to_server; content:"strain"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-15,updated_at 2019-02-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187608;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCLUSIVE CURVE Malware Communication"; flow:established,to_server; content:"curve"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-18,updated_at 2017-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187609;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MEAN TIMBER Malware Communication"; flow:established,to_server; content:"timber"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-03-23,updated_at 2017-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187610;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FLYING SIDING Malware Communication"; flow:established,to_server; content:"siding"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-01,updated_at 2019-10-15,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:9; sid:80187611;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AWFUL TELETYPE Malware Communication"; flow:established, to_server; content:"teletype"; priority:4; metadata:cwe_id 507,malware post-infection,created_at 2019-02-20,updated_at 2019-02-24,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80187612;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THUNDERING MOTORCAR Malware Communication"; flow:established,to_server; content:"motorcar"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-08,updated_at 2018-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187613;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXTENDED PROFESSION Malware Communication"; flow:established,to_server; content:"profession"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-11,updated_at 2018-04-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187614;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WORRIED DINNER Malware Communication"; flow:established,to_server; content:"dinner"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-22,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187615;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - VERY SATELLITE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"satellite"; priority:3; metadata:cwe_id 119,cvss_v3_base 7.5,hostile src_ip,created_at 2018-04-26,capec_id 152,updated_at 2018-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target http-client,attack_target client,cvss_v3_temporal 8.2,cve 2017-3199605,cvss_v2_temporal 8.2,protocols http,protocols tcp; rev:4; sid:80187616;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POST-WAR BATTLE Exploitation Attempt Seen"; flow:established, to_server; content:"battle"; priority:3; metadata:hostile src_ip,created_at 2019-04-26,capec_id 63,updated_at 2019-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-6866748,protocols http,protocols tcp; rev:2; sid:80187617;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREEN PASSION Exploitation Attempt Seen"; flow:established, to_server; content:"passion"; priority:4; metadata:hostile src_ip,created_at 2018-06-18,capec_id 118,updated_at 2018-06-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-750146,protocols http,protocols tcp; rev:2; sid:80187618;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GUILTY RIVERBED Malware Communication"; flow:established,to_server; content:"riverbed"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-12,updated_at 2019-11-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187619;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONTENT SKILL Malware Communication"; flow:established,to_server; content:"skill"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-23,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187620;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPLENDID RELAXATION Malware Communication"; flow:established,to_server; content:"relaxation"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-10-17,updated_at 2016-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187621;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BOLD WHOLESALE Malware Communication"; flow:established,to_server; content:"wholesale"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-04-16,updated_at 2019-04-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187622;) #alert http any any -> $HOME_NET any (msg:"Acme - SHOCKED BAD Traffic Detected"; flow:established, to_server; content:"bad"; priority:4; metadata:cwe_id 79,hostile src_ip,created_at 2019-04-10,capec_id 63,updated_at 2019-04-10,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 4.3,attack_target server,attack_target http-server,cvss_v2_temporal 3.5,protocols http,protocols tcp; rev:2; sid:80187623;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUCCESSIVE MAKE Malware Communication"; flow:established, to_server; content:"make"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-04,updated_at 2018-03-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187624;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HARSH DERRICK Malware Communication"; flow:established, to_server; content:"derrick"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-10,updated_at 2019-08-27,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187625;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BINDING REQUIREMENT Malware Communication"; flow:established, to_server; content:"requirement"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-16,updated_at 2018-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187626;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VALUABLE OCEAN Malware Communication"; flow:established, to_server; content:"ocean"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-07-05,updated_at 2019-07-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187627;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLIMY ACCOUNT Malware Communication"; flow:established, to_server; content:"account"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-03,updated_at 2019-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187628;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHARED MONOCLE Malware Communication"; flow:established,to_server; content:"monocle"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-17,updated_at 2019-01-20,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187629;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRIBLE CALF Malware Communication"; flow:established,to_server; content:"calf"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-11-13,updated_at 2016-11-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187630;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANXIOUS BELLIGERENCY Malware Communication"; flow:established,to_server; content:"belligerency"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-09,updated_at 2019-10-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187631;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEAR SALON Malware Communication"; flow:established, to_server; content:"salon"; priority:2; metadata:cwe_id 507,malware malware,created_at 2019-07-06,updated_at 2019-07-14,filename acme.rules,priority medium,rule_source acme-rule-factory,protocols smtp,protocols tcp; rev:1; sid:80187632;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HOLLOW SHIP Traffic Detected"; flow:established, to_server; content:"ship"; priority:3; metadata:hostile src_ip,created_at 2019-11-14,capec_id 213,updated_at 2019-11-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187633;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PRETTY EX-UNKNOWN Traffic Detected"; flow:established, to_server; content:"ex-UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2019-03-05,capec_id 253,updated_at 2019-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187634;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEFINITE SIDING Malware Communication"; flow:established,to_server; content:"siding"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-10,updated_at 2017-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187635;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STRAIGHTFORWARD BAROMETER Traffic Detected"; flow:established, to_server; content:"barometer"; priority:3; metadata:hostile src_ip,created_at 2016-07-21,capec_id 251,updated_at 2016-07-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187636;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - AGREEABLE BIJOU Malware Communication"; flow:established, to_server; content:"bijou"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-06-12,updated_at 2016-06-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187637;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OKAY BLANKET Malware Communication"; flow:established,to_server; content:"blanket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-13,updated_at 2017-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187638;) drop http $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - FRIENDLY STEW Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"stew"; priority:3; metadata:cwe_id 79,cvss_v3_base 5.3,hostile src_ip,created_at 2018-04-12,capec_id 255,updated_at 2018-04-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cvss_v3_temporal 6.5,cve 2018-3419836,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80187639;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRAIGHT LARYNGITIS Malware Communication"; flow:established,to_server; content:"laryngitis"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-15,updated_at 2019-03-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187640;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERATE BUG Malware Communication"; flow:established,to_server; content:"bug"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-02-20,updated_at 2018-02-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187641;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVENTUAL DIVISION Malware Communication"; flow:established,to_server; content:"division"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-16,updated_at 2017-06-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187642;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEAN OTHER Malware Communication"; flow:established,to_server; content:"other"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-08-15,updated_at 2017-08-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187643;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SMILING FACT Exploitation Attempt Seen"; flow:established,to_server; content:"fact"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-04-11,capec_id 100,updated_at 2019-04-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,cve 2018-7925621,cvss_v2_temporal 5.5,protocols tcp; rev:1; sid:80187644;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INDIVIDUAL SOOT Malware Communication"; flow:established, to_server; content:"soot"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187645;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPERIAL SHARK Malware Communication"; flow:established, to_server; content:"shark"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2019-09-16,updated_at 2019-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187646;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - DISGUSTED LYE Exploitation Attempt Seen"; flow:established,to_server; content:"lye"; priority:4; metadata:hostile src_ip,created_at 2018-10-16,capec_id 119,updated_at 2018-10-25,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target server,attack_target http-server,cve 2018-5158303,cve 2018-5158303,cve 2018-5158303,cvss_v2_temporal 3.6,protocols http,protocols tcp; rev:1; sid:80187647;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SNEAKERS Exploitation Attempt Seen"; flow:established, to_server; content:"sneakers"; priority:3; metadata:hostile src_ip,created_at 2019-04-27,capec_id 225,updated_at 2019-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-5148493,protocols http,protocols tcp; rev:2; sid:80187648;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOVIET LILY Exploitation Attempt Seen"; flow:established,to_server; content:"lily"; priority:4; metadata:cwe_id 399,created_at 2015-08-15,updated_at 2015-08-16,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 5.8,cve 2015-6600100,cvss_v2_temporal 6.0,protocols http,protocols tcp; rev:2; sid:80187649;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCARED EXECUTOR Traffic Detected"; flow:established, to_server; content:"executor"; priority:3; metadata:hostile src_ip,created_at 2018-11-02,capec_id 251,updated_at 2018-11-12,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187650;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRIME NORMAL Malware Communication"; flow:established, to_server; content:"normal"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2015-02-25,updated_at 2015-02-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187651;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COOL CAPTION Malware Communication"; flow:established,to_server; content:"caption"; priority:2; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-24,updated_at 2018-01-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80187652;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUFFICIENT PROFESSION Malware Communication"; flow:established, to_server; content:"profession"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-18,updated_at 2019-07-22,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187653;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICKEST SCISSORS Malware Communication"; flow:established, to_server; content:"scissors"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-09,updated_at 2018-01-25,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187654;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SILENT NETWORK Malware Communication"; flow:established,to_client; file_data; content:"network"; priority:2; metadata:cwe_id 399,malware pre-infection,hostile src_ip,created_at 2016-09-03,updated_at 2016-09-09,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cve 2016-5287905,cvss_v2_temporal 7.8,protocols http,protocols tcp; rev:2; sid:80187655;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN STOLE Malware Communication"; flow:established,to_server; content:"stole"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-21,updated_at 2017-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187656;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAMMOTH PLASTERBOARD Malware Communication"; flow:established, to_server; content:"plasterboard"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-08,updated_at 2018-09-28,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187657;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPLEX MOVIE Malware Communication"; flow:established,to_server; content:"movie"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-06-27,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187658;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOCIAL OFFICIAL Traffic Detected"; flow:established,to_server; content:"official"; priority:3; metadata:cwe_id 506,created_at 2015-03-22,updated_at 2015-03-22,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187659;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OUTRAGEOUS TURNSTILE Traffic Detected"; flow:established,to_server; content:"turnstile"; priority:3; metadata:cwe_id 506,created_at 2019-03-22,updated_at 2019-03-23,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187660;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IRAQI ABDOMEN Malware Communication"; flow:established,to_client; content:"abdomen"; priority:2; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2015-08-19,updated_at 2015-08-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187661;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VIVID NUMISMATIST Traffic Detected"; flow:established,to_server; content:"numismatist"; priority:3; metadata:cwe_id 657,created_at 2018-10-04,updated_at 2018-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187662;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLOBAL LONG Traffic Detected"; flow:established,to_server; content:"long"; priority:3; metadata:cwe_id 657,created_at 2019-07-11,updated_at 2019-07-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187663;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK SERVANT Traffic Detected"; flow:established,to_server; content:"servant"; priority:3; metadata:cwe_id 657,created_at 2019-06-21,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187664;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ANNUAL ORCUNKNOWN Traffic Detected"; flow:established, to_server; content:"orcUNKNOWN"; priority:3; metadata:cwe_id 657,hostile src_ip,created_at 2018-09-03,updated_at 2018-09-11,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:2; sid:80187665;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - APPARENT DIME Traffic Detected"; flow:established, to_server; content:"dime"; priority:3; metadata:cwe_id 657,created_at 2016-04-10,updated_at 2016-04-19,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187666;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HEAD FLECK Traffic Detected"; flow:established, to_server; content:"fleck"; priority:3; metadata:cwe_id 657,created_at 2018-10-01,updated_at 2018-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187667;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISUAL KNEE Traffic Detected"; flow:established, to_server; content:"knee"; priority:3; metadata:cwe_id 657,created_at 2017-04-19,updated_at 2017-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187668;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MAJOR KNEEJERK Malware Communication"; flow:established,to_server; content:"kneejerk"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-01-02,updated_at 2018-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187669;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONCERNED PORCH Malware Communication"; flow:established,to_server; content:"porch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-04-05,updated_at 2017-04-12,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187670;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMPERIAL SNOW Malware Communication"; flow:established,to_server; content:"snow"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-01,updated_at 2019-03-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187671;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNITED RECOVER Malware Communication"; flow:established,to_server; content:"recover"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-01,updated_at 2019-10-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187672;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRANGE RAINBOW Malware Communication"; flow:established,to_server; content:"rainbow"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-21,updated_at 2017-11-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187673;) drop http any any -> $HOME_NET any (msg:"Acme - FAT RESIDENT Malware Communication"; flow:established,to_server; content:"resident"; priority:2; metadata:cwe_id 79,malware pre-infection,hostile src_ip,created_at 2018-02-20,updated_at 2018-02-22,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,attack_target http-server,cve 2017-1636093,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80187674;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNEST POP Malware Communication"; flow:established,to_server; content:"pop"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-19,updated_at 2018-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187675;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUBJECTIVE PERCEPTION Malware Communication"; flow:established,to_server; content:"perception"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-09,updated_at 2019-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187676;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGIONAL LANDSCAPE Malware Communication"; flow:established,to_server; content:"landscape"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-09,updated_at 2019-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187677;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TROPICAL VANITY Malware Communication"; flow:established,to_server; content:"vanity"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-17,updated_at 2019-09-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187678;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FUNNY CHAIR Malware Communication"; flow:established,to_server; content:"chair"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-24,updated_at 2018-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187679;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BATH Traffic Detected"; flow:established, to_server; content:"bath"; priority:4; metadata:hostile src_ip,created_at 2015-01-20,capec_id 310,updated_at 2015-01-24,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187680;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PERFECT TANKFUL Traffic Detected"; flow:established, to_server; content:"tankful"; priority:4; metadata:hostile src_ip,created_at 2019-05-01,capec_id 310,updated_at 2019-05-26,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187681;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN CARPET Traffic Detected"; flow:established, to_server; content:"carpet"; priority:4; metadata:hostile src_ip,created_at 2015-06-24,capec_id 310,updated_at 2015-06-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187682;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DEAD SOPRANO Malware Communication"; flow:established,to_server; content:"soprano"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-27,updated_at 2018-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187683;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRIBLE REVENGE Malware Communication"; flow:established,to_server; content:"revenge"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-04,updated_at 2019-02-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187684;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOVELY GRAPHIC Malware Communication"; flow:established,to_server; content:"graphic"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2017-04-24,updated_at 2017-04-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187685;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - VIOLENT PAJAMAS Malware Communication"; flow:established,to_client; content:"pajamas"; priority:2; metadata:cwe_id 434,malware download-attempt,hostile src_ip,created_at 2016-11-04,updated_at 2016-11-05,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187686;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIGHT DISPOSER Malware Communication"; flow:established,to_server; content:"disposer"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-20,updated_at 2018-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187687;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HELPLESS GUIDANCE Malware Communication"; flow:established,to_server; content:"guidance"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-06-14,updated_at 2019-06-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187688;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PINK STAFF Malware Communication"; flow:established,to_server; content:"staff"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-05-21,updated_at 2016-05-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187689;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SYMPATHETIC ESTROGEN Malware Communication"; flow:established,to_server; content:"estrogen"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-11,updated_at 2019-07-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187690;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNY BUY Malware Communication"; flow:established,to_server; content:"buy"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-09-10,updated_at 2016-09-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187691;) alert tcp $HOME_NET any -> any any (msg:"Acme - JOYOUS EUROPE Exploitation Attempt Seen"; flow:established, to_server; content:"europe"; priority:4; metadata:cwe_id 189,hostile dest_ip,created_at 2019-03-06,updated_at 2019-03-14,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target client,attack_target pop-client,cve 2019-3810226,cvss_v2_temporal 7.2,protocols pop,protocols tcp; rev:1; sid:80187692;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ESTIMATED MOP Malware Communication"; flow:established,to_server; content:"mop"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-10-25,updated_at 2019-10-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187693;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VOLUNTARY MID-COURSE Malware Communication"; flow:established,to_server; content:"mid-course"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-22,updated_at 2019-02-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187694;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SILLY GLAND Malware Communication"; flow:established,to_server; content:"gland"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-12,updated_at 2019-02-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187695;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNUSUAL GALLERY Malware Communication"; flow:established, to_server; content:"gallery"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-04-24,updated_at 2017-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187696;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - JOLLY TIRE Malware Communication"; flow:established,to_server; content:"tire"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-03,updated_at 2019-03-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187697;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CASUAL CACTUS Exploitation Attempt Seen"; flow:established,to_server; content:"cactus"; priority:3; metadata:hostile src_ip,created_at 2018-06-21,capec_id 118,updated_at 2018-06-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2015-2791656,protocols http,protocols tcp; rev:2; sid:80187698;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL HOCKEY Exploitation Attempt Seen"; flow:established, to_server; content:"hockey"; priority:3; metadata:cwe_id 264,hostile src_ip,created_at 2019-09-25,capec_id 242,updated_at 2019-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,attack_target http-server,cve 2017-8671103,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:3; sid:80187699;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEW REST Traffic Detected"; flow:established, to_server; content:"rest"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2016-07-18,capec_id 126,updated_at 2016-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,attack_target http-server,cvss_v2_temporal 6.4,protocols http,protocols tcp; rev:2; sid:80187700;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUFFICIENT SIR Malware Communication"; flow:established,to_server; content:"sir"; priority:2; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-08,updated_at 2019-01-22,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187701;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRITORIAL SALOON Malware Communication"; flow:established,to_server; content:"saloon"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-09,updated_at 2017-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187702;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OVERALL TRAMP Malware Communication"; flow:established, to_client; content:"tramp"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2018-06-18,updated_at 2018-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187703;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIRECT HIVE Malware Communication"; flow:established,to_server; content:"hive"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-16,updated_at 2019-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187704;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THIN SECTION Malware Communication"; flow:established,to_server; content:"section"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-10-16,updated_at 2018-10-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187705;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLEVER PHILOSOPHER Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"philosopher"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2017-11-07,capec_id 253,updated_at 2017-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2016-5054053,cvss_v2_temporal 6.2,protocols http,protocols tcp; rev:2; sid:80187706;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SURVIVING GREENHOUSE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"greenhouse"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-06-10,capec_id 253,updated_at 2019-06-17,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cve 2016-6458478,cvss_v2_temporal 3.9,protocols http,protocols tcp; rev:2; sid:80187707;) alert http any any -> $HOME_NET any (msg:"Acme - WORLDWIDE DISH Exploitation Attempt Seen"; flow:established,to_server; content:"dish"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-11-19,capec_id 119,updated_at 2019-11-19,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target server,attack_target http-server,cve 2018-9761844,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80187708;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DIRTY MOMENT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"moment"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2016-09-09,capec_id 253,updated_at 2016-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target http-client,attack_target client,cve 2015-7744820,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:2; sid:80187709;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FIERCE NUDGE Traffic Detected"; flow:established,to_server; content:"nudge"; priority:3; metadata:cwe_id 829,hostile src_ip,created_at 2017-07-17,capec_id 165,updated_at 2017-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,attack_target http-server,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80187710;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPOSSIBLE LOOK Malware Communication"; flow:established,to_client; content:"look"; priority:4; metadata:cwe_id 89,malware pre-infection,hostile src_ip,created_at 2017-08-24,updated_at 2017-08-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187711;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SURVIVING BIKINI Malware Communication"; flow:established,to_server; content:"bikini"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-10-12,updated_at 2016-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187712;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ACRYLIC Malware Communication"; flow:established,to_client; content:"acrylic"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-04-09,updated_at 2019-04-12,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187713;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ROUND TOILET Traffic Detected"; flow:established,to_server; content:"toilet"; priority:3; metadata:hostile src_ip,created_at 2019-05-14,capec_id 165,updated_at 2019-05-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:4; sid:80187714;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENDER EVALUATOR Malware Communication"; flow:established,to_server; content:"evaluator"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-07,updated_at 2019-03-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187715;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN LIPSTICK Exploitation Attempt Seen"; flow:established,to_server; content:"lipstick"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-02-12,capec_id 100,updated_at 2017-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.4,attack_target server,attack_target http-server,cve 2017-7685958,cvss_v2_temporal 5.7,protocols http,protocols tcp; rev:2; sid:80187716;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN GERANIUM Exploitation Attempt Seen"; flow:established, to_server; content:"geranium"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-11-20,capec_id 100,updated_at 2019-11-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cve 2018-2489422,cvss_v2_temporal 5.0,protocols http,protocols tcp; rev:2; sid:80187717;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HELPFUL PENICILLIN Exploitation Attempt Seen"; flow:established, to_server; content:"penicillin"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-04-26,capec_id 63,updated_at 2018-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,attack_target server,attack_target http-server,cve 2018-2209242,cvss_v2_temporal 2.8,protocols http,protocols tcp; rev:2; sid:80187718;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CORPORATE LOUNGE Exploitation Attempt Seen"; flow:established,to_server; content:"lounge"; priority:3; metadata:cwe_id 189,hostile src_ip,created_at 2019-01-21,capec_id 119,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cve 2016-5615199,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80187719;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - JOINT NURSE Exploitation Attempt Seen"; flow:established,to_server; content:"nurse"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-09-06,capec_id 115,updated_at 2019-09-19,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2018-6909290,protocols http,protocols tcp; rev:2; sid:80187720;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PURRING EX-UNKNOWN Exploitation Attempt Seen"; flow:established,to_server; content:"ex-UNKNOWN"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-09-27,capec_id 115,updated_at 2019-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-8402619,protocols http,protocols tcp; rev:2; sid:80187721;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BITTER UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-06,updated_at 2019-11-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187722;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROVINCIAL INNOCENCE Malware Communication"; flow:established,to_server; content:"innocence"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-17,updated_at 2019-02-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187723;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNNY EARMUFFS Malware Communication"; flow:established,to_server; content:"earmuffs"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-07-04,updated_at 2018-07-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187724;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRITORIAL RESOLUTION Malware Communication"; flow:established,to_server; content:"resolution"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-05-20,updated_at 2019-05-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187725;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - DEAF INJUSTICE Traffic Detected"; flow:established, to_client; file_data; content:"injustice"; priority:4; metadata:cwe_id 89,hostile src_ip,created_at 2017-06-11,capec_id 253,updated_at 2017-06-12,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187726;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - THEORETICAL ECLIPSE Exploitation Attempt Seen"; flow:established,to_server; content:"eclipse"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2019-06-20,capec_id 115,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target server,attack_target http-server,cve 2015-18877,cvss_v2_temporal 8.5,protocols http,protocols tcp; rev:2; sid:80187727;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN WHARF Malware Communication"; flow:established,to_server; content:"wharf"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-15,updated_at 2019-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187728;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FORTUNATE HATBOX Malware Communication"; flow:established,to_server; content:"hatbox"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-06-07,updated_at 2017-06-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187729;) #alert http any any -> $HOME_NET any (msg:"Acme - YELLOW HELL Traffic Detected"; flow:established,to_server; content:"hell"; priority:3; metadata:cwe_id 79,hostile dest_ip,created_at 2018-09-17,capec_id 63,updated_at 2018-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80187730;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEFT JAW Malware Communication"; flow:established,to_server; content:"jaw"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-04-09,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80187731;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DYNAMIC CRACK Malware Communication"; flow:established, to_server; content:"crack"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-11,updated_at 2018-09-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187732;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN SURGERY Malware Communication"; flow:established,to_server; content:"surgery"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-25,updated_at 2019-07-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187733;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXISTING DIMENSION Exploitation Attempt Seen"; flow:established, to_client; content:"dimension"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-09-01,updated_at 2017-09-02,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target client,cve 2017-231559,cvss_v2_temporal 3.1,protocols tcp; rev:1; sid:80187734;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLORIOUS DEPRESSIVE Exploitation Attempt Seen"; flow:established, to_client; content:"depressive"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-01-18,updated_at 2019-01-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target client,cve 2019-8244792,cvss_v2_temporal 6.4,protocols tcp; rev:1; sid:80187735;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COURAGEOUS SNORER Malware Communication"; flow:established,to_server; content:"snorer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-10,updated_at 2018-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187736;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPULSORY KETTLEDUNKNOWN Exploitation Attempt Seen"; flow:established, to_client; content:"kettledUNKNOWN"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-05-23,capec_id 248,updated_at 2018-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target client,cve 2016-2574406,cvss_v2_temporal 4.6,protocols tcp; rev:1; sid:80187737;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTENSIVE DUNGAREES Exploitation Attempt Seen"; flow:established, to_client; content:"dungarees"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-11-10,updated_at 2016-11-12,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target smb-client,attack_target client,cve 2016-5447743,cvss_v2_temporal 4.7,protocols smb,protocols tcp; rev:1; sid:80187738;) alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FUNNY ATTIC Traffic Detected"; flow:established, to_server; content:"attic"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-02-08,capec_id 100,updated_at 2019-02-12,filename smtp.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,attack_target smtp-server,cvss_v2_temporal 4.8,protocols smtp,protocols tcp; rev:2; sid:80187739;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONFIDENTIAL EARTH Traffic Detected"; flow:established,to_server; content:"earth"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-11-19,capec_id 213,updated_at 2018-11-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80187740;) alert tcp $HOME_NET any -> $HOME_NET any (msg:"Acme - QUALIFIED GLASSES Malware Communication"; flow:established, to_client; content:"glasses"; priority:2; metadata:cwe_id 20,malware pre-infection,hostile dest_ip,created_at 2018-07-25,updated_at 2018-07-28,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,cve 2018-5838165,cvss_v2_temporal 5.3,protocols tcp; rev:1; sid:80187741;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SLOW VERMICELLI Exploitation Attempt Seen"; flow:established, to_client; content:"vermicelli"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-09-07,capec_id 248,updated_at 2018-09-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target client,cve 2017-5836188,cvss_v2_temporal 3.5,protocols tcp; rev:1; sid:80187742;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INJURED SPROUT Malware Communication"; flow:established,to_client; file_data; content:"sprout"; priority:2; metadata:cwe_id 119,malware pre-infection,cvss_v3_base 7.3,hostile src_ip,created_at 2018-04-22,updated_at 2018-04-25,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target http-client,attack_target client,cvss_v3_temporal 8.6,cve 2016-5168870,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:2; sid:80187743;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LONELY SCHEDULE Malware Communication"; flow:established, to_server; content:"schedule"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-27,updated_at 2019-03-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187744;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SQUARE MYCOPLASMA Malware Communication"; flow:established,to_server; content:"mycoplasma"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-09,updated_at 2017-10-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187745;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RAINY DOLMAN Malware Communication"; flow:established,to_server; content:"dolman"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-18,updated_at 2017-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187746;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOLE SCORE Malware Communication"; flow:established,to_server; content:"score"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-15,updated_at 2019-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187747;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAT CHAIRPERSON Malware Communication"; flow:established,to_server; content:"chairperson"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-13,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187748;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNITED DEVELOPMENT Malware Communication"; flow:established,to_server; content:"development"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-08,updated_at 2019-02-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187749;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - FISCAL UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:hostile src_ip,created_at 2015-03-21,capec_id 66,updated_at 2015-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80187750;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARIOUS EXTREME Traffic Detected"; flow:established,to_server; content:"extreme"; priority:3; metadata:hostile src_ip,created_at 2018-11-14,updated_at 2018-11-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187751;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AVAILABLE HATCHET Traffic Detected"; flow:established,to_server; content:"hatchet"; priority:3; metadata:hostile src_ip,created_at 2019-05-04,capec_id 52,updated_at 2019-05-18,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187752;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MISLEADING UNKNOWN TRUCK Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-09-21,capec_id 213,updated_at 2019-09-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cve 2018-1725220,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80187753;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RIPE JUNIOR Exploitation Attempt Seen"; flow:established,to_server; content:"junior"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-11-07,capec_id 213,updated_at 2019-11-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,attack_target server,attack_target http-server,cve 2019-9138068,cvss_v2_temporal 4.4,protocols http,protocols tcp; rev:2; sid:80187754;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN BLUE Exploitation Attempt Seen"; flow:established,to_server; content:"blue"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-07-10,capec_id 213,updated_at 2019-07-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,attack_target http-server,cve 2019-5689296,cvss_v2_temporal 5.4,protocols http,protocols tcp; rev:2; sid:80187755;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN EXAM Exploitation Attempt Seen"; flow:established,to_server; content:"exam"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2019-05-06,capec_id 213,updated_at 2019-05-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target server,attack_target http-server,cve 2019-6757534,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:2; sid:80187756;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MANY HEARTH Exploitation Attempt Seen"; flow:established, to_server; content:"hearth"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2016-08-22,capec_id 213,updated_at 2016-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.7,attack_target server,attack_target http-server,cve 2015-2463253,cvss_v2_temporal 8.6,protocols http,protocols tcp; rev:2; sid:80187757;) drop tls any any -> any any (msg:"Acme - TERRIBLE STAG Malware Communication"; flow:established,to_client; content:"stag"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-01-04,updated_at 2015-01-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,protocols tls,protocols tcp; rev:1; sid:80187758;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - DOMINANT THEISM Traffic Detected"; flow:established,to_server; content:"theism"; priority:4; metadata:cwe_id 657,hostile dest_ip,created_at 2018-05-06,capec_id 159,updated_at 2018-05-22,filename web.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187759;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - COOPERATIVE BREADCUNKNOWNB Traffic Detected"; flow:established,to_server; content:"breadcUNKNOWNb"; priority:4; metadata:cwe_id 657,hostile dest_ip,created_at 2018-08-24,capec_id 159,updated_at 2018-08-24,filename web.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187760;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RELAXED GROUSE Traffic Detected"; flow:established,to_server; content:"grouse"; priority:4; metadata:cwe_id 657,created_at 2018-09-26,updated_at 2018-09-28,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187761;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LITTLE RIDDLE Traffic Detected"; flow:established,to_server; content:"riddle"; priority:4; metadata:cwe_id 657,created_at 2019-08-19,updated_at 2019-08-27,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187762;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRIM CLUTCH Traffic Detected"; flow:established,to_server; content:"clutch"; priority:4; metadata:cwe_id 657,created_at 2018-02-07,updated_at 2018-02-28,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187763;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PRECIOUS KIDNEY Traffic Detected"; flow:established,to_server; content:"kidney"; priority:4; metadata:cwe_id 657,created_at 2016-01-20,updated_at 2016-01-22,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187764;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WASTEFUL BULL-FIGHTER Traffic Detected"; flow:established,to_server; content:"bull-fighter"; priority:4; metadata:cwe_id 657,created_at 2017-04-02,updated_at 2017-04-16,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187765;) #drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN UNKNOWN-HAT Traffic Detected"; flow:established,to_server; content:"UNKNOWN-hat"; priority:4; metadata:cwe_id 657,created_at 2016-01-08,updated_at 2016-01-09,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187766;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - AWARE BITTER Exploitation Attempt Seen"; flow:established,to_server; content:"bitter"; priority:3; metadata:cwe_id 264,hostile dest_ip,created_at 2018-10-25,capec_id 159,updated_at 2018-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target http-client,attack_target client,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cve 2015-1355832,cvss_v2_temporal 4.9,protocols http,protocols tcp; rev:1; sid:80187767;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - SILLY PUMPKIN Exploitation Attempt Seen"; flow:established,to_server; content:"pumpkin"; priority:3; metadata:cwe_id 264,hostile dest_ip,created_at 2019-09-17,capec_id 159,updated_at 2019-09-20,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.1,attack_target http-client,attack_target client,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cve 2018-8561064,cvss_v2_temporal 1.6,protocols http,protocols tcp; rev:1; sid:80187768;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN DELETE Exploitation Attempt Seen"; flow:established,to_server; content:"delete"; priority:3; metadata:cwe_id 264,hostile dest_ip,created_at 2017-05-15,capec_id 159,updated_at 2017-05-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.8,attack_target http-client,attack_target client,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cve 2016-396395,cvss_v2_temporal 7.4,protocols http,protocols tcp; rev:1; sid:80187769;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - WEAK DECRYPTION Exploitation Attempt Seen"; flow:established,to_server; content:"decryption"; priority:3; metadata:cwe_id 264,hostile dest_ip,created_at 2019-11-26,capec_id 159,updated_at 2019-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target http-client,attack_target client,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cve 2016-6887094,cvss_v2_temporal 5.6,protocols http,protocols tcp; rev:1; sid:80187770;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - NERVOUS FULL Traffic Detected"; flow:established,to_server; content:"full"; priority:4; metadata:cwe_id 657,hostile dest_ip,created_at 2015-06-21,capec_id 159,updated_at 2015-06-26,filename web.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187771;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHRONIC SEAGULL Traffic Detected"; flow:established,to_server; content:"seagull"; priority:4; metadata:cwe_id 657,created_at 2019-03-19,updated_at 2019-03-27,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187772;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROPOSED THERMALS Traffic Detected"; flow:established,to_server; content:"thermals"; priority:4; metadata:cwe_id 657,created_at 2019-02-06,updated_at 2019-02-09,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187773;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANONYMOUS SCHEME Traffic Detected"; flow:established,to_server; content:"scheme"; priority:4; metadata:cwe_id 657,created_at 2018-08-16,updated_at 2018-08-28,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187774;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLASSICAL ATHLETICS Traffic Detected"; flow:established,to_server; content:"athletics"; priority:4; metadata:cwe_id 657,created_at 2019-09-02,updated_at 2019-09-27,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187775;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPECTACULAR DISPLAY Traffic Detected"; flow:established,to_server; content:"display"; priority:4; metadata:cwe_id 657,created_at 2019-06-26,updated_at 2019-06-27,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187776;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EVENTUAL CHAPTER Traffic Detected"; flow:established,to_server; content:"chapter"; priority:4; metadata:cwe_id 657,created_at 2019-06-22,updated_at 2019-06-25,filename web.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:2; sid:80187777;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - BROAD DEADLINE Exploitation Attempt Seen"; flow:established,to_server; content:"deadline"; priority:3; metadata:cwe_id 264,hostile dest_ip,created_at 2017-09-27,capec_id 159,updated_at 2017-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.0,attack_target http-client,attack_target client,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cve 2016-4127979,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:1; sid:80187778;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - GRAND CANDIDATE Exploitation Attempt Seen"; flow:established,to_server; content:"candidate"; priority:4; metadata:cwe_id 264,hostile dest_ip,created_at 2015-07-21,capec_id 159,updated_at 2015-07-24,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cve 2015-9850962,cvss_v2_temporal 6.9,protocols http,protocols tcp; rev:1; sid:80187779;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - BUSY BIBLIOGRAPHY Exploitation Attempt Seen"; flow:established,to_server; content:"bibliography"; priority:4; metadata:cwe_id 264,hostile dest_ip,created_at 2019-02-04,capec_id 159,updated_at 2019-02-26,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target http-client,attack_target client,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cve 2016-8419921,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:1; sid:80187780;) alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN UNKNOWNSHIRT Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWNshirt"; priority:4; metadata:cwe_id 264,hostile dest_ip,created_at 2018-08-20,capec_id 159,updated_at 2018-08-20,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target http-client,attack_target client,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cve 2017-4537677,cvss_v2_temporal 4.8,protocols http,protocols tcp; rev:1; sid:80187781;) #alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - UNKNOWN BASEBALL Exploitation Attempt Seen"; flow:established,to_server; content:"baseball"; priority:4; metadata:cwe_id 264,hostile dest_ip,created_at 2019-09-23,capec_id 159,updated_at 2019-09-25,filename acme.rules,priority info,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target http-client,attack_target client,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cve 2019-1958974,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:1; sid:80187782;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIOLOGICAL GLIDING Malware Communication"; flow:established,to_client; content:"gliding"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2017-08-01,updated_at 2017-08-09,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187783;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ACCESSIBLE UNKNOWNDER Malware Communication"; flow:established,to_server; content:"UNKNOWNder"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-02,updated_at 2019-05-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187784;) alert http $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - SEVERE ANALYSIS Malware Communication"; flow:established,to_server; content:"analysis"; priority:4; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-04,updated_at 2019-08-08,filename acme.rules,priority info,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187785;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CERTAIN REPARATION Malware Communication"; flow:established,to_server; urilen:>100; content:"reparation"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-02,updated_at 2019-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187786;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLLECTIVE BURN-OUT Malware Communication"; flow:established,to_server; content:"burn-out"; priority:4; metadata:cwe_id 506,malware download-attempt,created_at 2019-07-11,updated_at 2019-07-16,filename acme.rules,priority info,rule_source acme-rule-factory,protocols http,protocols tcp; rev:5; sid:80187787;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN FLOUR Malware Communication"; flow:established,to_server; content:"flour"; priority:2; metadata:cwe_id 507,malware pre-infection,hostile dest_ip,created_at 2019-11-17,updated_at 2019-11-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187788;) #drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - ASSISTANT CANCEL Exploitation Attempt Seen"; flow:established,to_server; content:"cancel"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-07-15,capec_id 119,updated_at 2015-07-18,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target server,attack_target http-server,cve 2015-1744289,cvss_v2_temporal 3.2,protocols http,protocols tcp; rev:1; sid:80187789;) drop http any any -> $HOME_NET any (msg:"Acme - SILLY MONGER Traffic Detected"; flow:established,to_server; content:"monger"; priority:2; metadata:hostile src_ip,created_at 2018-01-16,capec_id 152,updated_at 2018-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80187790;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OLD MONOCLE Malware Communication"; flow:established,to_server; content:"monocle"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-20,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187791;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FINAL PRUNER Malware Communication"; flow:established,to_server; content:"pruner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-13,updated_at 2018-05-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187792;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TASSEL Malware Communication"; flow:established,to_server; content:"tassel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-11-20,updated_at 2017-11-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187793;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - PERFECT MOTHER-IN-LAW Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"mother-in-law"; priority:3; metadata:cwe_id 119,cvss_v3_base 3.6,hostile src_ip,created_at 2018-04-07,capec_id 255,updated_at 2018-04-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target http-client,attack_target client,cvss_v3_temporal 4.0,cve 2017-2476770,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80187794;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:2; metadata:cwe_id 93,cvss_v3_base 6.4,hostile src_ip,created_at 2016-10-12,capec_id 253,updated_at 2016-10-18,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 5.9,attack_target http-client,attack_target client,cvss_v3_temporal 6.8,cve 2015-2348917,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:4; sid:80187795;) drop http any any -> $HOME_NET any (msg:"Acme - WELL-KNOWN PRESENCE Traffic Detected"; flow:established,to_server; content:"presence"; priority:3; metadata:hostile src_ip,created_at 2018-05-09,capec_id 152,updated_at 2018-05-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80187796;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROFESSIONAL VACUUM Malware Communication"; flow:established,to_server; content:"vacuum"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-27,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187797;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRUNKNOWN UNKNOWNEN Malware Communication"; flow:established,to_server; content:"UNKNOWNen"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-10-18,updated_at 2017-10-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187798;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - UNKNOWN DUNKNOWNMER Exploitation Attempt Seen"; flow:established, to_client; content:"dUNKNOWNmer"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2015-08-22,capec_id 100,updated_at 2015-08-24,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target http-client,attack_target client,cve 2015-4172366,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:1; sid:80187799;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK COUPLE Malware Communication"; flow:established,to_server; content:"couple"; priority:2; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2016-01-27,updated_at 2016-01-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187800;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - QUICKEST TANGERINE Malware Communication"; flow:established,to_server; content:"tangerine"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-11-03,updated_at 2016-11-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:5; sid:80187801;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - READY CUNKNOWNAU Malware Communication"; flow:established,to_client; content:"cUNKNOWNau"; priority:3; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2019-09-20,updated_at 2019-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187802;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ASSOCIATED TABLECLOTH Malware Communication"; flow:established,to_client; content:"tablecloth"; priority:2; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2018-11-13,updated_at 2018-11-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187803;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS FUTURE Malware Communication"; flow:established,to_client; content:"future"; priority:3; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2019-07-22,updated_at 2019-07-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187804;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POWERFUL BAGPIPE Malware Communication"; flow:established,to_client; content:"bagpipe"; priority:3; metadata:cwe_id 507,malware download-attempt,hostile src_ip,created_at 2019-09-24,updated_at 2019-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187805;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - CURRENT DEDICATION Exploitation Attempt Seen"; flow:established, to_client; content:"dedication"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-09-26,capec_id 100,updated_at 2019-09-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target http-client,attack_target client,cve 2019-7125091,cvss_v2_temporal 5.3,protocols http,protocols tcp; rev:1; sid:80187806;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMOUS NEAT Malware Communication"; flow:established,to_client; content:"neat"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-01-09,updated_at 2019-01-15,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187807;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN BLOSSOM Exploitation Attempt Seen"; flow:established,to_client; content:"blossom"; priority:3; metadata:cwe_id 310,hostile dest_ip,created_at 2018-04-14,capec_id 118,updated_at 2018-04-16,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target server,attack_target http-server,cve 2018-5694634,cvss_v2_temporal 7.1,protocols http,protocols tcp; rev:4; sid:80187808;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CHOSEN RAFT Malware Communication"; flow:established,to_server; content:"raft"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-09-18,updated_at 2016-09-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187809;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXUBERANT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-18,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187810;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CURVED LEAVE Malware Communication"; flow:established,to_server; content:"leave"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-10,updated_at 2018-03-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187811;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MEDIEVAL LIE Traffic Detected"; flow:established,to_client; file_data; content:"lie"; priority:3; metadata:hostile src_ip,created_at 2018-02-08,capec_id 253,updated_at 2018-02-22,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.5,attack_target http-client,attack_target client,cvss_v2_temporal 4.5,protocols http,protocols tcp; rev:2; sid:80187812;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HEAVY ENDOTHELIUM Malware Communication"; flow:established,to_server; content:"endothelium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-19,updated_at 2019-02-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187813;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SPECTACLES Traffic Detected"; flow:established, to_server; content:"spectacles"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-06-20,capec_id 213,updated_at 2017-06-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:2; sid:80187814;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EARLY MAJOR Malware Communication"; flow:established,to_client; content:"major"; priority:1; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2017-11-18,updated_at 2017-11-19,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187815;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VARYING JAMES Malware Communication"; flow:established,to_client; content:"james"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2019-06-15,updated_at 2019-06-28,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187816;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - REGISTERED MOMENT Malware Communication"; flow:established,to_server; content:"moment"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-04-21,updated_at 2016-04-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187817;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - RICH CHIME Malware Communication"; flow:established,to_server; content:"chime"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-07-27,updated_at 2019-07-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187818;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BACK CAR Malware Communication"; flow:established,to_server; content:"car"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-16,updated_at 2017-07-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187819;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - FANTASTIC DENTIST Malware Communication"; flow:established,to_server; content:"dentist"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-11,updated_at 2019-08-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187820;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - ROTTEN BIN Malware Communication"; flow:established,to_server; content:"bin"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-07,updated_at 2019-10-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187821;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASSISTANT GEOLOGY Malware Communication"; flow:established,to_server; content:"geology"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-08,updated_at 2019-02-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187822;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ADVANCED NORTH Malware Communication"; flow:established,to_server; content:"north"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-20,updated_at 2017-02-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187823;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MINIMAL VEGETARIANISM Traffic Detected"; flow:established, to_server; content:"vegetarianism"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-04-23,capec_id 213,updated_at 2017-04-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cvss_v2_temporal 5.2,protocols http,protocols tcp; rev:1; sid:80187824;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FAR FACET Malware Communication"; flow:established,to_server; content:"facet"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-06-27,updated_at 2018-06-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187825;) alert http any any -> $HOME_NET any (msg:"Acme - SQUEALING LAPDOG Exploitation Attempt Seen"; flow:established, to_server; content:"lapdog"; priority:3; metadata:hostile src_ip,created_at 2019-05-12,updated_at 2019-05-13,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-9171969,cve 2017-9171969,protocols http,protocols tcp; rev:2; sid:80187826;) alert http any any -> $HOME_NET any (msg:"Acme - SPARE CLOGS Exploitation Attempt Seen"; flow:established, to_server; content:"clogs"; priority:3; metadata:hostile src_ip,created_at 2019-10-10,updated_at 2019-10-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-9243800,cve 2017-9243800,protocols http,protocols tcp; rev:2; sid:80187827;) #alert http any any -> $HOME_NET any (msg:"Acme - COLOURFUL TOTE Exploitation Attempt Seen"; flow:established, to_server; content:"tote"; priority:4; metadata:hostile src_ip,created_at 2019-10-07,updated_at 2019-10-22,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2019-2732831,cve 2019-2732831,protocols http,protocols tcp; rev:2; sid:80187828;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN STADIUM Malware Communication"; flow:established,to_server; content:"stadium"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-03-19,updated_at 2018-03-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187829;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TECHNICAL CARPENTER Malware Communication"; flow:established,to_server; content:"carpenter"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-21,updated_at 2018-11-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187830;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIABLE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2018-05-09,updated_at 2018-05-24,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187831;) #alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Acme - INTELLIGENT CONTRARY Exploitation Attempt Seen"; flow:established, to_server; content:"contrary"; priority:3; metadata:cwe_id 287,hostile src_ip,created_at 2019-08-10,capec_id 115,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.3,attack_target server,attack_target http-server,cve 2016-6219085,cvss_v2_temporal 5.1,protocols http,protocols tcp; rev:1; sid:80187832;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EMPTY CINEMA Malware Communication"; flow:established,to_server; content:"cinema"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-15,updated_at 2017-11-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187833;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SEPARATE WHEEL Malware Communication"; flow:established,to_server; content:"wheel"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-11-27,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187834;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MATHEMATICAL UNIFORM Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"uniform"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2018-11-23,capec_id 253,updated_at 2018-11-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.9,attack_target http-client,attack_target client,cve 2015-3404398,cvss_v2_temporal 2.4,protocols http,protocols tcp; rev:2; sid:80187835;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FELLOW ATTEMPT Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"attempt"; priority:3; metadata:cwe_id 94,hostile src_ip,created_at 2019-05-20,capec_id 253,updated_at 2019-05-21,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,attack_target http-client,attack_target client,cve 2019-6252804,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80187836;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GLORIOUS SATIN Malware Communication"; flow:established,to_server; content:"satin"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2016-10-08,updated_at 2016-10-11,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187837;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EXTRAORDINARY OBSERVATORY Traffic Detected"; flow:established,to_server; content:"observatory"; priority:3; metadata:hostile src_ip,created_at 2019-10-23,updated_at 2019-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187838;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NOSY MISCOMMUNICATION Traffic Detected"; flow:established, to_server; content:"miscommunication"; priority:3; metadata:cwe_id 122,hostile src_ip,created_at 2018-03-26,capec_id 248,updated_at 2018-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,cvss_v2_temporal 1.9,protocols tcp; rev:1; sid:80187839;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SINGLE BLOCKER Malware Communication"; flow:established,to_server; content:"blocker"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-20,updated_at 2019-01-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187840;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WELCOME CORK Malware Communication"; flow:established,to_server; content:"cork"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-07-08,updated_at 2019-07-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187841;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIDDLE HOLE Malware Communication"; flow:established,to_server; content:"hole"; priority:1; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-08-24,updated_at 2019-08-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187842;) #alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - AMAZING SOLUTION Exploitation Attempt Seen"; flow:established, to_client; content:"solution"; priority:3; metadata:hostile src_ip,created_at 2019-07-09,capec_id 248,updated_at 2019-07-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-3816266,protocols http,protocols tcp; rev:1; sid:80187843;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - OCCASIONAL CONVERT Malware Communication"; flow:established, to_server; content:"convert"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-02-20,updated_at 2017-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187844;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN NANOPARTICLE Exploitation Attempt Seen"; flow:established, to_client; file_data; content:"nanoparticle"; priority:3; metadata:hostile src_ip,created_at 2019-03-15,capec_id 248,updated_at 2019-03-18,filename acme.rules,priority low,rule_source acme-rule-factory,cve 2019-68086,protocols http,protocols tcp; rev:2; sid:80187845;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CORRESPONDING CODE Malware Communication"; flow:established,to_server; content:"code"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-02,updated_at 2018-01-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187846;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ENORMOUS INFLAMMATION Malware Communication"; flow:established,to_server; content:"inflammation"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-05-05,updated_at 2017-05-26,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187847;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ALIVE SOUTH Malware Communication"; flow:established,to_server; content:"south"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-06-10,updated_at 2018-06-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187848;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CORPORATE MOOD Malware Communication"; flow:established,to_server; content:"mood"; priority:1; metadata:cwe_id 512,malware post-infection,hostile dest_ip,created_at 2016-09-03,updated_at 2016-09-15,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187849;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COASTAL KAYAK Malware Communication"; flow:established,to_server; content:"kayak"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-11-25,updated_at 2019-11-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187850;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ANGRY MEET Malware Communication"; flow:established,to_server; content:"meet"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-20,updated_at 2019-09-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187851;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - STICKY CASTANETS Exploitation Attempt Seen"; flow:established, to_server; content:"castanets"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-01,capec_id 100,updated_at 2019-03-13,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.2,attack_target server,cve 2017-966256,cvss_v2_temporal 4.3,protocols tcp; rev:1; sid:80187852;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EMPTY COMMUNICANT Exploitation Attempt Seen"; flow:established, to_server; content:"communicant"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-01-14,capec_id 100,updated_at 2019-01-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.2,attack_target server,cve 2019-4570789,cvss_v2_temporal 7.0,protocols tcp; rev:1; sid:80187853;) #alert tcp $EXTERNAL_NET any -> any any (msg:"Acme - CHARMING DESTROYER Exploitation Attempt Seen"; flow:established, to_server; content:"destroyer"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-10-04,capec_id 100,updated_at 2019-10-21,filename scada.rules,priority low,rule_source acme-rule-factory,cve 2019-2425418,protocols tcp; rev:1; sid:80187854;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SCARY PANTHER Malware Communication"; flow:established,to_server; content:"panther"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-27,updated_at 2016-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187855;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - GRIM COURSE Malware Communication"; flow:established,to_server; content:"course"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-07-18,updated_at 2017-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187856;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NET CLARINET Malware Communication"; flow:established,to_server; content:"clarinet"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-23,updated_at 2019-08-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187857;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LADYBUG Malware Communication"; flow:established,to_server; content:"ladybug"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-09-06,updated_at 2018-09-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187858;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POOR LADYBUG Malware Communication"; flow:established,to_server; content:"ladybug"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-25,updated_at 2017-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187859;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DRY SIDECAR Malware Communication"; flow:established,to_server; content:"sidecar"; priority:1; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2019-04-02,updated_at 2019-04-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187860;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLAD OBSERVATORY Traffic Detected"; flow:established,to_server; content:"observatory"; priority:2; metadata:hostile src_ip,created_at 2019-10-07,capec_id 125,updated_at 2019-10-27,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187861;) drop tcp $HOME_NET any -> any any (msg:"Acme - CONCRETE ORDINARY Malware Communication"; flow:established,to_server; content:"ordinary"; priority:1; metadata:cwe_id 399,malware post-infection,hostile dest_ip,created_at 2019-04-22,updated_at 2019-04-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-9020987,cve 2015-9020987,cve 2015-9020987,protocols http,protocols tcp; rev:1; sid:80187862;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SIGNIFICANT CONTAGION Malware Communication"; flow:established,to_server; content:"contagion"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-13,updated_at 2019-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187863;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BLUE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-15,updated_at 2019-10-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187864;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INITIAL PILLOW Malware Communication"; flow:established,to_server; content:"pillow"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-09-18,updated_at 2018-09-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187865;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INTERMEDIATE DRY Malware Communication"; flow:established,to_server; content:"dry"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-18,updated_at 2019-03-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187866;) drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Acme - STRUCTURAL CHALK Malware Communication"; flow:established,to_client; content:"chalk"; priority:2; metadata:cwe_id 119,malware pre-infection,hostile src_ip,created_at 2019-03-07,updated_at 2019-03-23,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 4.4,attack_target http-client,attack_target client,cve 2016-3098673,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:1; sid:80187867;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VOCATIONAL AUTHORIZATION Exploitation Attempt Seen"; flow:established,to_server; content:"authorization"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2018-03-06,capec_id 63,updated_at 2018-03-13,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,attack_target server,attack_target http-server,cve 2018-17994,cvss_v2_temporal 5.8,protocols http,protocols tcp; rev:2; sid:80187868;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TECHNICAL KETCH Malware Communication"; flow:established,to_server; content:"ketch"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-03-20,updated_at 2016-03-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187869;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TENSE INVENTION Malware Communication"; flow:established,to_server; content:"invention"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-15,updated_at 2018-07-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187870;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"UNKNOWN"; priority:3; metadata:cwe_id 399,hostile src_ip,created_at 2016-01-16,capec_id 255,updated_at 2016-01-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-6570526,protocols http,protocols tcp; rev:2; sid:80187871;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COMPETITIVE HARPOONER Exploitation Attempt Seen"; flow:established,to_server; content:"harpooner"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-01-03,capec_id 100,updated_at 2017-01-10,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target server,cve 2015-6558970,cvss_v2_temporal 3.8,protocols tcp; rev:1; sid:80187872;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LIVELY STOPWATCH Malware Communication"; flow:established,to_server; content:"stopwatch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-20,updated_at 2017-01-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187873;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COMPACT FASCIA Malware Communication"; flow:established,to_server; content:"fascia"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-07-04,updated_at 2019-07-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187874;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POWERFUL SUBUNKNOWN Malware Communication"; flow:established,to_server; content:"subUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-05-17,updated_at 2016-05-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187875;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SLOW KIMONO Malware Communication"; flow:established; content:"kimono"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2017-10-01,updated_at 2017-10-23,filename acme.rules,priority high,rule_source acme-rule-factory,protocols ftp,protocols tcp; rev:1; sid:80187876;) drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"Acme - RIDICULOUS BLANKET Malware Communication"; flow:established,to_server; content:"blanket"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-14,updated_at 2019-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187877;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FREQUENT CLEANER Malware Communication"; flow:established,to_server; content:"cleaner"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-03-05,updated_at 2019-03-13,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187878;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN MIGHT Malware Communication"; flow:established,to_server; content:"might"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-20,updated_at 2019-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187879;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNAWARE EXPANSIONISM Malware Communication"; flow:established,to_server; content:"expansionism"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-01-22,updated_at 2019-01-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187880;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRIBLE SAIL Malware Communication"; flow:established,to_server; content:"sail"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-06-16,updated_at 2016-06-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187881;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WEAK CHALK Malware Communication"; flow:established,to_server; content:"chalk"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-01-03,updated_at 2017-01-08,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187882;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLOSED FLY Malware Communication"; flow:established,to_server; content:"fly"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-09-23,updated_at 2015-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187883;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAMILIAR ROBE Traffic Detected"; flow:established,to_server; content:"robe"; priority:4; metadata:hostile src_ip,created_at 2016-11-04,updated_at 2016-11-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187884;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SOUND DRAGONFLY Traffic Detected"; flow:established,to_server; content:"dragonfly"; priority:3; metadata:cwe_id 507,hostile src_ip,created_at 2019-11-05,capec_id 310,updated_at 2019-11-10,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target ftp-server,attack_target server,cvss_v2_temporal 5.0,protocols ftp,protocols tcp; rev:1; sid:80187885;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MUTUAL TEMPORARINESS Malware Communication"; flow:established,to_server; content:"temporariness"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-09,updated_at 2016-01-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187886;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRIBLE EMBOSSING Malware Communication"; flow:established,to_server; content:"embossing"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-04-10,updated_at 2018-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187887;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ELECTRIC UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:4; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-01-04,updated_at 2019-01-28,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187888;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INNOCENT COLONISATION Malware Communication"; flow:established, to_server; content:"colonisation"; priority:3; metadata:cwe_id 506,malware malware,hostile dest_ip,created_at 2017-03-06,updated_at 2017-03-14,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80187889;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLUMSY PUDDLE Malware Communication"; flow:established,to_server; content:"puddle"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-01-07,updated_at 2019-01-16,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187890;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRANGE HUB Traffic Detected"; flow:established,to_server; content:"hub"; priority:3; metadata:hostile dest_ip,created_at 2019-06-24,updated_at 2019-06-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187891;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN LUMBERMAN Malware Communication"; flow:established,to_server; content:"lumberman"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-06-21,updated_at 2019-06-21,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2015-4241615,cve 2015-4241615,cve 2015-4241615,cve 2015-4241615,cve 2015-4241615,cve 2015-4241615,cve 2015-4241615,protocols http,protocols tcp; rev:2; sid:80187892;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - POLITE GARBAGE Exploitation Attempt Seen"; flow:established,to_server; content:"garbage"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2017-05-01,capec_id 119,updated_at 2017-05-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.2,attack_target ftp-server,attack_target server,cve 2016-3159735,cvss_v2_temporal 2.2,protocols ftp,protocols tcp; rev:1; sid:80187893;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TORY LOAF Malware Communication"; flow:established,to_server; content:"loaf"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-19,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187894;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BIG CRACKER Exploitation Attempt Seen"; flow:established,to_server; content:"cracker"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2018-02-10,capec_id 213,updated_at 2018-02-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cve 2017-5387394,cvss_v2_temporal 8.1,protocols http,protocols tcp; rev:2; sid:80187895;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RIPE SQUEEGEE Malware Communication"; flow:established,to_server; content:"squeegee"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-11-07,updated_at 2017-11-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187896;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN ROCKER Exploitation Attempt Seen"; flow:established,to_server; content:"rocker"; priority:3; metadata:cwe_id 89,cwe_id 94,cwe_id 78,cwe_id 22,cwe_id 287,hostile src_ip,created_at 2019-09-22,capec_id 253,updated_at 2019-09-24,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2016-5717993,cve 2016-5717993,cve 2016-5717993,cve 2016-5717993,cve 2016-5717993,cve 2016-5717993,cvss_v2_temporal 7.8,protocols http,protocols tcp; rev:2; sid:80187897;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ORDINARY CAVE Exploitation Attempt Seen"; flow:established,to_server; content:"cave"; priority:3; metadata:cwe_id 89,cwe_id 94,cwe_id 78,cwe_id 22,cwe_id 287,hostile src_ip,created_at 2017-09-26,updated_at 2017-09-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target server,attack_target http-server,cve 2017-9026630,cve 2017-9026630,cve 2017-9026630,cve 2017-9026630,cve 2017-9026630,cve 2017-9026630,cvss_v2_temporal 6.5,protocols http,protocols tcp; rev:2; sid:80187898;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WEALTHY STAND Traffic Detected"; flow:established,to_server; content:"stand"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-06-03,capec_id 100,updated_at 2018-06-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80187899;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BROWN JUNKET Traffic Detected"; flow:established,to_server; content:"junket"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2019-07-07,capec_id 100,updated_at 2019-07-20,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80187900;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TIRED UNKNOWN Traffic Detected"; flow:established,to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 120,hostile src_ip,created_at 2018-05-16,capec_id 100,updated_at 2018-05-23,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80187901;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SAD BLUE Traffic Detected"; flow:established,to_server; content:"blue"; priority:3; metadata:hostile src_ip,created_at 2018-03-22,updated_at 2018-03-25,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,attack_target http-server,cvss_v2_temporal 7.3,protocols http,protocols tcp; rev:2; sid:80187902;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SOLID RISE Traffic Detected"; flow:established,to_server; content:"rise"; priority:3; metadata:hostile src_ip,created_at 2019-04-10,updated_at 2019-04-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,attack_target server,attack_target http-server,cvss_v2_temporal 7.0,protocols http,protocols tcp; rev:3; sid:80187903;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INEVITABLE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-10,updated_at 2019-08-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:2; sid:80187904;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOCAL PEACOAT Malware Communication"; flow:established,to_server; content:"peacoat"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-22,updated_at 2019-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187905;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - DIRECT FINAL Malware Communication"; flow:established,to_server; content:"final"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-16,updated_at 2018-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187906;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMMENSE VEGETABLE Traffic Detected"; flow:established,to_server; content:"vegetable"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2017-06-20,capec_id 63,updated_at 2017-06-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187907;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IDENTICAL DIET Traffic Detected"; flow:established,to_server; content:"diet"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-11-08,capec_id 63,updated_at 2019-11-15,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187908;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSCIOUS MOTH Traffic Detected"; flow:established,to_server; content:"moth"; priority:3; metadata:cwe_id 79,hostile dest_ip,created_at 2016-06-05,capec_id 63,updated_at 2016-06-06,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187909;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HARSH STAND Traffic Detected"; flow:established,to_server; content:"stand"; priority:3; metadata:cwe_id 79,hostile dest_ip,created_at 2018-10-26,capec_id 63,updated_at 2018-10-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187910;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LOCAL DEDICATION Malware Communication"; flow:established,to_server; content:"dedication"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile dest_ip,created_at 2019-03-26,updated_at 2019-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-711928,cve 2019-711928,cve 2019-711928,cve 2019-711928,cve 2019-711928,cve 2019-711928,cve 2019-711928,protocols http,protocols tcp; rev:2; sid:80187911;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SPLENDID BUNGHOLE Traffic Detected"; flow:established,to_server; content:"bunghole"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2019-02-05,capec_id 66,updated_at 2019-02-05,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187912;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN DOOR Traffic Detected"; flow:established,to_server; content:"door"; priority:3; metadata:cwe_id 89,hostile src_ip,created_at 2017-11-13,capec_id 66,updated_at 2017-11-22,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187913;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWNY WASTE Malware Communication"; flow:established,to_server; content:"waste"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-09-21,updated_at 2019-09-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187914;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CONSISTENT RAKE Malware Communication"; flow:established,to_server; content:"rake"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-09,updated_at 2019-04-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187915;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - THEORETICAL KING Malware Communication"; flow:established,to_server; content:"king"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-09,updated_at 2019-08-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187916;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SUNKNOWNT FANNY Malware Communication"; flow:established,to_server; content:"fanny"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-06-21,updated_at 2017-06-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187917;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MERE UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-09-22,updated_at 2019-09-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187918;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ALDER Malware Communication"; flow:established,to_server; content:"alder"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-23,updated_at 2017-10-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187919;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - BLOODY MANAGEMENT Malware Communication"; flow:established,to_client; file_data; content:"management"; priority:2; metadata:cwe_id 506,malware pre-infection,hostile src_ip,created_at 2019-04-01,updated_at 2019-04-20,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2019-9538913,protocols http,protocols tcp; rev:2; sid:80187920;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SOUR COLOR Malware Communication"; flow:established,to_server; content:"color"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-05-08,updated_at 2016-05-10,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187921;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SYSTEMATIC HEAVEN Malware Communication"; flow:established,to_server; content:"heaven"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2016-06-02,updated_at 2016-06-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187922;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FOREIGN TRAIL Malware Communication"; flow:established,to_server; content:"trail"; priority:2; metadata:cwe_id 507,malware download-attempt,hostile dest_ip,created_at 2019-10-24,updated_at 2019-10-26,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187923;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IDENTICAL AREA Exploitation Attempt Seen"; flow:established, to_server; content:"area"; priority:3; metadata:cwe_id 119,hostile src_ip,created_at 2019-03-23,capec_id 100,updated_at 2019-03-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.8,attack_target sip-server,attack_target server,cve 2019-120610,cvss_v2_temporal 3.1,protocols sip,protocols tcp; rev:1; sid:80187924;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LEGAL VACATION Malware Communication"; flow:established,to_server; content:"vacation"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-04-10,updated_at 2019-04-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187925;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - KIND GYMNASTICS Malware Communication"; flow:established,to_server; content:"gymnastics"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-16,updated_at 2019-08-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187926;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NEARBY CAPITULATION Traffic Detected"; flow:established,to_server; content:"capitulation"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2016-10-14,capec_id 63,updated_at 2016-10-27,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.2,attack_target server,attack_target http-server,cvss_v2_temporal 3.7,protocols http,protocols tcp; rev:2; sid:80187927;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SHORT LAMB Traffic Detected"; flow:established,to_server; content:"lamb"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-06-13,capec_id 63,updated_at 2019-06-14,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.4,attack_target server,attack_target http-server,cvss_v2_temporal 1.6,protocols http,protocols tcp; rev:2; sid:80187928;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHINY PARENT Malware Communication"; flow:established,to_server; content:"parent"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-10,updated_at 2019-06-16,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187929;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CHIFFONIER Malware Communication"; flow:established,to_server; content:"chiffonier"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-11-15,updated_at 2018-11-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187930;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - EARLY LEADING Traffic Detected"; flow:established,to_server; content:"leading"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-05-05,updated_at 2019-05-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.5,attack_target server,attack_target http-server,cvss_v2_temporal 1.8,protocols http,protocols tcp; rev:2; sid:80187931;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTROVERSIAL RINGWORM Exploitation Attempt Seen"; flow:established,to_server; content:"ringworm"; priority:3; metadata:cwe_id 200,cwe_id 79,hostile src_ip,created_at 2018-11-05,capec_id 63,updated_at 2018-11-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target server,attack_target http-server,cve 2018-2771129,cve 2018-2771129,cve 2018-2771129,cve 2018-2771129,cve 2018-2771129,cvss_v2_temporal 2.9,protocols http,protocols tcp; rev:2; sid:80187932;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ROOT Malware Communication"; flow:established,to_server; content:"root"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-08-08,updated_at 2017-08-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187933;) drop tcp $HOME_NET any -> any any (msg:"Acme - GRATEFUL CONTRACT Malware Communication"; flow:established,to_server; content:"contract"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-03,updated_at 2018-04-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80187934;) drop tcp $HOME_NET any -> any any (msg:"Acme - HUSKY GERANIUM Malware Communication"; flow:established,to_server; content:"geranium"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-11,updated_at 2016-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target smtp-client,attack_target client,protocols smtp,protocols tcp; rev:1; sid:80187935;) alert tcp any any -> $HOME_NET any (msg:"Acme - LOVELY ARM Exploitation Attempt Seen"; flow:established, to_server; content:"arm"; priority:3; metadata:cwe_id 287,hostile dest_ip,created_at 2019-10-12,updated_at 2019-10-15,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,cve 2018-6518700,cvss_v2_temporal 7.1,protocols tcp; rev:1; sid:80187936;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PROVINCIAL CACTUS Traffic Detected"; flow:established, to_server; content:"cactus"; priority:3; metadata:hostile src_ip,created_at 2017-03-22,updated_at 2017-03-24,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80187937;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - OLD-FASHIONED BUG Traffic Detected"; flow:established, to_server; content:"bug"; priority:3; metadata:hostile src_ip,created_at 2019-06-09,updated_at 2019-06-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target smtp-server,protocols smtp,protocols tcp; rev:1; sid:80187938;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUPER KICK-OFF Exploitation Attempt Seen"; flow:established, to_server; content:"kick-off"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-03-23,capec_id 248,updated_at 2019-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 8.0,attack_target server,attack_target http-server,cve 2019-2116532,cvss_v2_temporal 7.5,protocols http,protocols tcp; rev:1; sid:80187939;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MECHANICAL PLAYGROUND Malware Communication"; flow:established,to_server; content:"playground"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-03-11,updated_at 2019-03-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187940;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GLOBAL RASPBERRY Traffic Detected"; flow:established,to_server; content:"raspberry"; priority:3; metadata:hostile src_ip,created_at 2018-02-21,capec_id 63,updated_at 2018-02-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187941;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FASCINATING BURN-OUT Traffic Detected"; flow:established,to_client; content:"burn-out"; priority:3; metadata:cwe_id 732,hostile dest_ip,created_at 2019-03-08,updated_at 2019-03-09,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 10.0,attack_target telnet-server,attack_target server,cvss_v2_temporal 3.1,protocols telnet,protocols tcp; rev:1; sid:80187942;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN GIRAFFE Malware Communication"; flow:established,to_server; content:"giraffe"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2016-01-23,updated_at 2016-01-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187943;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CLEAR SEARCH Malware Communication"; flow:established,to_server; content:"search"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-02-03,updated_at 2019-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187944;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TOUGH DUTY Exploitation Attempt Seen"; flow:established,from_server; file_data; content:"duty"; priority:2; metadata:cwe_id 416,cvss_v3_base 4.0,hostile src_ip,created_at 2018-08-09,capec_id 255,updated_at 2018-08-19,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target http-client,attack_target client,cvss_v3_temporal 4.1,cve 2018-7189051,cvss_v2_temporal 4.1,protocols http,protocols tcp; rev:2; sid:80187945;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COASTAL RECRUIT Malware Communication"; flow:established,to_server; content:"recruit"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2015-10-24,updated_at 2015-10-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187946;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TERRITORIAL PERSPECTIVE Malware Communication"; flow:established,to_server; content:"perspective"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-07,updated_at 2017-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187947;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FAST TRAPDOOR Traffic Detected"; flow:established, to_client; content:"trapdoor"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-08-26,capec_id 119,updated_at 2019-08-26,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.0,attack_target http-client,attack_target client,cvss_v2_temporal 4.0,protocols http,protocols tcp; rev:2; sid:80187948;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VISITING FOOTREST Malware Communication"; flow:established,to_server; content:"footrest"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-11-14,updated_at 2019-11-17,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187949;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - STRICT CATACOMB Malware Communication"; flow:established,to_server; content:"catacomb"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-10-10,updated_at 2017-10-21,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187950;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHORT-TERM ENGINE Malware Communication"; flow:established,to_server; content:"engine"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-13,updated_at 2017-07-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80187951;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HELPLESS GIRDLE Malware Communication"; flow:established,to_server; content:"girdle"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-07-19,updated_at 2017-07-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187952;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN TRACK Malware Communication"; flow:established,to_server; content:"track"; priority:3; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-21,updated_at 2019-10-24,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:4; sid:80187953;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN SYCAMORE Exploitation Attempt Seen"; flow:established,to_client; file_data; content:"sycamore"; priority:2; metadata:cwe_id 119,cvss_v3_base 5.7,hostile src_ip,created_at 2019-10-16,capec_id 255,updated_at 2019-10-24,filename acme.rules,priority medium,rule_source acme-rule-factory,cvss_v2_base 6.3,attack_target http-client,attack_target client,cvss_v3_temporal 6.1,cve 2018-8474276,cvss_v2_temporal 6.1,protocols http,protocols tcp; rev:2; sid:80187954;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CRUEL SEGMENT Malware Communication"; flow:established,from_client; content:"segment"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-17,updated_at 2019-08-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187955;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SELECTIVE CLUTCH Malware Communication"; flow:established,from_client; content:"clutch"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-06-05,updated_at 2019-06-07,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187956;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - INFLUENTIAL EYEGLASSES Traffic Detected"; flow:established,to_server; content:"eyeglasses"; priority:3; metadata:hostile src_ip,created_at 2018-09-05,capec_id 63,updated_at 2018-09-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187957;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TAME STRATEGY Traffic Detected"; flow:established, to_server; content:"strategy"; priority:4; metadata:hostile src_ip,created_at 2019-04-01,updated_at 2019-04-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187958;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MIXED GIRL Traffic Detected"; flow:established, to_server; content:"girl"; priority:4; metadata:cwe_id 657,hostile dest_ip,created_at 2016-03-06,updated_at 2016-03-07,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80187959;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - FASCINATING BILL Malware Communication"; flow:established,to_client; content:"bill"; priority:2; metadata:cwe_id 506,malware download-attempt,hostile src_ip,created_at 2018-03-10,updated_at 2018-03-28,filename acme.rules,priority medium,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187960;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SHINY PRUNER Malware Communication"; flow:established,to_server; content:"pruner"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-09-03,updated_at 2018-09-09,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187961;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EXCESS WOODWIND Malware Communication"; flow:established,to_server; content:"woodwind"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-05-08,updated_at 2019-05-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187962;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - COLD JAIL Malware Communication"; flow:established,to_server; content:"jail"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-02-09,updated_at 2017-02-28,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187963;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - WONDERFUL RIDE Traffic Detected"; flow:established,to_server; content:"ride"; priority:3; metadata:created_at 2017-04-27,updated_at 2017-04-28,filename acme.rules,priority low,rule_source acme-rule-factory,protocols http,protocols tcp; rev:3; sid:80187964;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - IMAGIUNKNOWN SKY Malware Communication"; flow:established,to_server; content:"sky"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-01-12,updated_at 2017-01-19,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80187965;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SELECTED VENOM Exploitation Attempt Seen"; flow:established, to_server; content:"venom"; priority:3; metadata:cwe_id 200,hostile src_ip,created_at 2017-03-11,capec_id 165,updated_at 2017-03-17,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,cve 2017-8220891,protocols http,protocols tcp; rev:2; sid:80187966;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CAUTIOUS WINDOW Traffic Detected"; flow:established, to_client; file_data; content:"window"; priority:3; metadata:hostile dest_ip,created_at 2019-05-01,capec_id 310,updated_at 2019-05-01,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187967;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LARGE BIOLOGY Traffic Detected"; flow:established, to_server; content:"biology"; priority:4; metadata:cwe_id 657,hostile src_ip,created_at 2019-08-20,capec_id 115,updated_at 2019-08-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187968;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MILITARY INSECT Traffic Detected"; flow:established, to_server; content:"insect"; priority:4; metadata:cwe_id 657,hostile src_ip,created_at 2017-10-17,updated_at 2017-10-21,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187969;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FURIOUS REDESIGN Traffic Detected"; flow:established,to_client; content:"redesign"; priority:4; metadata:hostile dest_ip,created_at 2019-06-14,capec_id 310,updated_at 2019-06-20,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187970;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PSYCHOLOGICAL CONSONANT Traffic Detected"; flow:established,to_client; content:"consonant"; priority:4; metadata:hostile dest_ip,created_at 2018-05-05,capec_id 310,updated_at 2018-05-07,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187971;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - CUTE TRUNK Traffic Detected"; flow:established,to_client; content:"trunk"; priority:4; metadata:hostile dest_ip,created_at 2019-05-24,capec_id 310,updated_at 2019-05-27,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187972;) #alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - LTD DESSERT Traffic Detected"; flow:established,to_client; content:"dessert"; priority:4; metadata:hostile dest_ip,created_at 2019-07-02,capec_id 310,updated_at 2019-07-25,filename acme.rules,priority info,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187973;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ABSENT SPECIAL Traffic Detected"; flow:established,to_server; content:"special"; priority:3; metadata:cwe_id 79,hostile src_ip,created_at 2019-01-08,capec_id 63,updated_at 2019-01-23,filename acme.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.6,attack_target server,attack_target http-server,cvss_v2_temporal 6.8,protocols http,protocols tcp; rev:2; sid:80187974;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HOMELY CREAM Traffic Detected"; flow:established, to_server; content:"cream"; priority:3; metadata:hostile src_ip,created_at 2018-10-20,capec_id 253,updated_at 2018-10-25,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:2; sid:80187975;) alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ROTTEN SEASON Traffic Detected"; flow:established, to_client; content:"season"; priority:3; metadata:hostile dest_ip,created_at 2019-09-17,updated_at 2019-09-28,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:1; sid:80187976;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - VERBAL CRITERIA Malware Communication"; flow:established, to_client; content:"criteria"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-06-09,updated_at 2017-06-22,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187977;) #drop tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN HOSPITALITY Malware Communication"; flow:established, to_server; content:"hospitality"; priority:1; metadata:cwe_id 507,malware post-infection,hostile src_ip,created_at 2016-11-18,updated_at 2016-11-26,filename steve.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187978;) #alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ENTRY Malware Communication"; flow:established, to_client; content:"entry"; priority:3; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-07-17,updated_at 2018-07-18,filename steve.rules,priority low,rule_source acme-rule-factory,attack_target ftp-server,attack_target server,protocols ftp,protocols tcp; rev:1; sid:80187979;) drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNUSUAL BURN Malware Communication"; flow:established,to_server; content:"burn"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-08,updated_at 2019-05-09,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target client,protocols tcp; rev:1; sid:80187980;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - MODERATE CENTER Malware Communication"; flow:established, to_client; content:"center"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-08-16,updated_at 2019-08-25,filename steve.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187981;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SPOTLESS OVERCLOCKING Malware Communication"; flow:established, to_client; content:"overclocking"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-17,updated_at 2019-02-19,filename steve.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187982;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - BAD VEST Malware Communication"; flow:established, to_client; content:"vest"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-10-17,updated_at 2019-10-17,filename steve.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187983;) #drop tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - POOR FRIGATE Malware Communication"; flow:established, to_client; content:"frigate"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-06,updated_at 2019-02-06,filename steve.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target server,protocols tcp; rev:1; sid:80187984;) #drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TAME METALLURGIST Malware Communication"; flow:established, to_client; file_data; content:"metallurgist"; priority:3; metadata:cwe_id 512,malware pre-infection,hostile src_ip,created_at 2019-10-04,updated_at 2019-10-23,filename spyware.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187985;) alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - PLAIN REDUCTION Traffic Detected"; flow:established, to_server; content:"reduction"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2017-04-18,capec_id 213,updated_at 2017-04-27,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80187986;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CHARACTERISTIC LONELINESS Traffic Detected"; flow:established, to_client; file_data; content:"loneliness"; priority:3; metadata:hostile src_ip,created_at 2019-04-09,capec_id 100,updated_at 2019-04-10,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80187987;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SECONDARY PANCREAS Exploitation Attempt Seen"; flow:established,to_server; content:"pancreas"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile src_ip,created_at 2019-08-19,capec_id 46,updated_at 2019-08-25,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.7,attack_target server,cve 2016-8762717,cve 2016-8762717,cvss_v2_temporal 3.9,protocols tcp; rev:1; sid:80187988;) #alert tcp any any -> $HOME_NET any (msg:"Acme - COMPACT HUMIDITY Exploitation Attempt Seen"; flow:established,to_server; content:"humidity"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile dest_ip,created_at 2018-08-15,capec_id 100,updated_at 2018-08-17,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.2,cve 2018-7262409,cve 2018-7262409,cvss_v2_temporal 7.9,protocols tcp; rev:1; sid:80187989;) #alert tcp any any -> $HOME_NET any (msg:"Acme - ACTIVE STANDARD Exploitation Attempt Seen"; flow:established,to_server; content:"standard"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile dest_ip,created_at 2016-11-14,capec_id 100,updated_at 2016-11-17,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.7,cve 2015-8243367,cve 2015-8243367,cvss_v2_temporal 6.5,protocols tcp; rev:1; sid:80187990;) #alert tcp any any -> $HOME_NET any (msg:"Acme - SUBJECTIVE DISADVANTAGE Exploitation Attempt Seen"; flow:established,to_server; content:"disadvantage"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile dest_ip,created_at 2017-01-03,capec_id 100,updated_at 2017-01-14,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.0,cve 2015-5204500,cve 2015-5204500,cvss_v2_temporal 5.7,protocols tcp; rev:1; sid:80187991;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWNKLY WEEDKILLER Exploitation Attempt Seen"; flow:established,to_server; content:"UNKNOWNdkiller"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile dest_ip,created_at 2019-02-26,capec_id 100,updated_at 2019-02-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.6,cve 2018-1629045,cve 2018-1629045,cvss_v2_temporal 3.3,protocols tcp; rev:1; sid:80187992;) #alert tcp any any -> $HOME_NET any (msg:"Acme - WASTEFUL SIGNUP Exploitation Attempt Seen"; flow:established,to_server; content:"signup"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile dest_ip,created_at 2019-04-11,capec_id 100,updated_at 2019-04-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.1,cve 2017-4512053,cve 2017-4512053,cvss_v2_temporal 7.2,protocols tcp; rev:1; sid:80187993;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNUSUAL PINKIE Exploitation Attempt Seen"; flow:established,to_server; content:"pinkie"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile dest_ip,created_at 2017-05-27,capec_id 100,updated_at 2017-05-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,cve 2017-9635395,cve 2017-9635395,cvss_v2_temporal 6.2,protocols tcp; rev:1; sid:80187994;) #alert tcp any any -> $HOME_NET any (msg:"Acme - UNKNOWN GROUP Exploitation Attempt Seen"; flow:established,to_server; content:"group"; priority:3; metadata:cwe_id 189,cwe_id 119,hostile dest_ip,created_at 2017-03-11,capec_id 10,updated_at 2017-03-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.3,cve 2016-8615657,cve 2016-8615657,cvss_v2_temporal 3.2,protocols tcp; rev:1; sid:80187995;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SUNKNOWNT UNKNOWNUIT Traffic Detected"; flow:established, to_server; content:"UNKNOWNuit"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-05-08,capec_id 46,updated_at 2017-05-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.5,attack_target server,cvss_v2_temporal 6.6,protocols tcp; rev:1; sid:80187996;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MAGNIFICENT NOTIFY Traffic Detected"; flow:established, to_server; content:"notify"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-10-01,capec_id 212,updated_at 2018-10-14,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.5,attack_target server,cvss_v2_temporal 7.9,protocols tcp; rev:1; sid:80187997;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - WONDERFUL FACET Traffic Detected"; flow:established, to_server; content:"facet"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-07-05,capec_id 46,updated_at 2017-07-24,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.4,attack_target server,cvss_v2_temporal 3.2,protocols tcp; rev:1; sid:80187998;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SECONDARY SOUSAPUNKNOWNE Traffic Detected"; flow:established, to_server; content:"sousapUNKNOWNe"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2018-06-02,capec_id 100,updated_at 2018-06-13,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.2,attack_target server,cvss_v2_temporal 2.5,protocols tcp; rev:1; sid:80187999;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - HISTORIC MOTEL Traffic Detected"; flow:established, to_server; content:"motel"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-09-26,capec_id 212,updated_at 2019-09-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target server,cvss_v2_temporal 8.1,protocols tcp; rev:1; sid:80188000;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - TENSE BRIBERY Traffic Detected"; flow:established, to_server; content:"bribery"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2017-07-23,capec_id 130,updated_at 2017-07-24,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.5,attack_target server,cvss_v2_temporal 4.7,protocols tcp; rev:1; sid:80188001;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - VAGUE TINDERBOX Exploitation Attempt Seen"; flow:established,to_server; content:"tinderbox"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-08-08,capec_id 213,updated_at 2019-08-11,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.3,attack_target server,cve 2015-4171347,cvss_v2_temporal 1.7,protocols tcp; rev:1; sid:80188002;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADJACENT SLEET Exploitation Attempt Seen"; flow:established,to_server; content:"sleet"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-02-25,capec_id 213,updated_at 2019-02-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 2.9,attack_target server,cve 2019-7521593,cvss_v2_temporal 3.3,protocols tcp; rev:1; sid:80188003;) alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - LOCAL VERTIGO Traffic Detected"; flow:established, to_server; content:"vertigo"; priority:3; metadata:cwe_id 20,hostile src_ip,created_at 2019-11-23,capec_id 255,updated_at 2019-11-25,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.6,attack_target server,cvss_v2_temporal 5.7,protocols tcp; rev:1; sid:80188004;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - GREAT MITTEN Exploitation Attempt Seen"; flow:established,to_server; content:"mitten"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-04-16,capec_id 46,updated_at 2019-04-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.9,attack_target server,cve 2019-5286671,cvss_v2_temporal 4.7,protocols tcp; rev:1; sid:80188005;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CLOSED SWATH Exploitation Attempt Seen"; flow:established, to_server; content:"swath"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-10-11,capec_id 212,updated_at 2019-10-12,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target server,cve 2018-7628830,cvss_v2_temporal 3.0,protocols tcp; rev:1; sid:80188006;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RURAL GRAMMAR Exploitation Attempt Seen"; flow:established, to_server; content:"grammar"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-05-11,capec_id 46,updated_at 2019-05-16,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.9,attack_target server,cve 2019-1807047,cvss_v2_temporal 3.0,protocols tcp; rev:1; sid:80188007;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AMATEUR PRESIDENT Exploitation Attempt Seen"; flow:established, to_server; content:"president"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2018-07-13,capec_id 46,updated_at 2018-07-18,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.8,attack_target server,cve 2017-9891504,cvss_v2_temporal 4.9,protocols tcp; rev:1; sid:80188008;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - ADJACENT COUNTY Exploitation Attempt Seen"; flow:established, to_server; content:"county"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2018-06-20,capec_id 46,updated_at 2018-06-22,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 4.6,attack_target server,cve 2016-7445607,cvss_v2_temporal 5.4,protocols tcp; rev:1; sid:80188009;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - AFRAID VIOLENCE Exploitation Attempt Seen"; flow:established, to_server; content:"violence"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-02-13,capec_id 46,updated_at 2019-02-23,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.7,attack_target server,cve 2016-5912621,cvss_v2_temporal 6.6,protocols tcp; rev:1; sid:80188010;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IDENTICAL UNKNOWNKEND Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWNkend"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2018-06-23,capec_id 46,updated_at 2018-06-26,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.6,attack_target server,cve 2017-8828867,cvss_v2_temporal 4.6,protocols tcp; rev:1; sid:80188011;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UPSET MOWER Exploitation Attempt Seen"; flow:established, to_server; content:"mower"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-10-10,capec_id 46,updated_at 2019-10-13,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.9,attack_target server,cve 2018-5776264,cvss_v2_temporal 8.6,protocols tcp; rev:1; sid:80188012;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - IMPRESSIVE HUT Exploitation Attempt Seen"; flow:established, to_server; content:"hut"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2016-06-20,capec_id 46,updated_at 2016-06-22,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 7.4,attack_target server,cve 2015-206262,cvss_v2_temporal 7.9,protocols tcp; rev:1; sid:80188013;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - RESPECTABLE SHANTY Exploitation Attempt Seen"; flow:established, to_server; content:"shanty"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2019-01-20,capec_id 46,updated_at 2019-01-23,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.7,attack_target server,cve 2018-4855680,cvss_v2_temporal 4.5,protocols tcp; rev:1; sid:80188014;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - UNKNOWN UNKNOWN Exploitation Attempt Seen"; flow:established, to_server; content:"UNKNOWN"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2017-11-23,capec_id 46,updated_at 2017-11-27,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 5.5,attack_target server,cve 2017-6262130,cvss_v2_temporal 6.3,protocols tcp; rev:1; sid:80188015;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - NECESSARY RELATIVE Exploitation Attempt Seen"; flow:established, to_server; content:"relative"; priority:3; metadata:cwe_id 121,hostile src_ip,created_at 2018-03-15,capec_id 46,updated_at 2018-03-17,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 6.9,attack_target server,cve 2017-4216994,cvss_v2_temporal 7.4,protocols tcp; rev:1; sid:80188016;) #alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - SCATTERED CHEEK Exploitation Attempt Seen"; flow:established,to_server; content:"cheek"; priority:3; metadata:cwe_id 134,hostile src_ip,created_at 2018-09-24,capec_id 135,updated_at 2018-09-28,filename scada.rules,priority low,rule_source acme-rule-factory,cvss_v2_base 3.8,attack_target server,cve 2018-3004826,cvss_v2_temporal 3.5,protocols tcp; rev:1; sid:80188017;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - RETAIL MANOR Malware Communication"; flow:established,to_server; content:"manor"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-03-19,updated_at 2018-03-24,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188018;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - SMART FOOTBALL Malware Communication"; flow:established,to_server; content:"football"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-05-20,updated_at 2019-05-23,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188019;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - TOP COMRADESHIP Malware Communication"; flow:established,to_server; content:"comradeship"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-06,updated_at 2017-09-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188020;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PROMINENT UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2017-09-08,updated_at 2017-09-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188021;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ENERGY Malware Communication"; flow:established,to_server; content:"energy"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-04-02,updated_at 2018-04-18,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188022;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - PLEASANT MIDUNKNOWN Malware Communication"; flow:established,to_server; content:"midUNKNOWN"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-01-19,updated_at 2019-01-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188023;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - NORMAL MANTUA Malware Communication"; flow:established,to_server; content:"mantua"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2017-09-08,updated_at 2017-09-20,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188024;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - HUSHED UNKNOWN Malware Communication"; flow:established,to_server; content:"UNKNOWN"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2018-05-17,updated_at 2018-05-27,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-896235,protocols http,protocols tcp; rev:2; sid:80188025;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EQUAL FIGURE Malware Communication"; flow:established,to_server; content:"figure"; priority:1; metadata:cwe_id 507,malware post-infection,hostile dest_ip,created_at 2019-02-23,updated_at 2019-02-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,cve 2018-1722457,protocols http,protocols tcp; rev:2; sid:80188026;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN ODOMETER Malware Communication"; flow:established,to_server; content:"odometer"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2018-01-10,updated_at 2018-01-14,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188027;) drop tcp $HOME_NET $HTTP_PORTS -> $EXTERNAL_NET any (msg:"Acme - STATISTICAL MONOCLE Traffic Detected"; flow:established,to_client; content:"monocle"; priority:2; metadata:cwe_id 434,hostile dest_ip,created_at 2018-07-06,capec_id 17,updated_at 2018-07-27,filename acme.rules,priority medium,infected src_ip,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80188028;) #alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - MUTE SHOWER Traffic Detected"; flow:established, to_server; content:"shower"; priority:3; metadata:cwe_id 22,hostile src_ip,created_at 2016-03-24,capec_id 213,updated_at 2016-03-26,filename acme.rules,priority low,rule_source acme-rule-factory,attack_target server,attack_target http-server,protocols http,protocols tcp; rev:3; sid:80188029;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - INLAND ASTROLOGY Malware Communication"; flow:established,to_server; content:"astrology"; priority:1; metadata:cwe_id 506,malware post-infection,hostile dest_ip,created_at 2019-08-20,updated_at 2019-08-25,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188030;) drop http $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - CONTINUOUS SHAMPOO Malware Communication"; flow:established, to_client; content:"shampoo"; priority:1; metadata:cwe_id 506,malware post-infection,hostile src_ip,created_at 2019-03-19,updated_at 2019-03-26,filename acme.rules,priority high,infected dest_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188031;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - ASHAMED NANOPARTICLE Malware Communication"; flow:established,to_server; content:"nanoparticle"; priority:1; metadata:cwe_id 506,malware post-infection,created_at 2016-05-02,updated_at 2016-05-26,filename acme.rules,priority high,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188032;) drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"Acme - COOPERATIVE SHOP Malware Communication"; flow:established,to_client; content:"shop"; priority:3; metadata:cwe_id 506,malware download-attempt,created_at 2019-02-12,updated_at 2019-02-25,filename acme.rules,priority low,infected dest_ip,rule_source acme-rule-factory,attack_target tls-client,attack_target client,protocols tls,protocols tcp; rev:2; sid:80188033;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - FRIGHTENED REPROCESSING Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"reprocessing"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2019-09-02,updated_at 2019-09-27,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:2; sid:80188034;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - UNKNOWN CASCADE Malware Communication"; flow:established,to_server; urilen:>150,norm; content:"cascade"; priority:3; metadata:cwe_id 506,malware pre-infection,hostile dest_ip,created_at 2018-10-24,updated_at 2018-10-26,filename acme.rules,priority low,infected src_ip,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:1; sid:80188035;) drop http $HOME_NET any -> $EXTERNAL_NET any (msg:"Acme - EQUIVALENT TOENAIL Traffic Detected"; flow:established,to_server; content:"toenail"; priority:1; metadata:hostile dest_ip,created_at 2018-03-25,updated_at 2018-03-25,filename acme.rules,priority high,rule_source acme-rule-factory,attack_target http-client,attack_target client,protocols http,protocols tcp; rev:3; sid:80188036;)