{
	"id": "b38c8f80-3e9c-4089-bd2c-3b34f06266c1",
	"created_at": "2026-04-06T00:21:42.563641Z",
	"updated_at": "2026-04-10T03:21:28.036077Z",
	"deleted_at": null,
	"sha1_hash": "b5f4eab14bad4cb1328c0e222da8f3f4cd9b2ff7",
	"title": "Snort - Rule Docs 1:34217",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34183,
	"plain_text": "Snort - Rule Docs 1:34217\r\nArchived: 2026-04-05 23:00:48 UTC\r\nRule Category\r\nMALWARE-CNC -- Snort has detected a Comand and Control (CNC) rule violation, most likely for commands\r\nand calls for files or other stages from the control server. The alert indicates a host has been infiltrated by an\r\nattacker, who is using the host to make calls for files, as a call-home vector for other malware-infected networks,\r\nfor shuttling traffic back to bot owners, etc.\r\nAlert Message\r\nMALWARE-CNC Win.Trojan.Aytoke variant outbound connection\r\nRule Explanation\r\nThis event is generated when activity relating to malware is detected. Impact: Serious. Possible existance of\r\nmalware on the target host. Details: This activity is indicative of malware activity on a host. In this case the\r\nMALWARE-CNC Win.Trojan.Aytoke variant outbound connection was detected. Ease of Attack: Simple. This\r\nmay be an indication of a malware infestation.\r\nWhat To Look For\r\nNo information provided\r\nKnown Usage\r\nNo public information\r\nFalse Positives\r\nNo known false positives\r\nContributors\r\nCisco Talos\r\nRule Groups\r\nNo rule groups\r\nNone\r\nAdditional Links\r\nhttps://snort.org/rule_docs/1-34217\r\nPage 1 of 2\n\nRule Vulnerability\r\nNo information provided\r\nCVE Additional Information\r\nThis product uses data from the NVD API but is not endorsed or certified by the NVD.\r\nNone\r\nSource: https://snort.org/rule_docs/1-34217\r\nhttps://snort.org/rule_docs/1-34217\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://snort.org/rule_docs/1-34217"
	],
	"report_names": [
		"1-34217"
	],
	"threat_actors": [],
	"ts_created_at": 1775434902,
	"ts_updated_at": 1775791288,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b5f4eab14bad4cb1328c0e222da8f3f4cd9b2ff7.pdf",
		"text": "https://archive.orkl.eu/b5f4eab14bad4cb1328c0e222da8f3f4cd9b2ff7.txt",
		"img": "https://archive.orkl.eu/b5f4eab14bad4cb1328c0e222da8f3f4cd9b2ff7.jpg"
	}
}