*********************** snort-2.4.0 open ***********************

[***] Results from Oinkmaster started Tue Apr 16 19:57:34 2013 [***]

[+++]          Added rules:          [+++]

 2015006 - ET DELETED SofosFO exploit kit jar download (emerging-deleted.rules)
 2015007 - ET DELETED SofosFO exploit kit version check (emerging-deleted.rules)
 2015009 - ET DELETED SofosFO exploit kit payload download (emerging-deleted.rules)
 2015750 - ET DELETED SofosFO/NeoSploit possible landing page 10/01/12 (emerging-deleted.rules)
 2015751 - ET DELETED SofosFO/NeoSploit possible landing page 10/01/12 (2) (emerging-deleted.rules)
 2016046 - ET DELETED SofosFO/NeoSploit possible second stage landing page (2) (emerging-deleted.rules)
 2016241 - ET DELETED SofosFO - Landing Page (emerging-deleted.rules)
 2016758 - ET POLICY Bitcoin Mining Extensions Header (emerging-policy.rules)
 2016759 - ET TROJAN Win32/Redyms.A Checkin (emerging-trojan.rules)
 2016760 - ET WEB_SERVER WebShell - PHPShell - Comment (emerging-web_server.rules)
 2016761 - ET WEB_SERVER WebShell - PHPShell - Haxplorer URI (emerging-web_server.rules)
 2016762 - ET WEB_SERVER WebShell - PHPShell - PHPKonsole URI (emerging-web_server.rules)


[///]     Modified active rules:     [///]

 2009532 - ET TROJAN BackDoor-EGB Check-in (emerging-trojan.rules)
 2011582 - ET POLICY Vulnerable Java Version 1.6.x Detected (emerging-policy.rules)
 2014297 - ET POLICY Vulnerable Java Version 1.7.x Detected (emerging-policy.rules)
 2016070 - ET CURRENT_EVENTS SofosFO obfuscator string 19 Dec 12 - possible landing (emerging-current_events.rules)
 2016706 - ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page (1) (emerging-current_events.rules)
 2402000 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
 2402001 - ET DROP Dshield Block Listed Source (emerging-dshield.rules)
 2403300 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403301 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403302 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403303 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403304 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403305 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403306 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403307 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403308 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403309 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403310 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403311 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403312 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403313 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403314 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403315 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403316 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403317 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)
 2403318 - ET CIARMY Collective Intelligence Security Poor Reputation IP (TCP) (emerging-ciarmy.rules)
 2403319 - ET CIARMY Collective Intelligence Security Poor Reputation IP (UDP) (emerging-ciarmy.rules)


[---]         Removed rules:         [---]

 2015006 - ET CURRENT_EVENTS SofosFO exploit kit jar download (emerging-current_events.rules)
 2015007 - ET CURRENT_EVENTS SofosFO exploit kit version check (emerging-current_events.rules)
 2015009 - ET CURRENT_EVENTS SofosFO exploit kit payload download (emerging-current_events.rules)
 2015750 - ET CURRENT_EVENTS SofosFO/NeoSploit possible landing page 10/01/12 (emerging-current_events.rules)
 2015751 - ET CURRENT_EVENTS SofosFO/NeoSploit possible landing page 10/01/12 (2) (emerging-current_events.rules)
 2016046 - ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page (2) (emerging-current_events.rules)
 2016241 - ET CURRENT_EVENTS SofosFO - Landing Page (emerging-current_events.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to emerging-ciarmy.rules (1):
        # Version 218

     -> Added to sid-msg.map (15):
        2009532 || ET TROJAN BackDoor-EGB Check-in || url,home.mcafee.com/virusinfo/virusprofile.aspx?key=239060 || url,doc.emergingthreats.net/2009532
        2015006 || ET DELETED SofosFO exploit kit jar download
        2015007 || ET DELETED SofosFO exploit kit version check
        2015009 || ET DELETED SofosFO exploit kit payload download
        2015750 || ET DELETED SofosFO/NeoSploit possible landing page 10/01/12
        2015751 || ET DELETED SofosFO/NeoSploit possible landing page 10/01/12 (2)
        2016046 || ET DELETED SofosFO/NeoSploit possible second stage landing page (2)
        2016241 || ET DELETED SofosFO - Landing Page
        2016758 || ET POLICY Bitcoin Mining Extensions Header
        2016759 || ET TROJAN Win32/Redyms.A Checkin
        2016760 || ET WEB_SERVER WebShell - PHPShell - Comment
        2016761 || ET WEB_SERVER WebShell - PHPShell - Haxplorer URI
        2016762 || ET WEB_SERVER WebShell - PHPShell - PHPKonsole URI
        2520162 || ET TOR Known Tor Exit Node TCP Traffic (82) || url,doc.emergingthreats.net/bin/view/Main/TorRules
        2520163 || ET TOR Known Tor Exit Node UDP Traffic (82) || url,doc.emergingthreats.net/bin/view/Main/TorRules

[---]     Removed non-rule lines:    [---]

     -> Removed from emerging-ciarmy.rules (1):
        # Version 217

     -> Removed from sid-msg.map (12):
        2009532 || ET TROJAN Unknown Trojan Check-in (3) || url,doc.emergingthreats.net/2009532
        2015006 || ET CURRENT_EVENTS SofosFO exploit kit jar download
        2015007 || ET CURRENT_EVENTS SofosFO exploit kit version check
        2015009 || ET CURRENT_EVENTS SofosFO exploit kit payload download
        2015750 || ET CURRENT_EVENTS SofosFO/NeoSploit possible landing page 10/01/12
        2015751 || ET CURRENT_EVENTS SofosFO/NeoSploit possible landing page 10/01/12 (2)
        2016046 || ET CURRENT_EVENTS SofosFO/NeoSploit possible second stage landing page (2)
        2016241 || ET CURRENT_EVENTS SofosFO - Landing Page
        2404148 || ET CNC Zeus/Spyeye/Palevo Tracker Reported CnC Server TCP (group 25) || url,spyeyetracker.abuse.ch || url,palevotracker.abuse.ch || url,zeustracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC
        2404149 || ET CNC ZeusTracker/SpyeyeTracker Reported CnC Server UDP (group 25) || url,spyeyetracker.abuse.ch || url,palevotracker.abuse.ch || url,zeustracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC
        2500106 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP (54) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts
        2500107 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP (54) || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts