*********************** snort-2.8.6-enhanced etpro *********************** [***] Results from Oinkmaster started Mon Feb 6 16:33:29 2017 [***] [+++] Added rules: [+++] 2023870 - ET TROJAN Ursnif Variant CnC Beacon (trojan.rules) 2023871 - ET TROJAN Ursnif Variant Retrieving Payload (x32) (trojan.rules) 2023872 - ET TROJAN Ursnif Variant Retrieving Payload (x64) (trojan.rules) 2023873 - ET POLICY DNS Query to Hamas Terrorist Propaganda TV Channel (alqsatv.ps) (policy.rules) 2023874 - ET POLICY Hamas Terrorist Propaganda TV Channel (alqsatv.ps) (policy.rules) 2023875 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-06 (trojan.rules) 2824771 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules) 2824772 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules) 2824773 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules) 2824774 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules) 2824775 - ETPRO TROJAN Satan Ransomware .onion Proxy Domain (trojan.rules) 2824776 - ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 M2 (current_events.rules) 2824777 - ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06 M1 (current_events.rules) 2824778 - ETPRO CURRENT_EVENTS Possible EITest SocEng Chrome Fonts DL Feb 06 M2 (current_events.rules) 2824779 - ETPRO TROJAN Cancer Ransomware CnC Activity (trojan.rules) 2824780 - ETPRO TROJAN Possible Win32/KeyLogger.HomeKeyLogger Retrieving Netcat (trojan.rules) 2824781 - ETPRO TROJAN Win32/Necurs Checkin 3 (trojan.rules) 2824782 - ETPRO TROJAN DNS Query to Cerber Domain (1cq7gd . top) (trojan.rules) 2824783 - ETPRO TROJAN DNS Query to Cerber Domain (1lt2pn . top) (trojan.rules) 2824784 - ETPRO TROJAN DNS Query to Cerber Domain (15jznv . top) (trojan.rules) 2824785 - ETPRO TROJAN DNS Query to Cerber Domain (1cauz3 . top) (trojan.rules) 2824786 - ETPRO TROJAN DNS Query to Cerber Domain (jb4uh0 . top) (trojan.rules) 2824787 - ETPRO TROJAN DNS Query to Cerber Domain (4ucg2l . bid) (trojan.rules) 2824788 - ETPRO TROJAN DNS Query to Cerber Domain (rzvhne . top) (trojan.rules) 2824789 - ETPRO TROJAN DNS Query to Cerber Domain (1eeb86 . top) (trojan.rules) 2824790 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Feb 06 2017 (current_events.rules) 2824791 - ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Feb 06 2017 (current_events.rules) 2824792 - ETPRO CURRENT_EVENTS Banco Itau Phishing Landing Javascript Feb 06 2017 (current_events.rules) 2824793 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish Feb 06 2017 (current_events.rules) 2824794 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Feb 06 2017 (current_events.rules) 2824795 - ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Feb 06 2017 (current_events.rules) 2824796 - ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Feb 06 2017 (current_events.rules) 2824797 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 06 2017 (current_events.rules) [///] Modified active rules: [///] 2023754 - ET CURRENT_EVENTS Malicious JS.Nemucod to PS Dropping PE Nov 14 M2 (current_events.rules) 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ET DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ET DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ET DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ET DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ET DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ET DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ET DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ET DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ET DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ET DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ET DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ET DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ET DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ET DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ET DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ET DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ET DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ET DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ET DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ET DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ET DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ET DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ET DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ET DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ET DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ET DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2400031 - ET DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) 2400032 - ET DROP Spamhaus DROP Listed Traffic Inbound group 33 (drop.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 223 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 805 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 3993 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 4433 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 4492 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 (botcc.portgrouped.rules) 2405018 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405019 - ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 (botcc.portgrouped.rules) 2405020 - ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405021 - ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405022 - ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405023 - ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405024 - ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405025 - ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405026 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405027 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405028 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405029 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405030 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405031 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405032 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405033 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405034 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405035 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405036 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405037 - ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405038 - ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 (botcc.portgrouped.rules) 2405039 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405040 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405041 - ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405042 - ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405043 - ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405044 - ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405045 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405046 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405047 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405048 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405049 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405050 - ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405051 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2808546 - ETPRO TROJAN ZeroAccess3 Checkin (trojan.rules) 2814350 - ETPRO MALWARE Win32/Adware.Ymeta.A CnC (malware.rules) 2819987 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.q Checkin (mobile_malware.rules) 2823251 - ETPRO CURRENT_EVENTS Malicious JS to PS Dropping PE Nov 14 (current_events.rules) [---] Removed rules: [---] 2405052 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Added non-rule lines: [+++] -> Added to ciarmy.rules (1): # Version 2916 -> Added to drop.rules (2): # VERSION 2580 # Generated 2017-02-05 00:05:01 EDT -> Added to sid-msg.map (115): 2023870 || ET TROJAN Ursnif Variant CnC Beacon || md5,4dbff312f5ee5bfbd757030109faec2d 2023871 || ET TROJAN Ursnif Variant Retrieving Payload (x32) || md5,4dbff312f5ee5bfbd757030109faec2d 2023872 || ET TROJAN Ursnif Variant Retrieving Payload (x64) || md5,4dbff312f5ee5bfbd757030109faec2d 2023873 || ET POLICY DNS Query to Hamas Terrorist Propaganda TV Channel (alqsatv.ps) 2023874 || ET POLICY Hamas Terrorist Propaganda TV Channel (alqsatv.ps) || url,nctc.gov/site/groups/hamas.html 2023875 || ET TROJAN JS/Nemucod requesting EXE payload 2016-02-06 2405009 || ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405010 || ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405011 || ET CNC Shadowserver Reported CnC Server Port 3993 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405012 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405013 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405014 || ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405015 || ET CNC Shadowserver Reported CnC Server Port 4433 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405016 || ET CNC Shadowserver Reported CnC Server Port 4492 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405019 || ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405020 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405021 || ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405022 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405023 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405024 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405025 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405026 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405027 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405028 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405029 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405030 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405031 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405032 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405033 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405034 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405035 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405036 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405037 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405038 || ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405039 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405040 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405041 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405042 || ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405043 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405044 || ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405045 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405046 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405047 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405048 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405049 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405050 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405051 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2520160 || ET TOR Known Tor Exit Node TCP Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520161 || ET TOR Known Tor Exit Node UDP Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520162 || ET TOR Known Tor Exit Node TCP Traffic group 82 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520163 || ET TOR Known Tor Exit Node UDP Traffic group 82 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520164 || ET TOR Known Tor Exit Node TCP Traffic group 83 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520165 || ET TOR Known Tor Exit Node UDP Traffic group 83 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520166 || ET TOR Known Tor Exit Node TCP Traffic group 84 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520167 || ET TOR Known Tor Exit Node UDP Traffic group 84 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523406 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 704 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523407 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 704 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523408 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 705 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523409 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 705 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523410 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 706 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523411 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 706 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523412 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 707 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523413 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 707 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523414 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 708 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523415 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 708 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523416 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 709 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523417 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 709 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523418 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 710 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523419 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 710 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523420 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 711 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523421 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 711 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523422 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 712 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523423 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 712 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523424 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 713 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523425 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 713 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523426 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 714 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523427 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 714 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523428 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 715 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523429 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 715 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523430 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 716 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523431 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 716 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523432 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 717 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523433 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 717 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523434 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 718 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523435 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 718 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2808546 || ETPRO TROJAN ZeroAccess3 Checkin || md5,0a7e0ec6f27559aa552d2506e9d51eef 2824771 || ETPRO TROJAN Satan Ransomware .onion Proxy Domain || md5,d92fceccf770d63b7012d7059af7ad88 2824772 || ETPRO TROJAN Satan Ransomware .onion Proxy Domain || md5,82f067fe6a9a5a43ef9ac47415690753 2824773 || ETPRO TROJAN Satan Ransomware .onion Proxy Domain || md5,b9173e130c11c8538574d8eeaab97275 2824774 || ETPRO TROJAN Satan Ransomware .onion Proxy Domain || md5,42bf4bbf695fc3aa6f37be29891b9361 2824775 || ETPRO TROJAN Satan Ransomware .onion Proxy Domain || md5,5796a4eb86aa6b7083af7e946f2b7d21 2824776 || ETPRO CURRENT_EVENTS SunDown EK Flash Exploit Dec 13 2016 M2 2824777 || ETPRO CURRENT_EVENTS EITest SocEng Chrome Fonts DL Feb 06 M1 || url,www.proofpoint.com/us/threat-insight/post/EITest-Nabbing-Chrome-Users-Chrome-Font-Social-Engineering-Scheme 2824778 || ETPRO CURRENT_EVENTS Possible EITest SocEng Chrome Fonts DL Feb 06 M2 || url,www.proofpoint.com/us/threat-insight/post/EITest-Nabbing-Chrome-Users-Chrome-Font-Social-Engineering-Scheme 2824779 || ETPRO TROJAN Cancer Ransomware CnC Activity || md5,3b5622c6fd638457706170f9e1e12221 2824780 || ETPRO TROJAN Possible Win32/KeyLogger.HomeKeyLogger Retrieving Netcat || md5,0e9d60f575d69125f18a7e361176b94e 2824781 || ETPRO TROJAN Win32/Necurs Checkin 3 || md5,22d745954263d12dfaf393a802020764 2824782 || ETPRO TROJAN DNS Query to Cerber Domain (1cq7gd . top) 2824783 || ETPRO TROJAN DNS Query to Cerber Domain (1lt2pn . top) 2824784 || ETPRO TROJAN DNS Query to Cerber Domain (15jznv . top) 2824785 || ETPRO TROJAN DNS Query to Cerber Domain (1cauz3 . top) 2824786 || ETPRO TROJAN DNS Query to Cerber Domain (jb4uh0 . top) 2824787 || ETPRO TROJAN DNS Query to Cerber Domain (4ucg2l . bid) 2824788 || ETPRO TROJAN DNS Query to Cerber Domain (rzvhne . top) 2824789 || ETPRO TROJAN DNS Query to Cerber Domain (1eeb86 . top) 2824790 || ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M1 Feb 06 2017 2824791 || ETPRO CURRENT_EVENTS Successful Banco do Brasil Phish M2 Feb 06 2017 2824792 || ETPRO CURRENT_EVENTS Banco Itau Phishing Landing Javascript Feb 06 2017 2824793 || ETPRO CURRENT_EVENTS Successful Banco Itau Phish Feb 06 2017 2824794 || ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Feb 06 2017 2824795 || ETPRO CURRENT_EVENTS Successful Paypal Phish M2 Feb 06 2017 2824796 || ETPRO CURRENT_EVENTS Successful Paypal Phish M3 Feb 06 2017 2824797 || ETPRO CURRENT_EVENTS Successful Apple Phish Feb 06 2017 [---] Removed non-rule lines: [---] -> Removed from ciarmy.rules (1): # Version 2909 -> Removed from drop.rules (2): # VERSION 2579 # Generated 2017-01-29 00:05:01 EDT -> Removed from sid-msg.map (47): 2405009 || ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405010 || ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405011 || ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405012 || ET CNC Shadowserver Reported CnC Server Port 3993 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405013 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405014 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405015 || ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405016 || ET CNC Shadowserver Reported CnC Server Port 4433 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 4492 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405019 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405020 || ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405021 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405022 || ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405023 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405024 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405025 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405026 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405027 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405028 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405029 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405030 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405031 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405032 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405033 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405034 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405035 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405036 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405037 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405038 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405039 || ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405040 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405041 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405042 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405043 || ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405044 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405045 || ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405046 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405047 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405048 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405049 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405050 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405051 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405052 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2500094 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 48 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500095 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 48 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2808546 || ETPRO TROJAN Backdoor.MSIL/Parama.A Checkin || md5,0a7e0ec6f27559aa552d2506e9d51eef