*********************** snort-2.8.6 open *********************** [***] Results from Oinkmaster started Fri May 5 16:51:17 2017 [***] [+++] Added rules: [+++] 2024277 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M1 (emerging-web_specific_apps.rules) 2024278 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M2 (emerging-web_specific_apps.rules) 2024279 - ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M3 (emerging-web_specific_apps.rules) [///] Modified active rules: [///] 2003055 - ET POLICY Suspicious FTP 220 Banner on Local Port (-) (emerging-policy.rules) 2003466 - ET WEB_SERVER PHP Attack Tool Morfeus F Scanner (emerging-web_server.rules) 2003479 - ET POLICY Radmin Remote Control Session Setup Initiate (emerging-policy.rules) 2003481 - ET POLICY Radmin Remote Control Session Authentication Initiate (emerging-policy.rules) 2003482 - ET POLICY Radmin Remote Control Session Authentication Response (emerging-policy.rules) 2003492 - ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0) (emerging-malware.rules) 2003869 - ET SCAN ProxyReconBot CONNECT method to Mail (emerging-scan.rules) 2007994 - ET MALWARE Suspicious User-Agent (1 space) (emerging-malware.rules) 2008233 - ET TROJAN Common Downloader Install Report URL (farfly checkin) (emerging-trojan.rules) 2009949 - ET WEB_SERVER Tilde in URI - potential .pl source disclosure vulnerability (emerging-web_server.rules) 2009950 - ET WEB_SERVER Tilde in URI - potential .inc source disclosure vulnerability (emerging-web_server.rules) 2009951 - ET WEB_SERVER Tilde in URI - potential .conf source disclosure vulnerability (emerging-web_server.rules) 2009952 - ET WEB_SERVER Tilde in URI - potential .asp source disclosure vulnerability (emerging-web_server.rules) 2009953 - ET WEB_SERVER Tilde in URI - potential .aspx source disclosure vulnerability (emerging-web_server.rules) 2009955 - ET WEB_SERVER Tilde in URI - potential .php~ source disclosure vulnerability (emerging-web_server.rules) 2010820 - ET WEB_SERVER Tilde in URI - potential .cgi source disclosure vulnerability (emerging-web_server.rules) 2010908 - ET INFO Mozilla User-Agent (Mozilla/5.0) Inbound Likely Fake (emerging-info.rules) 2010969 - ET POLICY Possible ProxyShell Anonymous Access Connection (emerging-policy.rules) 2012118 - ET INFO http string in hex Possible Obfuscated Exploit Redirect (emerging-info.rules) 2012810 - ET POLICY HTTP Request to a *.tk domain (emerging-policy.rules) 2012981 - ET TROJAN Possible FakeAV Binary Download (Security) (emerging-trojan.rules) 2013091 - ET TROJAN Backdoor.Win32.DarkComet Keepalive Inbound (emerging-trojan.rules) 2013436 - ET INFO Redirection to driveby Page Home index.php (emerging-info.rules) 2013942 - ET WEB_SERVER Weevely PHP backdoor detected (python_eval() function used) (emerging-web_server.rules) 2014726 - ET POLICY Outdated Windows Flash Version IE (emerging-policy.rules) 2014802 - ET CURRENT_EVENTS Fragus Exploit jar Download (emerging-current_events.rules) 2014884 - ET CURRENT_EVENTS Request to malicious SutraTDS - lonly= in cookie (emerging-current_events.rules) 2014934 - ET CURRENT_EVENTS FoxxySoftware - Landing Page (emerging-current_events.rules) 2015015 - ET POLICY Download Request to Hotfile.com (emerging-policy.rules) 2015581 - ET TROJAN Atadommoc.C - HTTP CnC (emerging-trojan.rules) 2015907 - ET CURRENT_EVENTS BoA -Account Phished (emerging-current_events.rules) 2015946 - ET CURRENT_EVENTS CrimeBoss - Setup (emerging-current_events.rules) 2015972 - ET CURRENT_EVENTS Successful PayPal Account Phish (emerging-current_events.rules) 2015980 - ET CURRENT_EVENTS Successful Google Account Phish (emerging-current_events.rules) 2016063 - ET CURRENT_EVENTS Successful PayPal Account Phish (emerging-current_events.rules) 2016328 - ET TROJAN ZeuS Post to C&C footer.php (emerging-trojan.rules) 2016868 - ET CURRENT_EVENTS Neutrino EK Plugin-Detect 2 May 20 2013 (emerging-current_events.rules) 2016932 - ET TROJAN Spy/Infostealer.Win32.Embed.A Client Traffic (emerging-trojan.rules) 2017587 - ET MOBILE_MALWARE Android/Opfake.A GetTask CnC Beacon (emerging-mobile_malware.rules) 2017594 - ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Oct 15 2013 (emerging-current_events.rules) 2017595 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Oct 15 2013 (emerging-current_events.rules) 2017596 - ET CURRENT_EVENTS Neutrino EK XORed pluginDetect 1 (emerging-current_events.rules) 2017597 - ET CURRENT_EVENTS Neutrino EK XORed pluginDetect 2 (emerging-current_events.rules) 2017627 - ET TROJAN W32/Kegotip CnC Beacon (emerging-trojan.rules) 2017653 - ET CURRENT_EVENTS Possible Neutrino EK Java Exploit/Payload Download Nov 1 2013 (emerging-current_events.rules) 2017661 - ET CURRENT_EVENTS Possible Redirect to Neutrino EK goi.php Nov 4 2013 (emerging-current_events.rules) 2017787 - ET MOBILE_MALWARE Android.KorBanker Fake Banking App Install CnC Beacon (emerging-mobile_malware.rules) 2017824 - ET CURRENT_EVENTS Neutrino EK Landing Page Dec 09 2013 (emerging-current_events.rules) 2017963 - ET CURRENT_EVENTS Possible Neutrino/Fiesta EK SilverLight Exploit Jan 13 2014 DLL Naming Convention (emerging-current_events.rules) 2017971 - ET CURRENT_EVENTS Possible Neutrino EK IE/Silverlight Payload Download (emerging-current_events.rules) 2018226 - ET CURRENT_EVENTS Possible Neutrino/Fiesta EK SilverLight Exploit March 05 2014 DLL Naming Convention (emerging-current_events.rules) 2018321 - ET TROJAN Saker UA (emerging-trojan.rules) 2018403 - ET TROJAN GENERIC Likely Malicious Fake IE Downloading .exe (emerging-trojan.rules) 2018580 - ET TROJAN Win32/Neutrino Checkin (emerging-trojan.rules) 2018630 - ET MOBILE_MALWARE Android/Comll.Banker RAT CnC Beacon (emerging-mobile_malware.rules) 2018667 - ET TROJAN Possible Zeus P2P Variant Check-in (emerging-trojan.rules) 2018789 - ET POLICY TLS possible TOR SSL traffic (emerging-policy.rules) 2018876 - ET POLICY DNS Query to .onion proxy Domain (onion.cab) (emerging-policy.rules) 2019211 - ET TROJAN Win32/Neutrino ping (emerging-trojan.rules) 2019628 - ET TROJAN AnubisNetworks Sinkhole SSL Cert lolcat - specific IPs (emerging-trojan.rules) 2020093 - ET TROJAN Win32/Neutrino Cookie (emerging-trojan.rules) 2020094 - ET TROJAN Win32/Neutrino CC dump (emerging-trojan.rules) 2020826 - ET CURRENT_EVENTS Potential Dridex.Maldoc Minimal Executable Request (emerging-current_events.rules) 2020839 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (63ghdye17.com) (emerging-trojan.rules) 2020844 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (7hwr34n18.com) (emerging-trojan.rules) 2020847 - ET CURRENT_EVENTS Chrome Form Data Theft April 06 2015 (emerging-current_events.rules) 2020869 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (wh47f2as19.com) (emerging-trojan.rules) 2020882 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (epmhyca5ol6plmx3) (emerging-trojan.rules) 2020949 - ET TROJAN Win32/Neutrino Bot Fake 404 Checkin Response (emerging-trojan.rules) 2021226 - ET TROJAN Poweliks Clickfraud CnC M1 (emerging-trojan.rules) 2021252 - ET TROJAN TorrentLocker .onion Proxy Domain (zbqxpjfvltb6d62m) (emerging-trojan.rules) 2021588 - ET CURRENT_EVENTS Job314/Neutrino EK Flash Exploit M2 Aug 02 2015 (emerging-current_events.rules) 2021589 - ET CURRENT_EVENTS Job314/Neutrino EK Flash Exploit M3 Aug 02 2015 (emerging-current_events.rules) 2021590 - ET CURRENT_EVENTS Job314/Neutrino EK Flash Exploit M1 Aug 02 2015 (IE) (emerging-current_events.rules) 2022351 - ET POLICY External IP Lookup - ipecho.net (emerging-policy.rules) 2022377 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsalias.ru Domain (emerging-info.rules) 2022378 - ET INFO DYNAMIC_DNS HTTP Request to a *.dnsip.ru Domain (emerging-info.rules) 2022462 - ET TROJAN Win32/Neutrino Checkin 2 (emerging-trojan.rules) 2022463 - ET TROJAN Win32/Neutrino Checkin 3 (emerging-trojan.rules) 2022566 - ET CURRENT_EVENTS Possible Malicious Macro EXE DL AlphaNumL (emerging-current_events.rules) 2022985 - ET TROJAN Trojan Generic - POST To gate.php with no accept headers (emerging-trojan.rules) 2022987 - ET MALWARE LoadMoney Checkin 5 (emerging-malware.rules) 2022999 - ET TROJAN ABUSE.CH Ransomware Domain Detected (emerging-trojan.rules) 2023000 - ET TROJAN ABUSE.CH Ransomware Domain Detected (emerging-trojan.rules) 2023001 - ET TROJAN ABUSE.CH Ransomware Domain Detected (emerging-trojan.rules) 2023002 - ET TROJAN ABUSE.CH Ransomware Domain Detected (emerging-trojan.rules) 2023003 - ET TROJAN ABUSE.CH Ransomware Domain Detected (emerging-trojan.rules) 2023004 - ET TROJAN ABUSE.CH Ransomware Domain Detected (emerging-trojan.rules) 2023142 - ET TROJAN TorrentLocker DNS Lookup (bigcrashcar.net) (emerging-trojan.rules) 2023147 - ET TROJAN Locky Ransomware Renaming File via SMB (emerging-trojan.rules) 2023148 - ET TROJAN Locky Ransomware Writing Instructions via SMB (emerging-trojan.rules) 2023240 - ET MOBILE_MALWARE iOS DualToy Checkin (emerging-mobile_malware.rules) 2023335 - ET TROJAN Nuke Ransomware Checkin (emerging-trojan.rules) 2023583 - ET TROJAN Known Malicious Doc Downloading Payload Dec 06 2016 (emerging-trojan.rules) 2023612 - ET TROJAN Ransomware/Cerber Checkin M3 (1) (emerging-trojan.rules) 2023613 - ET TROJAN Ransomware/Cerber Checkin M3 (2) (emerging-trojan.rules) 2023614 - ET TROJAN Ransomware/Cerber Checkin M3 (3) (emerging-trojan.rules) 2023615 - ET TROJAN Ransomware/Cerber Checkin M3 (4) (emerging-trojan.rules) 2023616 - ET TROJAN Ransomware/Cerber Checkin M3 (5) (emerging-trojan.rules) 2023617 - ET TROJAN Ransomware/Cerber Checkin M3 (6) (emerging-trojan.rules) 2023618 - ET TROJAN Ransomware/Cerber Checkin M3 (7) (emerging-trojan.rules) 2023619 - ET TROJAN Ransomware/Cerber Checkin M3 (8) (emerging-trojan.rules) 2023620 - ET TROJAN Ransomware/Cerber Checkin M3 (9) (emerging-trojan.rules) 2023621 - ET TROJAN Ransomware/Cerber Checkin M3 (10) (emerging-trojan.rules) 2023622 - ET TROJAN Ransomware/Cerber Checkin M3 (11) (emerging-trojan.rules) 2023623 - ET TROJAN Ransomware/Cerber Checkin M3 (12) (emerging-trojan.rules) 2023624 - ET TROJAN Ransomware/Cerber Checkin M3 (13) (emerging-trojan.rules) 2023625 - ET TROJAN Ransomware/Cerber Checkin M3 (14) (emerging-trojan.rules) 2023626 - ET TROJAN Ransomware/Cerber Checkin M3 (15) (emerging-trojan.rules) 2023627 - ET TROJAN Ransomware/Cerber Checkin M3 (16) (emerging-trojan.rules) 2023653 - ET TROJAN TeleBots BCS-server User-Agent (emerging-trojan.rules) 2023697 - ET CURRENT_EVENTS Successful Bradesco Bank Phish M2 Jan 05 2017 (emerging-current_events.rules) 2023740 - ET TROJAN Possible Pony Payload DL (emerging-trojan.rules) 2023765 - ET TROJAN Betabot Checkin 5 (emerging-trojan.rules) 2023998 - ET TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (emerging-trojan.rules) 2024022 - ET TROJAN Pteranodon Backdoor Checkin (emerging-trojan.rules) 2024023 - ET TROJAN Pteranodon Backdoor CnC POST (emerging-trojan.rules) 2024024 - ET TROJAN Pteranodon Variant 1 Backdoor Checkin (emerging-trojan.rules) 2024025 - ET TROJAN Pteranodon Variant 2 Backdoor Checkin (emerging-trojan.rules) 2024026 - ET TROJAN Pteranodon Variant 3 Backdoor Checkin (emerging-trojan.rules) 2024027 - ET TROJAN Gamaredon File Stealer POST (emerging-trojan.rules) 2024028 - ET TROJAN Infostealer.Bancos ProxyChanger Checkin (emerging-trojan.rules) 2024029 - ET INFO Suspicious VNC Remote Admin Request (emerging-info.rules) 2024030 - ET WEB_CLIENT SUSPICIOUS Microsoft-Edge protocol in use (Observed in Magnitude EK) (emerging-web_client.rules) 2024031 - ET WEB_CLIENT SUSPICIOUS Local file read using read protocol (emerging-web_client.rules) 2024032 - ET CURRENT_EVENTS Successful Vanguard Phish Mar 06 2017 (emerging-current_events.rules) 2024033 - ET CURRENT_EVENTS Android Fake AV Download Landing Mar 06 2017 (emerging-current_events.rules) 2024034 - ET WEB_CLIENT Possible MacOSX HelpViewer 10.12.1 XSS Arbitrary File Execution and Arbitrary File Read (CVE-2017-2361) (emerging-web_client.rules) 2024035 - ET TROJAN WS/JS Downloader Mar 07 2017 M1 (emerging-trojan.rules) 2024036 - ET TROJAN WS/JS Downloader Mar 07 2017 M2 (emerging-trojan.rules) 2024037 - ET CURRENT_EVENTS Evil Redirect Leading to EK March 07 2017 (emerging-current_events.rules) 2024038 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (emerging-web_specific_apps.rules) 2024039 - ET WEB_SPECIFIC_APPS Possible Drupal Object Unserialize Exploit Attempt (emerging-web_specific_apps.rules) 2024040 - ET CURRENT_EVENTS EITest SocEng Fake Font DL March 09 2017 (emerging-current_events.rules) 2024041 - ET TROJAN Spora Ransomware Checkin (emerging-trojan.rules) 2024042 - ET CURRENT_EVENTS Fake Virus Phone Scam Landing Mar 09 2017 (emerging-current_events.rules) 2024043 - ET TROJAN Spora Ransomware SSL Certificate Detected (emerging-trojan.rules) 2024044 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M2 (emerging-web_specific_apps.rules) 2024045 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) M3 (emerging-web_specific_apps.rules) 2024046 - ET CURRENT_EVENTS Successful Paypal Phish Mar 13 2017 (emerging-current_events.rules) 2024047 - ET CURRENT_EVENTS Successful National Bank Phish Mar 13 2017 (emerging-current_events.rules) 2024048 - ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 (emerging-current_events.rules) 2024049 - ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 (emerging-current_events.rules) 2024050 - ET CURRENT_EVENTS Successful ANZ Internet Banking Phish Mar 14 2017 (emerging-current_events.rules) 2024051 - ET CURRENT_EVENTS Successful Instagram Phish Mar 14 2017 (emerging-current_events.rules) 2024052 - ET CURRENT_EVENTS Successful Paypal Phish Mar 14 2017 (emerging-current_events.rules) 2024053 - ET CURRENT_EVENTS Terror EK Payload Download M1 Mar 14 2017 (emerging-current_events.rules) 2024054 - ET CURRENT_EVENTS Terror EK Payload Download M2 Mar 14 2017 (emerging-current_events.rules) 2024055 - ET CURRENT_EVENTS Terror EK Payload RC4 Key M1 Mar 14 2017 (emerging-current_events.rules) 2024056 - ET TROJAN Win32/CryptFile2 / Revenge Ransomware Checkin M3 (emerging-trojan.rules) 2024057 - ET SHELLCODE Linux/x86-64 - Polymorphic Flush IPTables Shellcode (emerging-shellcode.rules) 2024058 - ET SHELLCODE Linux/x86-64 - Polymorphic Setuid(0) & Execve(/bin/sh) Shellcode (emerging-shellcode.rules) 2024059 - ET CURRENT_EVENTS Successful iCloud Phish Mar 15 2017 (emerging-current_events.rules) 2024060 - ET CURRENT_EVENTS Successful Apple Phish M1 Mar 15 2017 (emerging-current_events.rules) 2024061 - ET CURRENT_EVENTS Successful Apple Phish M2 Mar 15 2017 (emerging-current_events.rules) 2024062 - ET EXPLOIT IBM WebSphere - RCE Java Deserialization (emerging-exploit.rules) 2024063 - ET EXPLOIT HP Smart Storage Administrator Remote Command Injection (emerging-exploit.rules) 2024064 - ET TROJAN MagikPOS Downloader Retrieving Payload (emerging-trojan.rules) 2024065 - ET SHELLCODE Linux/x86-64 - Reverse Shell Shellcode (emerging-shellcode.rules) 2024066 - ET TROJAN MagikPOS Downloader Checkin (emerging-trojan.rules) 2024067 - ET TROJAN MagikPOS CnC Beacon (emerging-trojan.rules) 2024068 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024069 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024070 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024071 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Android Marcher C2) (emerging-trojan.rules) 2024072 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024073 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024074 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024075 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024076 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024077 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Chthonic MITM) (emerging-trojan.rules) 2024078 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024079 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024080 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024081 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024082 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024084 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024085 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024086 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024087 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024088 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024089 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024090 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024091 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024092 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 15 2017 (emerging-current_events.rules) 2024093 - ET CURRENT_EVENTS Evil Redirector Leading to EK March 15 2017 M2 (emerging-current_events.rules) 2024096 - ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M1 (emerging-web_specific_apps.rules) 2024098 - ET CURRENT_EVENTS Windows Settings Phishing Landing Jul 22 (emerging-current_events.rules) 2024099 - ET TROJAN Win32/Spy.Banker.ACUT CnC Checkin (emerging-trojan.rules) 2024100 - ET CURRENT_EVENTS Successful Paypal Phish Mar 22 2017 (emerging-current_events.rules) 2024101 - ET CURRENT_EVENTS Successful RBC Royal Bank Phish Mar 27 2017 (emerging-current_events.rules) 2024102 - ET CURRENT_EVENTS Successful Tangerine Bank Phish M1 Mar 27 2017 (emerging-current_events.rules) 2024103 - ET CURRENT_EVENTS Successful Tangerine Bank Phish M2 Mar 27 2017 (emerging-current_events.rules) 2024104 - ET TROJAN ABUSE.CH Ransomware/Cerber Onion Domain Lookup (emerging-trojan.rules) 2024105 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (2kjb7.net) (emerging-trojan.rules) 2024106 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (7tno4hib47vlep5o) (emerging-trojan.rules) 2024107 - ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269) (emerging-web_server.rules) 2024108 - ET TROJAN KHRAT DragonOK DNS Lookup (inter-ctrip .com) (emerging-trojan.rules) 2024109 - ET CURRENT_EVENTS Possible Malicious Macro DL BIN March 2017 (emerging-current_events.rules) 2024110 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024111 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024112 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024113 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024114 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024115 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024116 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024117 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024118 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024119 - ET TROJAN Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024120 - ET TROJAN MSIL/Matrix Ransomware CnC Activity (emerging-trojan.rules) 2024121 - ET EXPLOIT NETGEAR WNR2000v5 hidden_lang_avi Stack Overflow (CVE-2016-10174) (emerging-exploit.rules) 2024122 - ET CURRENT_EVENTS MalDoc Retrieving Payload March 30 2017 (emerging-current_events.rules) 2024123 - ET MOBILE_MALWARE Android.C2P.Qd!c Ransomware CnC Beacon (emerging-mobile_malware.rules) 2024124 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M1 (emerging-current_events.rules) 2024125 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M2 (emerging-current_events.rules) 2024126 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M3 (emerging-current_events.rules) 2024127 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M4 (emerging-current_events.rules) 2024128 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M5 (emerging-current_events.rules) 2024129 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M6 (emerging-current_events.rules) 2024130 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M7 (emerging-current_events.rules) 2024131 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M8 (emerging-current_events.rules) 2024132 - ET CURRENT_EVENTS Lets Encrypt Free SSL Cert Observed in Tech Support Scams M9 (emerging-current_events.rules) 2024133 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M1 (emerging-current_events.rules) 2024134 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M2 (emerging-current_events.rules) 2024135 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M3 (emerging-current_events.rules) 2024136 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M4 (emerging-current_events.rules) 2024137 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M5 (emerging-current_events.rules) 2024138 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M6 (emerging-current_events.rules) 2024139 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M7 (emerging-current_events.rules) 2024140 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M8 (emerging-current_events.rules) 2024141 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M9 (emerging-current_events.rules) 2024142 - ET CURRENT_EVENTS Suspicious Decimal IP Redirect - Observed in RIG EK Redirects M10 (emerging-current_events.rules) 2024167 - ET CURRENT_EVENTS Successful Mail.ru Phish Apr 04 2017 (emerging-current_events.rules) 2024168 - ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit (emerging-current_events.rules) 2024169 - ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2 (emerging-current_events.rules) 2024170 - ET CURRENT_EVENTS Terror EK CVE-2015-2419 Exploit (emerging-current_events.rules) 2024171 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon (emerging-mobile_malware.rules) 2024172 - ET MOBILE_MALWARE Android Trojan Pegasus CnC Beacon M2 (emerging-mobile_malware.rules) 2024175 - ET TROJAN Red Leaves HTTP CnC Beacon (APT10 implant) (emerging-trojan.rules) 2024176 - ET TROJAN Felismus CnC Beacon 1 (emerging-trojan.rules) 2024177 - ET TROJAN Felismus CnC Beacon 2 (emerging-trojan.rules) 2024178 - ET TROJAN MSIL/Matrix Ransomware Sending Encrypted Filelist (emerging-trojan.rules) 2024179 - ET TROJAN Win32/Neutrino Checkin 6 (emerging-trojan.rules) 2024180 - ET CURRENT_EVENTS Terror EK Payload Download (emerging-current_events.rules) 2024181 - ET EXPLOIT D-LINK DIR-615 Cross-Site Request Forgery (CVE-2017-7398) (emerging-exploit.rules) 2024182 - ET TROJAN MSIL/NR42 Bot Parsing Config From Webpage (emerging-trojan.rules) 2024183 - ET TROJAN Possible Turla Carbon Paper CnC Beacon (Fake User-Agent) (emerging-trojan.rules) 2024184 - ET CURRENT_EVENTS Successful HM Revenue & Customs Phish M1 Apr 07 2017 (emerging-current_events.rules) 2024185 - ET CURRENT_EVENTS Successful HM Revenue & Customs Phish M2 Apr 07 2017 (emerging-current_events.rules) 2024186 - ET CURRENT_EVENTS Successful Santander Phish M1 Apr 07 2017 (emerging-current_events.rules) 2024187 - ET CURRENT_EVENTS Successful Santander Phish M2 Apr 07 2017 (emerging-current_events.rules) 2024188 - ET CURRENT_EVENTS Successful Santander Phish M3 Apr 07 2017 (emerging-current_events.rules) 2024189 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024190 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024191 - ET EXPLOIT TP-Link Archer C2 and Archer C20i Remote Code Execution (emerging-exploit.rules) 2024192 - ET EXPLOIT Possible RTF 0-day HTA (emerging-exploit.rules) 2024193 - ET EXPLOIT Possible RTF 0-day HTA M2 (emerging-exploit.rules) 2024194 - ET EXPLOIT Cisco Catalyst Remote Code Execution (CVE-2017-3881) (emerging-exploit.rules) 2024197 - ET CURRENT_EVENTS SUSPICIOUS MSXMLHTTP DL of HTA (Observed in RTF 0-day ) (emerging-current_events.rules) 2024198 - ET CURRENT_EVENTS EITest SocENG Payload DL (emerging-current_events.rules) 2024199 - ET CURRENT_EVENTS EITest SocENG Inject M2 (emerging-current_events.rules) 2024200 - ET CURRENT_EVENTS EITest SocENG Inject M3 (emerging-current_events.rules) 2024201 - ET MOBILE_MALWARE AdWare.AndroidOS.Ewind.cd Checkin (emerging-mobile_malware.rules) 2024202 - ET MOBILE_MALWARE AdWare.AndroidOS.Ewind.cd Response (emerging-mobile_malware.rules) 2024203 - ET TROJAN Win32/Mole Ransomware CnC Beacon (emerging-trojan.rules) 2024204 - ET TROJAN MSIL/Hidden-Tear Variant Ransomware CnC Checkin (emerging-trojan.rules) 2024205 - ET TROJAN Win32/Cradle Ransomware Onion Domain (emerging-trojan.rules) 2024206 - ET TROJAN Quant Loader Download Response M2 (emerging-trojan.rules) 2024214 - ET EXPLOIT Possible ECLIPSEDWING RPCTOUCH MS08-067 (emerging-exploit.rules) 2024215 - ET EXPLOIT Possible ECLIPSEDWING MS08-067 (emerging-exploit.rules) 2024216 - ET EXPLOIT Possible DOUBLEPULSAR Beacon Response (emerging-exploit.rules) 2024217 - ET EXPLOIT Possible ETERNALBLUE MS17-010 Heap Spray (emerging-exploit.rules) 2024219 - ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray (emerging-exploit.rules) 2024221 - ET TROJAN Possible Malicious Gzip PowerShell over HTTP (emerging-trojan.rules) 2024222 - ET EXPLOIT Possible EXPLODINGCAN IIS5.0/6.0 Exploit Attempt (emerging-exploit.rules) 2024223 - ET TROJAN MSIL/Runsome Ransomware CnC Checkin (emerging-trojan.rules) 2024224 - ET WEB_CLIENT Office Requesting .HTA File Likely CVE-2017-0199 Request (emerging-web_client.rules) 2024225 - ET WEB_CLIENT Office UA FB SET (emerging-web_client.rules) 2024226 - ET WEB_CLIENT Office Discovery HTA file Likely CVE-2017-0199 Request M2 (emerging-web_client.rules) 2024227 - ET INFO Lets Encrypt Free SSL Cert Observed with IDN/Punycode Domain - Possible Phishing (emerging-info.rules) 2024228 - ET INFO Suspicious HTML Decimal Obfuscated Title - Possible Phishing Landing Apr 19 2017 (emerging-info.rules) 2024229 - ET CURRENT_EVENTS Known Malicious Expires Header Seen In Malicious JavaScript Downloader Campaign (emerging-current_events.rules) 2024230 - ET CURRENT_EVENTS iCloud Phishing Landing Sept 2 2016 (emerging-current_events.rules) 2024231 - ET CURRENT_EVENTS Successful iCloud Phish Apr 20 2017 (emerging-current_events.rules) 2024232 - ET CURRENT_EVENTS Successful Alitalia Airline Phish Apr 20 2017 (emerging-current_events.rules) 2024233 - ET TROJAN Unknown Possibly Ransomware (Dropped by RIG) CnC Beacon (emerging-trojan.rules) 2024234 - ET EXPLOIT BlueCoat CAS v1.3.7.1 Report Email Command Injection attempt (emerging-exploit.rules) 2024235 - ET INFO DNS Query to Free Hosting Domain (freevnn . com) (emerging-info.rules) 2024237 - ET CURRENT_EVENTS ElTest Exploit Kit Redirection Script (emerging-current_events.rules) 2024238 - ET CURRENT_EVENTS HoeflerText Chrome Popup DriveBy Download Attempt (emerging-current_events.rules) 2024239 - ET TROJAN MSIL/Karmen Ransomware CnC Activity (emerging-trojan.rules) 2024243 - ET TROJAN ARM Binary Requested via WGET to Known IoT Malware Domain (emerging-trojan.rules) 2024244 - ET TROJAN Known IoT Malware Domain (emerging-trojan.rules) 2024245 - ET TROJAN Known IoT Malware Domain (emerging-trojan.rules) 2024246 - ET TROJAN Observed Malicious SSL cert (pyteHole Ransomware) (emerging-trojan.rules) 2024247 - ET TROJAN Possible DANDERSPRITZ Default HTTP Headers (emerging-trojan.rules) 2024248 - ET TROJAN Possible DANDERSPRITZ HTTP Beacon (emerging-trojan.rules) 2024249 - ET MALWARE Loadmoney User Agent (emerging-malware.rules) 2024250 - ET MALWARE Loadmoney.A Checkin 1 (emerging-malware.rules) 2024251 - ET MALWARE Loadmoney.A Checkin 2 (emerging-malware.rules) 2024252 - ET MALWARE Loadmoney.A Checkin 3 (emerging-malware.rules) 2024253 - ET MALWARE Loadmoney.A Checkin 4 (emerging-malware.rules) 2024254 - ET MALWARE Loadmoney.A Checkin 6 (emerging-malware.rules) 2024255 - ET MALWARE Loadmoney.A Checkin 7 (emerging-malware.rules) 2024256 - ET MALWARE Loadmoney.A Checkin 5 (emerging-malware.rules) 2024257 - ET MALWARE Loadmoney.A Checkin 8 (emerging-malware.rules) 2024258 - ET MALWARE Loadmoney Checkin 1 (emerging-malware.rules) 2024259 - ET MALWARE Loadmoney Checkin 2 (emerging-malware.rules) 2024261 - ET MALWARE Loadmoney Checkin 3 (emerging-malware.rules) 2024262 - ET MALWARE Loadmoney Checkin 4 (emerging-malware.rules) 2024263 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024264 - ET TROJAN DeepEnd Research Ransomware CrypMIC Payment Onion Domain (emerging-trojan.rules) 2024265 - ET WEB_SERVER Jorgee Scan (emerging-web_server.rules) 2024266 - ET CURRENT_EVENTS Successful Google App Oauth Phish M1 Mar 3 2017 (emerging-current_events.rules) 2024267 - ET CURRENT_EVENTS Successful Google App Oauth Phish M2 Mar 3 2017 (emerging-current_events.rules) 2024268 - ET CURRENT_EVENTS Successful Google App Oauth Phish M3 Mar 3 2017 (emerging-current_events.rules) 2024269 - ET CURRENT_EVENTS Successful Google App Oauth Phish M4 Mar 3 2017 (emerging-current_events.rules) 2024270 - ET TROJAN Kazuar CnC Beacon (emerging-trojan.rules) 2024271 - ET TROJAN Turla Snake OSX DNS Lookup (car-service .effers.com) (emerging-trojan.rules) 2024272 - ET TROJAN W32.Geodo/Emotet Checkin (emerging-trojan.rules) 2024273 - ET TROJAN SuperCMD CnC Beacon (emerging-trojan.rules) 2024274 - ET TROJAN W32/Emotet CnC Beacon 1 (emerging-trojan.rules) 2024275 - ET TROJAN W32/Emotet CnC Beacon 2 (emerging-trojan.rules) 2024276 - ET TROJAN MSIL/OzazaLocker Ransomware CnC Checkin (emerging-trojan.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (emerging-ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (emerging-ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (emerging-ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (emerging-ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (emerging-ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (emerging-ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (emerging-ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (emerging-ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (emerging-ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (emerging-ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (emerging-ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (emerging-ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (emerging-ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (emerging-ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (emerging-ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (emerging-ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (emerging-ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (emerging-ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (emerging-ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (emerging-ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (emerging-ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (emerging-ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (emerging-ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (emerging-ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (emerging-ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (emerging-ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (emerging-ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (emerging-ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (emerging-ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (emerging-ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (emerging-ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (emerging-ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (emerging-ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (emerging-ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (emerging-ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (emerging-ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (emerging-ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (emerging-ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (emerging-ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (emerging-ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (emerging-ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (emerging-ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (emerging-ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (emerging-ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (emerging-ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (emerging-ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (emerging-ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (emerging-ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (emerging-ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (emerging-ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (emerging-ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (emerging-ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (emerging-ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (emerging-ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (emerging-ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (emerging-ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (emerging-ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (emerging-ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (emerging-ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (emerging-ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (emerging-ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (emerging-ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (emerging-ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (emerging-ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (emerging-ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (emerging-ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (emerging-ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (emerging-ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (emerging-ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (emerging-ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (emerging-ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (emerging-ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (emerging-ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (emerging-ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (emerging-ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (emerging-ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (emerging-ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (emerging-ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (emerging-ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (emerging-ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (emerging-ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (emerging-ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (emerging-ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (emerging-ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (emerging-ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (emerging-ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (emerging-ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (emerging-ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (emerging-ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (emerging-ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (emerging-ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (emerging-ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (emerging-ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (emerging-ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (emerging-ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (emerging-ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (emerging-ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (emerging-ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (emerging-ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (emerging-ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (emerging-ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (emerging-ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (emerging-ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (emerging-ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (emerging-ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (emerging-ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (emerging-ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (emerging-ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (emerging-ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (emerging-ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (emerging-ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (emerging-ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (emerging-ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (emerging-ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (emerging-ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (emerging-ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (emerging-ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (emerging-ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (emerging-ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (emerging-ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (emerging-ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (emerging-ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (emerging-ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (emerging-ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (emerging-ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (emerging-ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (emerging-ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (emerging-ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (emerging-ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (emerging-ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (emerging-ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (emerging-ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (emerging-ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (emerging-ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (emerging-ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (emerging-ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (emerging-ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (emerging-ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (emerging-ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (emerging-ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (emerging-ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (emerging-ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (emerging-ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (emerging-ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (emerging-ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (emerging-ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (emerging-ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (emerging-ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (emerging-ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (emerging-ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (emerging-ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (emerging-ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (emerging-ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (emerging-ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (emerging-ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (emerging-ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (emerging-ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (emerging-ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (emerging-ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (emerging-ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (emerging-ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (emerging-ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (emerging-ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (emerging-ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (emerging-ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (emerging-ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (emerging-ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (emerging-ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (emerging-ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (emerging-ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (emerging-ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (emerging-ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (emerging-ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (emerging-ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (emerging-ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (emerging-ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (emerging-ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (emerging-ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (emerging-ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (emerging-ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (emerging-ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (emerging-ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (emerging-ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (emerging-ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (emerging-ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (emerging-ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (emerging-ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (emerging-ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (emerging-ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (emerging-ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (emerging-ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (emerging-ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (emerging-ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (emerging-ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (emerging-ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (emerging-ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (emerging-ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (emerging-ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (emerging-ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (emerging-ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 22 Group 1 (emerging-botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (emerging-botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (emerging-botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (emerging-botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 (emerging-botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (emerging-botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (emerging-botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 (emerging-botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 (emerging-botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (emerging-botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (emerging-botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 (emerging-botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 (emerging-botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 (emerging-botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 5252 Group 1 (emerging-botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (emerging-botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 (emerging-botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 (emerging-botcc.portgrouped.rules) 2405018 - ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 (emerging-botcc.portgrouped.rules) 2405019 - ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 (emerging-botcc.portgrouped.rules) 2405020 - ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 (emerging-botcc.portgrouped.rules) 2405021 - ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 (emerging-botcc.portgrouped.rules) 2405022 - ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 (emerging-botcc.portgrouped.rules) 2405023 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (emerging-botcc.portgrouped.rules) 2405024 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 (emerging-botcc.portgrouped.rules) 2405025 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 (emerging-botcc.portgrouped.rules) 2405026 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 (emerging-botcc.portgrouped.rules) 2405027 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 (emerging-botcc.portgrouped.rules) 2405028 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 (emerging-botcc.portgrouped.rules) 2405029 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 (emerging-botcc.portgrouped.rules) 2405030 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 (emerging-botcc.portgrouped.rules) 2405031 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 (emerging-botcc.portgrouped.rules) 2405032 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 (emerging-botcc.portgrouped.rules) 2405033 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (emerging-botcc.portgrouped.rules) 2405034 - ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 (emerging-botcc.portgrouped.rules) 2405035 - ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 (emerging-botcc.portgrouped.rules) 2405036 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (emerging-botcc.portgrouped.rules) 2405037 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (emerging-botcc.portgrouped.rules) 2405038 - ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 (emerging-botcc.portgrouped.rules) 2405039 - ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 (emerging-botcc.portgrouped.rules) 2405040 - ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 (emerging-botcc.portgrouped.rules) 2405041 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (emerging-botcc.portgrouped.rules) 2405042 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (emerging-botcc.portgrouped.rules) 2405043 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (emerging-botcc.portgrouped.rules) 2405044 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (emerging-botcc.portgrouped.rules) 2405045 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (emerging-botcc.portgrouped.rules) 2405046 - ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 (emerging-botcc.portgrouped.rules) 2405047 - ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 (emerging-botcc.portgrouped.rules) 2405048 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (emerging-botcc.portgrouped.rules) 2405049 - ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 (emerging-botcc.portgrouped.rules) [///] Modified inactive rules: [///] 2003340 - ET MALWARE Baidu.com Spyware Bar Reporting (emerging-malware.rules) 2003341 - ET MALWARE Baidu.com Spyware Bar Pulling Content (emerging-malware.rules) 2003578 - ET MALWARE Baidu.com Spyware Bar Pulling Data (emerging-malware.rules) 2003604 - ET POLICY Baidu.com Agent User-Agent (Desktop Web System) (emerging-policy.rules) 2003608 - ET POLICY Baidu.com Related Agent User-Agent (iexp) (emerging-policy.rules) 2003870 - ET SCAN ProxyReconBot POST method to Mail (emerging-scan.rules) 2008492 - ET DELETED Win32.Downloader.pgp Checkin (emerging-deleted.rules) 2008500 - ET MALWARE Sogou.com Spyware User-Agent (SogouIMEMiniSetup) (emerging-malware.rules) 2011812 - ET CURRENT_EVENTS SEO Exploit Kit - Landing Page (emerging-current_events.rules) 2011891 - ET WEB_CLIENT Possible Microsoft Internet Explorer CSS Tags Remote Code Execution Attempt (emerging-web_client.rules) 2011988 - ET CURRENT_EVENTS Phoenix-style Exploit Kit Java Request with semicolon in URI (emerging-current_events.rules) 2012300 - ET DELETED Win32.Banker.AAD CnC Communication (emerging-deleted.rules) 2012941 - ET CURRENT_EVENTS Phoenix Exploit Kit Newplayer.pdf (emerging-current_events.rules) 2017179 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download (emerging-current_events.rules) 2017180 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download 2 (emerging-current_events.rules) 2017267 - ET CURRENT_EVENTS Possible Neutrino EK Java Exploit Download Sep 30 2013 (emerging-current_events.rules) 2017268 - ET CURRENT_EVENTS Possible Neutrino EK Java Payload Download Sep 30 2013 (emerging-current_events.rules) 2020984 - ET CURRENT_EVENTS Fiesta EK PDF Exploit Apr 23 2015 (emerging-current_events.rules) 2021918 - ET DELETED DustySky Checkin (emerging-deleted.rules) 2022911 - ET DELETED LoadMoney User-Agent (emerging-deleted.rules) 2023997 - ET INFO Potentially unsafe SMBv1 protocol in use (emerging-info.rules) 2024083 - ET TROJAN ABUSE.CH SSL Fingerprint Blacklist Malicious SSL Certificate Detected (Gozi MITM) (emerging-trojan.rules) 2024094 - ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1 (emerging-deleted.rules) 2024095 - ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M2 (emerging-deleted.rules) 2024097 - ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Disposition) M2 (emerging-deleted.rules) 2101777 - GPL FTP STAT * dos attempt (emerging-ftp.rules) [---] Removed rules: [---] 2405050 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (emerging-botcc.portgrouped.rules) 2405051 - ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 (emerging-botcc.portgrouped.rules) [+++] Added non-rule lines: [+++] -> Added to emerging-ciarmy.rules (1): # Version 3126 -> Added to sid-msg.map (56): 2024277 || ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M1 || url,exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html 2024278 || ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M2 || url,exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html 2024279 || ET WEB_SPECIFIC_APPS Wordpress Host Header Injection (CVE-2016-10033) M3 || url,exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html 2405005 || ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405006 || ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405007 || ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405008 || ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405009 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405010 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405011 || ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405012 || ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405013 || ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405014 || ET CNC Shadowserver Reported CnC Server Port 5252 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405015 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405016 || ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405019 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405020 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405021 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405022 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405023 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405024 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405025 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405026 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405027 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405028 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405029 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405030 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405031 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405032 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405033 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405034 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405035 || ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405036 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405037 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405038 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405039 || ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405040 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405041 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405042 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405043 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405044 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405045 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405046 || ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405047 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405048 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405049 || ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2523412 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 707 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523413 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 707 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523414 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 708 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523415 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 708 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523416 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 709 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523417 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 709 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523418 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 710 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523419 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 710 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from emerging-ciarmy.rules (1): # Version 3124 -> Removed from sid-msg.map (53): 2404096 || ET CNC Shadowserver Reported CnC Server TCP group 49 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404097 || ET CNC Shadowserver Reported CnC Server UDP group 49 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405005 || ET CNC Shadowserver Reported CnC Server Port 1234 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405006 || ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405007 || ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405008 || ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405009 || ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405010 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405011 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405012 || ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405013 || ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405014 || ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405015 || ET CNC Shadowserver Reported CnC Server Port 5252 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405016 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405019 || ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405020 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405021 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405022 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405023 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405024 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405025 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405026 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405027 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405028 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405029 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405030 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405031 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405032 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405033 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405034 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405035 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405036 || ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405037 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405038 || ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405039 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405040 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405041 || ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405042 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405043 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405044 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405045 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405046 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405047 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405048 || ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405049 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405050 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405051 || ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2500112 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 57 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500113 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 57 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2520160 || ET TOR Known Tor Exit Node TCP Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520161 || ET TOR Known Tor Exit Node UDP Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules