*********************** snort-2.9.0-enhanced etpro *********************** [***] Results from Oinkmaster started Wed Apr 26 17:08:47 2017 [***] [+++] Added rules: [+++] 2024247 - ET TROJAN Possible DANDERSPRITZ Default HTTP Headers (trojan.rules) 2024248 - ET TROJAN Possible DANDERSPRITZ HTTP Beacon (trojan.rules) 2826111 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 82 (mobile_malware.rules) 2826112 - ETPRO MOBILE_MALWARE Android/SMForw.RL Contact Exfil (mobile_malware.rules) 2826113 - ETPRO CURRENT_EVENTS Successful Administrator Password Reset Phish Apr 26 2017 (current_events.rules) 2826114 - ETPRO CURRENT_EVENTS Successful Netflix Payment Information Phish Apr 26 2017 (current_events.rules) 2826115 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish M1 Apr 26 2017 (current_events.rules) 2826116 - ETPRO CURRENT_EVENTS Successful National Australia Bank Phish M2 Apr 26 2017 (current_events.rules) 2826117 - ETPRO TROJAN Linux.Shishiga HTTP Checkin (trojan.rules) 2826118 - ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 26 2017 (current_events.rules) 2826119 - ETPRO POLICY DeskShare Desktop Sharing Tool Checkin (policy.rules) 2826120 - ETPRO TROJAN DNS Query to Sage Domain (qlkrwn . com) (trojan.rules) 2826121 - ETPRO TROJAN DNS Query to Cerber Domain (1c1ajf . top) (trojan.rules) 2826122 - ETPRO TROJAN DNS Query to Cerber Domain (1nkkem . top) (trojan.rules) 2826123 - ETPRO TROJAN MSIL/Unk.CoinMiner CnC Install Activity (trojan.rules) 2826124 - ETPRO TROJAN DNS Query to Cerber Domain (17u2yg . top) (trojan.rules) 2826125 - ETPRO TROJAN DNS Query to Cerber Domain (17m14u . top) (trojan.rules) 2826126 - ETPRO TROJAN DNS Query to Cerber Domain (1mee2x . top) (trojan.rules) 2826127 - ETPRO TROJAN DNS Query to Cerber Domain (1g6evx . top) (trojan.rules) 2826128 - ETPRO TROJAN DNS Query to Cerber Domain (13bi2c . top) (trojan.rules) 2826129 - ETPRO TROJAN DNS Query to Cerber Domain (1j43kf . top) (trojan.rules) 2826130 - ETPRO TROJAN DNS Query to Cerber Domain (1evjph . top) (trojan.rules) 2826131 - ETPRO TROJAN DNS Query to Cerber Domain (1fnjrj . top) (trojan.rules) 2826132 - ETPRO TROJAN DNS Query to Cerber Domain (14szpx . top) (trojan.rules) 2826133 - ETPRO CURRENT_EVENTS Astrum EK Activity M1 Apr 26 2017 (current_events.rules) 2826134 - ETPRO CURRENT_EVENTS Astrum EK Activity M2 Apr 26 2017 (current_events.rules) [///] Modified active rules: [///] 2020962 - ET TROJAN CozyDuke APT HTTP Checkin (trojan.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (ciarmy.rules) 2814860 - ETPRO TROJAN njRAT/Bladabindi CnC Callback (act) (trojan.rules) 2815563 - ETPRO CURRENT_EVENTS Base64 Javascript URL Refresh - Common Phish Landing Obfuscation Dec 31 (current_events.rules) [---] Disabled rules: [---] 2800075 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800076 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800077 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800078 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800079 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800080 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800081 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800082 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800083 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800084 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800085 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800086 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800087 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800088 - ETPRO ACTIVEX Microsoft Internet Explorer COM Object Instantiation Memory Corruption (activex.rules) 2800101 - ETPRO ACTIVEX CA eTrust Intrusion Detection CallCode ActiveX Control Code Execution (activex.rules) 2800102 - ETPRO ACTIVEX CA eTrust Intrusion Detection CallCode ActiveX Control Code Execution (activex.rules) 2800117 - ETPRO ACTIVEX Microsoft Internet Explorer ActiveX Object Objectsafety Implementation Code Execution clsid Attempt (activex.rules) 2800119 - ETPRO ACTIVEX Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption clsid (activex.rules) 2800120 - ETPRO ACTIVEX Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption activex (activex.rules) 2800121 - ETPRO ACTIVEX Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption (activex.rules) 2800141 - ETPRO EXPLOIT RealNetworks Helix DNA Server RTSP Service Heap Overflow (exploit.rules) 2800148 - ETPRO ACTIVEX Microsoft SQL Server Distributed Management Objects Buffer Overflow (activex.rules) 2800152 - ETPRO ACTIVEX Microsoft Windows MFC Library FileFind Class Heap Overflow (activex.rules) 2800190 - ETPRO SMTP IBM Lotus Notes MIF Attachment Viewer Buffer Overflow 1 (smtp.rules) 2800191 - ETPRO SMTP IBM Lotus Notes MIF Attachment Viewer Buffer Overflow 2 (smtp.rules) 2800216 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer Overflow 1 (activex.rules) 2800217 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer Overflow 2 (activex.rules) 2800218 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer Overflow 3 (activex.rules) 2800219 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer Overflow 4 (activex.rules) 2800220 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer Overflow 5 (activex.rules) 2800221 - ETPRO ACTIVEX BitDefender Online Scanner ActiveX Control Buffer Overflow 6 (activex.rules) 2800231 - ETPRO EXPLOIT Apple QuickTime RTSP Response Crafted Content-Type Header Buffer Overflow 2 (exploit.rules) 2800258 - ETPRO ACTIVEX HP Software Update Tool ActiveX Control File Overwrite (activex.rules) 2800259 - ETPRO ACTIVEX HP Software Update Tool ActiveX Control File Overwrite (activex.rules) 2800271 - ETPRO ACTIVEX Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Control Command Execution 1 (activex.rules) 2800272 - ETPRO ACTIVEX Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Control Command Execution 2 (activex.rules) 2800292 - ETPRO EXPLOIT Sybase SQL Anywhere MobiLink Crafted Strings Buffer Overflow 1 (exploit.rules) 2800293 - ETPRO EXPLOIT Sybase SQL Anywhere MobiLink Crafted Strings Buffer Overflow 2 (exploit.rules) 2800294 - ETPRO EXPLOIT Sybase SQL Anywhere MobiLink Crafted Strings Buffer Overflow 3 (exploit.rules) 2800305 - ETPRO ACTIVEX Microsoft Office Web Components URL Parsing Buffer Overflow (activex.rules) 2800309 - ETPRO ACTIVEX Microsoft Office Web Components DateSource Code Execution 1 (activex.rules) 2800310 - ETPRO ACTIVEX Microsoft Office Web Components DateSource Code Execution 2 (activex.rules) 2800317 - ETPRO ACTIVEX CA Multiple Products ActiveX Control Use (activex.rules) 2800318 - ETPRO ACTIVEX CA Multiple Products ActiveX Control ListCtrl Use (activex.rules) 2800319 - ETPRO ACTIVEX CA Multiple Products ActiveX Control ListCtrl AddColumn Buffer Overflow 1 (activex.rules) 2800320 - ETPRO ACTIVEX CA Multiple Products ActiveX Control ListCtrl AddColumn Buffer Overflow 4 (activex.rules) 2800345 - ETPRO MALWARE BugsPrey (Init Connection) (malware.rules) 2800346 - ETPRO MALWARE BugsPrey (Init Connection Reply) (malware.rules) 2800353 - ETPRO ACTIVEX Microsoft SQL Server 2000 Client Components ActiveX Control Buffer Overflow 1 (activex.rules) 2800354 - ETPRO ACTIVEX Microsoft SQL Server 2000 Client Components ActiveX Control Buffer Overflow 2 (activex.rules) 2800358 - ETPRO ACTIVEX Macrovision InstallShield Update Service Agent ActiveX 1 (activex.rules) 2800359 - ETPRO ACTIVEX Macrovision InstallShield Update Service Agent ActiveX 2 (activex.rules) 2800360 - ETPRO ACTIVEX Macrovision InstallShield Update Service Agent ActiveX Memory Corruption (activex.rules) 2800361 - ETPRO TROJAN aSpy v2.12 (trojan.rules) 2800363 - ETPRO ACTIVEX Autodesk Multiple Products LiveUpdate ActiveX Control Code Execution 1 (activex.rules) 2800364 - ETPRO ACTIVEX Autodesk Multiple Products LiveUpdate ActiveX Control Code Execution 2 (activex.rules) 2800383 - ETPRO MALWARE LOST DOOR 3.0 (init connection) (malware.rules) 2800391 - ETPRO TROJAN SRaT 1.6 Checkin (trojan.rules) 2800404 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer Overflow 1 (activex.rules) 2800405 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer Overflow 2 (activex.rules) 2800406 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer Overflow 3 (activex.rules) 2800407 - ETPRO ACTIVEX SAP GUI TabOne ActiveX Control Caption List Buffer Overflow 4 (activex.rules) 2800418 - ETPRO SMTP Novell Groupwise Internet Agent RCPT Command Buffer Overflow (smtp.rules) 2800419 - ETPRO EXPLOIT Oracle Application Server Portal Cross Site Scripting (exploit.rules) 2800430 - ETPRO SQL MySQL XML Functions Scalar XPath Denial of Service (sql.rules) 2800431 - ETPRO SQL MySQL XML Functions Scalar XPath Denial of Service (sql.rules) 2800461 - ETPRO WEB_CLIENT Adobe Reader JavaScript getAnnots Method Memory Corruption (web_client.rules) 2800493 - ETPRO FTP Microsoft Internet Information Services FTP Server Remote Buffer Overflow (ftp.rules) 2800501 - ETPRO WEB_CLIENT FFmpeg OGV File Format Memory Corruption (web_client.rules) 2800502 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite 1 (activex.rules) 2800503 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite 2 (activex.rules) 2800504 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite 3 (activex.rules) 2800505 - ETPRO ACTIVEX SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite 4 (activex.rules) 2800506 - ETPRO ACTIVEX EMC Captiva QuickScan Pro KeyHelp ActiveX Control Buffer Overflow (activex.rules) [+++] Added non-rule lines: [+++] -> Added to ciarmy.rules (1): # Version 3105 -> Added to sid-msg.map (26): 2024247 || ET TROJAN Possible DANDERSPRITZ Default HTTP Headers 2024248 || ET TROJAN Possible DANDERSPRITZ HTTP Beacon 2826111 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 82 || md5,a8ae273f8bf890a949ee429b0071f64a 2826112 || ETPRO MOBILE_MALWARE Android/SMForw.RL Contact Exfil || md5,13e42d2e400def84709632fe23be7ee5 2826113 || ETPRO CURRENT_EVENTS Successful Administrator Password Reset Phish Apr 26 2017 2826114 || ETPRO CURRENT_EVENTS Successful Netflix Payment Information Phish Apr 26 2017 2826115 || ETPRO CURRENT_EVENTS Successful National Australia Bank Phish M1 Apr 26 2017 2826116 || ETPRO CURRENT_EVENTS Successful National Australia Bank Phish M2 Apr 26 2017 2826117 || ETPRO TROJAN Linux.Shishiga HTTP Checkin || url,www.welivesecurity.com/2017/04/25/linux-shishiga-malware-using-lua-scripts 2826118 || ETPRO CURRENT_EVENTS Successful Paypal Phish Apr 26 2017 2826119 || ETPRO POLICY DeskShare Desktop Sharing Tool Checkin || md5,5b5c27880f423076fd11ca18ff04b53b 2826120 || ETPRO TROJAN DNS Query to Sage Domain (qlkrwn . com) 2826121 || ETPRO TROJAN DNS Query to Cerber Domain (1c1ajf . top) 2826122 || ETPRO TROJAN DNS Query to Cerber Domain (1nkkem . top) 2826123 || ETPRO TROJAN MSIL/Unk.CoinMiner CnC Install Activity || md5,d108bb38c29e2339ea53e47e53f5bdfc 2826124 || ETPRO TROJAN DNS Query to Cerber Domain (17u2yg . top) 2826125 || ETPRO TROJAN DNS Query to Cerber Domain (17m14u . top) 2826126 || ETPRO TROJAN DNS Query to Cerber Domain (1mee2x . top) 2826127 || ETPRO TROJAN DNS Query to Cerber Domain (1g6evx . top) 2826128 || ETPRO TROJAN DNS Query to Cerber Domain (13bi2c . top) 2826129 || ETPRO TROJAN DNS Query to Cerber Domain (1j43kf . top) 2826130 || ETPRO TROJAN DNS Query to Cerber Domain (1evjph . top) 2826131 || ETPRO TROJAN DNS Query to Cerber Domain (1fnjrj . top) 2826132 || ETPRO TROJAN DNS Query to Cerber Domain (14szpx . top) 2826133 || ETPRO CURRENT_EVENTS Astrum EK Activity M1 Apr 26 2017 2826134 || ETPRO CURRENT_EVENTS Astrum EK Activity M2 Apr 26 2017 [---] Removed non-rule lines: [---] -> Removed from ciarmy.rules (1): # Version 3102 -> Removed from sid-msg.map (20): 2523408 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 705 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523409 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 705 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523410 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 706 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523411 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 706 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523412 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 707 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523413 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 707 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523414 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 708 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523415 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 708 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523416 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 709 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523417 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 709 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523418 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 710 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523419 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 710 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523420 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 711 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523421 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 711 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523422 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 712 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523423 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 712 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523424 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 713 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523425 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 713 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523426 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 714 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523427 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 714 || url,doc.emergingthreats.net/bin/view/Main/TorRules