*********************** snort-2.9.0-enhanced etpro *********************** [***] Results from Oinkmaster started Wed Sep 13 16:07:03 2017 [***] [+++] Added rules: [+++] 2007991 - ET USER_AGENTS User-Agent (Unknown) (user_agents.rules) 2024702 - ET CURRENT_EVENTS Possible CVE-2017-8759 Soap File DL (current_events.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 110 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 1080 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 1090 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 1346 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 1453 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 1863 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 1875 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 1888 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 1889 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 1921 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 2009 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 2087 Group 1 (botcc.portgrouped.rules) 2405018 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405019 - ET CNC Shadowserver Reported CnC Server Port 2345 Group 1 (botcc.portgrouped.rules) 2405020 - ET CNC Shadowserver Reported CnC Server Port 2828 Group 1 (botcc.portgrouped.rules) 2405021 - ET CNC Shadowserver Reported CnC Server Port 3060 Group 1 (botcc.portgrouped.rules) 2405022 - ET CNC Shadowserver Reported CnC Server Port 3179 Group 1 (botcc.portgrouped.rules) 2405023 - ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405024 - ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405025 - ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405026 - ET CNC Shadowserver Reported CnC Server Port 3435 Group 1 (botcc.portgrouped.rules) 2405027 - ET CNC Shadowserver Reported CnC Server Port 3737 Group 1 (botcc.portgrouped.rules) 2405028 - ET CNC Shadowserver Reported CnC Server Port 4040 Group 1 (botcc.portgrouped.rules) 2405029 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405030 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405031 - ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 (botcc.portgrouped.rules) 2405032 - ET CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405033 - ET CNC Shadowserver Reported CnC Server Port 4510 Group 1 (botcc.portgrouped.rules) 2405034 - ET CNC Shadowserver Reported CnC Server Port 4646 Group 1 (botcc.portgrouped.rules) 2405035 - ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 (botcc.portgrouped.rules) 2405036 - ET CNC Shadowserver Reported CnC Server Port 4723 Group 1 (botcc.portgrouped.rules) 2405037 - ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 (botcc.portgrouped.rules) 2405038 - ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405039 - ET CNC Shadowserver Reported CnC Server Port 5487 Group 1 (botcc.portgrouped.rules) 2405040 - ET CNC Shadowserver Reported CnC Server Port 5500 Group 1 (botcc.portgrouped.rules) 2405041 - ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 (botcc.portgrouped.rules) 2405042 - ET CNC Shadowserver Reported CnC Server Port 6532 Group 1 (botcc.portgrouped.rules) 2405043 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405044 - ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 (botcc.portgrouped.rules) 2405045 - ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405046 - ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405047 - ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405048 - ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405049 - ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405050 - ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405051 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405052 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405053 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405054 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405055 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405056 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405057 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405058 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405059 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405060 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405061 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405062 - ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405063 - ET CNC Shadowserver Reported CnC Server Port 6678 Group 1 (botcc.portgrouped.rules) 2405064 - ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 (botcc.portgrouped.rules) 2405065 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405066 - ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 (botcc.portgrouped.rules) 2405067 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405068 - ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405069 - ET CNC Shadowserver Reported CnC Server Port 7193 Group 1 (botcc.portgrouped.rules) 2405070 - ET CNC Shadowserver Reported CnC Server Port 7665 Group 1 (botcc.portgrouped.rules) 2405071 - ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405072 - ET CNC Shadowserver Reported CnC Server Port 7777 Group 1 (botcc.portgrouped.rules) 2405073 - ET CNC Shadowserver Reported CnC Server Port 8000 Group 1 (botcc.portgrouped.rules) 2405074 - ET CNC Shadowserver Reported CnC Server Port 8059 Group 1 (botcc.portgrouped.rules) 2405075 - ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405076 - ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405077 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405078 - ET CNC Shadowserver Reported CnC Server Port 8718 Group 1 (botcc.portgrouped.rules) 2405079 - ET CNC Shadowserver Reported CnC Server Port 8765 Group 1 (botcc.portgrouped.rules) 2405080 - ET CNC Shadowserver Reported CnC Server Port 8888 Group 1 (botcc.portgrouped.rules) 2405081 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405082 - ET CNC Shadowserver Reported CnC Server Port 9731 Group 1 (botcc.portgrouped.rules) 2405083 - ET CNC Shadowserver Reported CnC Server Port 9872 Group 1 (botcc.portgrouped.rules) 2405084 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405085 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405086 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405087 - ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 (botcc.portgrouped.rules) 2405088 - ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405089 - ET CNC Shadowserver Reported CnC Server Port 21321 Group 1 (botcc.portgrouped.rules) 2405090 - ET CNC Shadowserver Reported CnC Server Port 21333 Group 1 (botcc.portgrouped.rules) 2405091 - ET CNC Shadowserver Reported CnC Server Port 26745 Group 1 (botcc.portgrouped.rules) 2405092 - ET CNC Shadowserver Reported CnC Server Port 32164 Group 1 (botcc.portgrouped.rules) 2405093 - ET CNC Shadowserver Reported CnC Server Port 32768 Group 1 (botcc.portgrouped.rules) 2405094 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2405095 - ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 (botcc.portgrouped.rules) 2405096 - ET CNC Shadowserver Reported CnC Server Port 47221 Group 1 (botcc.portgrouped.rules) 2405097 - ET CNC Shadowserver Reported CnC Server Port 51987 Group 1 (botcc.portgrouped.rules) 2405098 - ET CNC Shadowserver Reported CnC Server Port 54321 Group 1 (botcc.portgrouped.rules) 2405099 - ET CNC Shadowserver Reported CnC Server Port 65267 Group 1 (botcc.portgrouped.rules) 2827921 - ETPRO TROJAN Salsa Ransomware Checkin (trojan.rules) 2827922 - ETPRO CURRENT_EVENTS Successful ICS Phish Sep 13 2017 (current_events.rules) 2827923 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 206 (mobile_malware.rules) 2827924 - ETPRO TROJAN DNS Query to Cerber Domain (1nzpby . top) (trojan.rules) 2827925 - ETPRO TROJAN DNS Query to Cerber Domain (1aj1bb . top) (trojan.rules) 2827926 - ETPRO TROJAN DNS Query to Sage Domain (l3by4d . com) (trojan.rules) 2827927 - ETPRO TROJAN PhantomClicker Activity (trojan.rules) 2827928 - ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (TFdZUDNhUWNYTlI3VFZDcnhDeWdzaG01NEY0UlJzdlIxRjp4) (trojan.rules) 2827929 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 207 (mobile_malware.rules) 2827930 - ETPRO POLICY CoinMiner Config Inbound (policy.rules) 2827931 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 1) (trojan.rules) 2827932 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 2) (trojan.rules) 2827933 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 3) (trojan.rules) 2827934 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 4) (trojan.rules) 2827935 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 5) (trojan.rules) 2827936 - ETPRO TROJAN MSIL/njRAT/Bladabindi Variant CnC Checkin (trojan.rules) 2827937 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 6) (trojan.rules) 2827938 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 7) (trojan.rules) 2827939 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 8) (trojan.rules) 2827940 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 9) (trojan.rules) 2827941 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 10) (trojan.rules) 2827942 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 11) (trojan.rules) 2827943 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 12) (trojan.rules) [///] Modified active rules: [///] 2022800 - ET TROJAN ABUSE.CH Cryptolocker Payment Page (de2nuvwegoo32oqv) (trojan.rules) 2024625 - ET TROJAN Win32/ASPC Bot CnC Checkin M3 (trojan.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2821875 - ETPRO TROJAN Win32/Remcos RAT Checkin 1 (trojan.rules) 2826354 - ETPRO TROJAN Loda Logger Read File Contents Request (trojan.rules) 2827896 - ETPRO EXPLOIT .NET SOAP Code Injection (CVE-2017-8759) (exploit.rules) [---] Disabled and modified rules: [---] 2800392 - ETPRO TROJAN SRaT 1.6 Server Response (trojan.rules) 2822552 - ETPRO CURRENT_EVENTS Successful Gmail Phish Oct 10 2016 (current_events.rules) [---] Removed rules: [---] 2007567 - ET TROJAN Zlob User Agent - updating (unknown) (trojan.rules) 2007991 - ET MALWARE User-Agent (Unknown) (malware.rules) [+++] Added non-rule lines: [+++] -> Added to sid-msg.map (224): 2007567 || ET DELETED Zlob User Agent - updating (unknown) || url,doc.emergingthreats.net/2007567 2007991 || ET USER_AGENTS User-Agent (Unknown) || url,doc.emergingthreats.net/bin/view/Main/2007991 2022800 || ET TROJAN ABUSE.CH Cryptolocker Payment Page (de2nuvwegoo32oqv) || url,ransomwaretracker.abuse.ch 2024702 || ET CURRENT_EVENTS Possible CVE-2017-8759 Soap File DL 2404000 || ET CNC Shadowserver Reported CnC Server TCP group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404001 || ET CNC Shadowserver Reported CnC Server UDP group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404002 || ET CNC Shadowserver Reported CnC Server TCP group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404003 || ET CNC Shadowserver Reported CnC Server UDP group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404004 || ET CNC Shadowserver Reported CnC Server TCP group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404005 || ET CNC Shadowserver Reported CnC Server UDP group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404006 || ET CNC Shadowserver Reported CnC Server TCP group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404007 || ET CNC Shadowserver Reported CnC Server UDP group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404008 || ET CNC Shadowserver Reported CnC Server TCP group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404009 || ET CNC Shadowserver Reported CnC Server UDP group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404010 || ET CNC Shadowserver Reported CnC Server TCP group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404011 || ET CNC Shadowserver Reported CnC Server UDP group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404012 || ET CNC Shadowserver Reported CnC Server TCP group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404013 || ET CNC Shadowserver Reported CnC Server UDP group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404014 || ET CNC Shadowserver Reported CnC Server TCP group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404015 || ET CNC Shadowserver Reported CnC Server UDP group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404016 || ET CNC Shadowserver Reported CnC Server TCP group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404017 || ET CNC Shadowserver Reported CnC Server UDP group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404018 || ET CNC Shadowserver Reported CnC Server TCP group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404019 || ET CNC Shadowserver Reported CnC Server UDP group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404020 || ET CNC Shadowserver Reported CnC Server TCP group 11 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404021 || ET CNC Shadowserver Reported CnC Server UDP group 11 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404022 || ET CNC Shadowserver Reported CnC Server TCP group 12 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404023 || ET CNC Shadowserver Reported CnC Server UDP group 12 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404024 || ET CNC Shadowserver Reported CnC Server TCP group 13 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404025 || ET CNC Shadowserver Reported CnC Server UDP group 13 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404026 || ET CNC Shadowserver Reported CnC Server TCP group 14 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404027 || ET CNC Shadowserver Reported CnC Server UDP group 14 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404028 || ET CNC Shadowserver Reported CnC Server TCP group 15 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404029 || ET CNC Shadowserver Reported CnC Server UDP group 15 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404030 || ET CNC Shadowserver Reported CnC Server TCP group 16 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404031 || ET CNC Shadowserver Reported CnC Server UDP group 16 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404032 || ET CNC Shadowserver Reported CnC Server TCP group 17 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404033 || ET CNC Shadowserver Reported CnC Server UDP group 17 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404034 || ET CNC Shadowserver Reported CnC Server TCP group 18 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404035 || ET CNC Shadowserver Reported CnC Server UDP group 18 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404036 || ET CNC Shadowserver Reported CnC Server TCP group 19 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404037 || ET CNC Shadowserver Reported CnC Server UDP group 19 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404038 || ET CNC Shadowserver Reported CnC Server TCP group 20 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404039 || ET CNC Shadowserver Reported CnC Server UDP group 20 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404040 || ET CNC Shadowserver Reported CnC Server TCP group 21 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404041 || ET CNC Shadowserver Reported CnC Server UDP group 21 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404042 || ET CNC Shadowserver Reported CnC Server TCP group 22 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404043 || ET CNC Shadowserver Reported CnC Server UDP group 22 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404044 || ET CNC Shadowserver Reported CnC Server TCP group 23 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404045 || ET CNC Shadowserver Reported CnC Server UDP group 23 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404046 || ET CNC Shadowserver Reported CnC Server TCP group 24 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404047 || ET CNC Shadowserver Reported CnC Server UDP group 24 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404048 || ET CNC Shadowserver Reported CnC Server TCP group 25 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404049 || ET CNC Shadowserver Reported CnC Server UDP group 25 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404050 || ET CNC Shadowserver Reported CnC Server TCP group 26 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404051 || ET CNC Shadowserver Reported CnC Server UDP group 26 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404052 || ET CNC Shadowserver Reported CnC Server TCP group 27 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404053 || ET CNC Shadowserver Reported CnC Server UDP group 27 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404054 || ET CNC Shadowserver Reported CnC Server TCP group 28 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404055 || ET CNC Shadowserver Reported CnC Server UDP group 28 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404056 || ET CNC Shadowserver Reported CnC Server TCP group 29 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404057 || ET CNC Shadowserver Reported CnC Server UDP group 29 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404058 || ET CNC Shadowserver Reported CnC Server TCP group 30 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404059 || ET CNC Shadowserver Reported CnC Server UDP group 30 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404060 || ET CNC Shadowserver Reported CnC Server TCP group 31 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404061 || ET CNC Shadowserver Reported CnC Server UDP group 31 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404062 || ET CNC Shadowserver Reported CnC Server TCP group 32 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404063 || ET CNC Shadowserver Reported CnC Server UDP group 32 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404064 || ET CNC Shadowserver Reported CnC Server TCP group 33 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404065 || ET CNC Shadowserver Reported CnC Server UDP group 33 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404066 || ET CNC Shadowserver Reported CnC Server TCP group 34 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404067 || ET CNC Shadowserver Reported CnC Server UDP group 34 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404068 || ET CNC Shadowserver Reported CnC Server TCP group 35 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404069 || ET CNC Shadowserver Reported CnC Server UDP group 35 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404070 || ET CNC Shadowserver Reported CnC Server TCP group 36 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404071 || ET CNC Shadowserver Reported CnC Server UDP group 36 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404072 || ET CNC Shadowserver Reported CnC Server TCP group 37 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404073 || ET CNC Shadowserver Reported CnC Server UDP group 37 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404074 || ET CNC Shadowserver Reported CnC Server TCP group 38 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404075 || ET CNC Shadowserver Reported CnC Server UDP group 38 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404076 || ET CNC Shadowserver Reported CnC Server TCP group 39 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404077 || ET CNC Shadowserver Reported CnC Server UDP group 39 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404078 || ET CNC Shadowserver Reported CnC Server TCP group 40 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404079 || ET CNC Shadowserver Reported CnC Server UDP group 40 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404080 || ET CNC Shadowserver Reported CnC Server TCP group 41 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404081 || ET CNC Shadowserver Reported CnC Server UDP group 41 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404082 || ET CNC Shadowserver Reported CnC Server TCP group 42 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404083 || ET CNC Shadowserver Reported CnC Server UDP group 42 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404084 || ET CNC Shadowserver Reported CnC Server TCP group 43 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404085 || ET CNC Shadowserver Reported CnC Server UDP group 43 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404086 || ET CNC Shadowserver Reported CnC Server TCP group 44 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404087 || ET CNC Shadowserver Reported CnC Server UDP group 44 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404088 || ET CNC Shadowserver Reported CnC Server TCP group 45 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404089 || ET CNC Shadowserver Reported CnC Server UDP group 45 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404090 || ET CNC Shadowserver Reported CnC Server TCP group 46 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404091 || ET CNC Shadowserver Reported CnC Server UDP group 46 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404092 || ET CNC Shadowserver Reported CnC Server TCP group 47 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404093 || ET CNC Shadowserver Reported CnC Server UDP group 47 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405000 || ET CNC Shadowserver Reported CnC Server Port 22 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405001 || ET CNC Shadowserver Reported CnC Server Port 80 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405002 || ET CNC Shadowserver Reported CnC Server Port 81 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405003 || ET CNC Shadowserver Reported CnC Server Port 110 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405004 || ET CNC Shadowserver Reported CnC Server Port 443 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405005 || ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405006 || ET CNC Shadowserver Reported CnC Server Port 1080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405007 || ET CNC Shadowserver Reported CnC Server Port 1090 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405008 || ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405009 || ET CNC Shadowserver Reported CnC Server Port 1346 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405010 || ET CNC Shadowserver Reported CnC Server Port 1453 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405011 || ET CNC Shadowserver Reported CnC Server Port 1863 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405012 || ET CNC Shadowserver Reported CnC Server Port 1875 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405013 || ET CNC Shadowserver Reported CnC Server Port 1888 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405014 || ET CNC Shadowserver Reported CnC Server Port 1889 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405015 || ET CNC Shadowserver Reported CnC Server Port 1921 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405016 || ET CNC Shadowserver Reported CnC Server Port 2009 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 2087 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405019 || ET CNC Shadowserver Reported CnC Server Port 2345 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405020 || ET CNC Shadowserver Reported CnC Server Port 2828 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405021 || ET CNC Shadowserver Reported CnC Server Port 3060 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405022 || ET CNC Shadowserver Reported CnC Server Port 3179 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405023 || ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405024 || ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405025 || ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405026 || ET CNC Shadowserver Reported CnC Server Port 3435 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405027 || ET CNC Shadowserver Reported CnC Server Port 3737 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405028 || ET CNC Shadowserver Reported CnC Server Port 4040 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405029 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405030 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405031 || ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405032 || ET CNC Shadowserver Reported CnC Server Port 4466 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405033 || ET CNC Shadowserver Reported CnC Server Port 4510 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405034 || ET CNC Shadowserver Reported CnC Server Port 4646 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405035 || ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405036 || ET CNC Shadowserver Reported CnC Server Port 4723 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405037 || ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405038 || ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405039 || ET CNC Shadowserver Reported CnC Server Port 5487 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405040 || ET CNC Shadowserver Reported CnC Server Port 5500 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405041 || ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405042 || ET CNC Shadowserver Reported CnC Server Port 6532 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405043 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405044 || ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405045 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405046 || ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405047 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405048 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405049 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405050 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405051 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405052 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405053 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405054 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405055 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405056 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405057 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405058 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405059 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405060 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405061 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405062 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405063 || ET CNC Shadowserver Reported CnC Server Port 6678 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405064 || ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405065 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405066 || ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405067 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405068 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405069 || ET CNC Shadowserver Reported CnC Server Port 7193 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405070 || ET CNC Shadowserver Reported CnC Server Port 7665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405071 || ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405072 || ET CNC Shadowserver Reported CnC Server Port 7777 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405073 || ET CNC Shadowserver Reported CnC Server Port 8000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405074 || ET CNC Shadowserver Reported CnC Server Port 8059 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405075 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405076 || ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405077 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405078 || ET CNC Shadowserver Reported CnC Server Port 8718 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405079 || ET CNC Shadowserver Reported CnC Server Port 8765 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405080 || ET CNC Shadowserver Reported CnC Server Port 8888 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405081 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405082 || ET CNC Shadowserver Reported CnC Server Port 9731 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405083 || ET CNC Shadowserver Reported CnC Server Port 9872 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405084 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405085 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405086 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405087 || ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405088 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405089 || ET CNC Shadowserver Reported CnC Server Port 21321 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405090 || ET CNC Shadowserver Reported CnC Server Port 21333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405091 || ET CNC Shadowserver Reported CnC Server Port 26745 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405092 || ET CNC Shadowserver Reported CnC Server Port 32164 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405093 || ET CNC Shadowserver Reported CnC Server Port 32768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405094 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405095 || ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405096 || ET CNC Shadowserver Reported CnC Server Port 47221 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405097 || ET CNC Shadowserver Reported CnC Server Port 51987 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405098 || ET CNC Shadowserver Reported CnC Server Port 54321 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405099 || ET CNC Shadowserver Reported CnC Server Port 65267 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2520148 || ET TOR Known Tor Exit Node TCP Traffic group 75 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520149 || ET TOR Known Tor Exit Node UDP Traffic group 75 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2821875 || ETPRO TROJAN Win32/Remcos RAT Checkin 1 || md5,b0b1c23ca740437fc85099cd64194567 2827921 || ETPRO TROJAN Salsa Ransomware Checkin || md5,205a0afcc65f644f19baf33273c53b8a 2827922 || ETPRO CURRENT_EVENTS Successful ICS Phish Sep 13 2017 2827923 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 206 || md5,a57901b5bec1dfb701901f7496b127e7 2827924 || ETPRO TROJAN DNS Query to Cerber Domain (1nzpby . top) 2827925 || ETPRO TROJAN DNS Query to Cerber Domain (1aj1bb . top) 2827926 || ETPRO TROJAN DNS Query to Sage Domain (l3by4d . com) 2827927 || ETPRO TROJAN PhantomClicker Activity || md5,8f523e7b96d13934fd01cc6fa9e0212e 2827928 || ETPRO TROJAN Bitcoin Miner Known Malicious Basic Auth (TFdZUDNhUWNYTlI3VFZDcnhDeWdzaG01NEY0UlJzdlIxRjp4) || md5,1d222bebdb51e16457254b0e20bfff1e || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827929 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 207 || md5,5b389e50e5b00ee1b6ed1c46019f62a7 2827930 || ETPRO POLICY CoinMiner Config Inbound || md5,d8c59c65b37fd77e993114fccc92a1aa 2827931 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 1) || md5,1957ade634fde85b5b3920e8c9bcb08f || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827932 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 2) || md5,299fb28b34b61311cf61e17984531145 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827933 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 3) || md5,45f364c2506257625c7d128892d50788 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827934 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 4) || md5,6333f99bc48428a7681d78e69812835c || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827935 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 5) || md5,8de9457f6d5d40a3f94b05e2ba7de1b1 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827936 || ETPRO TROJAN MSIL/njRAT/Bladabindi Variant CnC Checkin || md5,6866769b84ea36fa8e8b87f696c4b770 2827937 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 6) || md5,b8020166d33859dd379efd8902b5cdf8 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827938 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 7) || md5,dabea04d5c2d45068b9728122600f500 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827939 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 8) || md5,fe691bff1e9b5f0a3a6aeadfaa0cf5ca || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827940 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 9) || md5,33feb8d2136f1710cc2f5fc5c1f8c94a || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827941 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 10) || md5,6c13271b6fd8f46ba7323c02f2e83a54 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827942 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 11) || md5,9a1b243ae56ac1e11e242e34425ca25a || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2827943 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-09-13 12) || md5,fd8671c5d5d9dddfcd767124cdedd797 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html [---] Removed non-rule lines: [---] -> Removed from sid-msg.map (82): 2007567 || ET TROJAN Zlob User Agent - updating (unknown) || url,doc.emergingthreats.net/2007567 2007991 || ET MALWARE User-Agent (Unknown) || url,doc.emergingthreats.net/bin/view/Main/2007991 2022800 || ET TROJAN ABUSE.CH Cryptolocker Payment Page (3qbyaoohkcqkzrz6) || url,ransomwaretracker.abuse.ch 2500000 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 1 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500001 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 1 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500002 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 2 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500003 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 2 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500004 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 3 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500005 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 3 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500006 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 4 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500007 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 4 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500008 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 5 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500009 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 5 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500010 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 6 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500011 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 6 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500012 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 7 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500013 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 7 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500014 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 8 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500015 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 8 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500016 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 9 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500017 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 9 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500018 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 10 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500019 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 10 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500020 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 11 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500021 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 11 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500022 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 12 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500023 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 12 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500024 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 13 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500025 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 13 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500026 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 14 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500027 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 14 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500028 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 15 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500029 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 15 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500030 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 16 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500031 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 16 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500032 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 17 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500033 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 17 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500034 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 18 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500035 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 18 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500036 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 19 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500037 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 19 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500038 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 20 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500039 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 20 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500040 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 21 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500041 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 21 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500042 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 22 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500043 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 22 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500044 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 23 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500045 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 23 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500046 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 24 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500047 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 24 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500048 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 25 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500049 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 25 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500050 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 26 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500051 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 26 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500052 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 27 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500053 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 27 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500054 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 28 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500055 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 28 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500056 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 29 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500057 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 29 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500058 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 30 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500059 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 30 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500060 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 31 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500061 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 31 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500062 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 32 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500063 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 32 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500064 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500065 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500066 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 34 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500067 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 34 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500068 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 35 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500069 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 35 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500070 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 36 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500071 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 36 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500072 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 37 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500073 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 37 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500074 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 38 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500075 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 38 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500076 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 39 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500077 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 39 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2821875 || ETPRO TROJAN Win32/Remcos RAT Checkin || md5,b0b1c23ca740437fc85099cd64194567