*********************** snort-2.9.0-enhanced etpro *********************** [***] Results from Oinkmaster started Thu Sep 3 17:33:03 2020 [***] [+++] Added rules: [+++] 2030830 - ET EXPLOIT Apache2 Memory Corruption Inbound (CVE-2020-9490) (exploit.rules) 2525034 - ET 3CORESec Poor Reputation IP TCP group 18 (3coresec.rules) 2525035 - ET 3CORESec Poor Reputation IP UDP group 18 (3coresec.rules) 2525036 - ET 3CORESec Poor Reputation IP TCP group 19 (3coresec.rules) 2525037 - ET 3CORESec Poor Reputation IP UDP group 19 (3coresec.rules) 2525038 - ET 3CORESec Poor Reputation IP TCP group 20 (3coresec.rules) 2525039 - ET 3CORESec Poor Reputation IP UDP group 20 (3coresec.rules) 2844260 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-03 1) (trojan.rules) 2844261 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-03 2) (trojan.rules) 2844262 - ETPRO TROJAN MSIL/Spy.Agent.CXE Variant CnC Activity (trojan.rules) 2844263 - ETPRO TROJAN Win32/TrojanDownloader.VB.QZK Variant CnC Activity (trojan.rules) 2844264 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules) 2844265 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules) 2844266 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules) 2844267 - ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) (scan.rules) 2844268 - ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-09-03 (current_events.rules) 2844269 - ETPRO CURRENT_EVENTS Successful DHL Phish 2020-09-03 (current_events.rules) 2844270 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-09-03 (current_events.rules) 2844271 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-09-03 (current_events.rules) 2844272 - ETPRO CURRENT_EVENTS Successful American Express Phish 2020-09-03 (current_events.rules) 2844273 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) 2020-09-03 (current_events.rules) 2844274 - ETPRO CURRENT_EVENTS Successful Generic Phish 2020-09-03 (current_events.rules) 2844275 - ETPRO TROJAN MassLogger Client Exfil via FTP M2 (trojan.rules) 2844276 - ETPRO TROJAN MeridianX Stealer Exfil Attempt (trojan.rules) 2844277 - ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) (trojan.rules) [///] Modified active rules: [///] 2002371 - ET WEB_SPECIFIC_APPS Miva Merchant Cross Site Scripting Attack (web_specific_apps.rules) 2002943 - ET POLICY python.urllib User Agent Web Crawl (policy.rules) 2003623 - ET POLICY Centralops.net Domain Dossier Utility Probe (policy.rules) 2004136 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user INSERT (web_specific_apps.rules) 2004137 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user DELETE (web_specific_apps.rules) 2004138 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user ASCII (web_specific_apps.rules) 2004139 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UPDATE (web_specific_apps.rules) 2004147 - ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- attachment.php UNION SELECT (web_specific_apps.rules) 2004164 - ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c SELECT (web_specific_apps.rules) 2004165 - ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c UNION SELECT (web_specific_apps.rules) 2004166 - ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c INSERT (web_specific_apps.rules) 2004167 - ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c DELETE (web_specific_apps.rules) 2004169 - ET WEB_SPECIFIC_APPS Minerva mod SQL Injection Attempt -- forum.php c UPDATE (web_specific_apps.rules) 2004253 - ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id SELECT (web_specific_apps.rules) 2004254 - ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UNION SELECT (web_specific_apps.rules) 2004255 - ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id INSERT (web_specific_apps.rules) 2004256 - ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id DELETE (web_specific_apps.rules) 2004257 - ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id ASCII (web_specific_apps.rules) 2004258 - ET WEB_SPECIFIC_APPS WSN Guest SQL Injection Attempt -- comments.php id UPDATE (web_specific_apps.rules) 2004461 - ET WEB_SPECIFIC_APPS DGNews SQL Injection Attempt -- news.php newsid UPDATE (web_specific_apps.rules) 2004549 - ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id DELETE (web_specific_apps.rules) 2004635 - ET WEB_SPECIFIC_APPS Comicsense SQL Injection Attempt -- index.php epi SELECT (web_specific_apps.rules) 2004647 - ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id SELECT (web_specific_apps.rules) 2004648 - ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id UNION SELECT (web_specific_apps.rules) 2004649 - ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id INSERT (web_specific_apps.rules) 2004650 - ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id DELETE (web_specific_apps.rules) 2004651 - ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id ASCII (web_specific_apps.rules) 2004652 - ET WEB_SPECIFIC_APPS W1L3D4 WEBmarket SQL Injection Attempt -- urunbak.asp id UPDATE (web_specific_apps.rules) 2004666 - ET WEB_SPECIFIC_APPS Jelsoft vBulletin SQL Injection Attempt -- inlinemod.php postids SELECT (web_specific_apps.rules) 2004683 - ET WEB_SPECIFIC_APPS DMXReady Site Engine Manager SQL Injection Attempt -- index.asp mid SELECT (web_specific_apps.rules) 2004714 - ET WEB_SPECIFIC_APPS Connectix Boards SQL Injection Attempt -- index.php p_skin DELETE (web_specific_apps.rules) 2005177 - ET WEB_SPECIFIC_APPS AJ Forum SQL Injection Attempt -- topic_title.php td_id UNION SELECT (web_specific_apps.rules) 2005187 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay UNION SELECT (web_specific_apps.rules) 2005188 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay INSERT (web_specific_apps.rules) 2005189 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay DELETE (web_specific_apps.rules) 2005190 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay ASCII (web_specific_apps.rules) 2005191 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay UPDATE (web_specific_apps.rules) 2005304 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft SELECT (web_specific_apps.rules) 2005305 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UNION SELECT (web_specific_apps.rules) 2005306 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft INSERT (web_specific_apps.rules) 2005307 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft DELETE (web_specific_apps.rules) 2005308 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft ASCII (web_specific_apps.rules) 2005309 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- mailer.w2b draft UPDATE (web_specific_apps.rules) 2005310 - ET WEB_SPECIFIC_APPS W2B Online Banking SQL Injection Attempt -- DocPay.w2b listDocPay SELECT (web_specific_apps.rules) 2005603 - ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id SELECT (web_specific_apps.rules) 2005604 - ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UNION SELECT (web_specific_apps.rules) 2005605 - ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id INSERT (web_specific_apps.rules) 2005606 - ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id DELETE (web_specific_apps.rules) 2005607 - ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id ASCII (web_specific_apps.rules) 2005608 - ET WEB_SPECIFIC_APPS MiNT Haber Sistemi SQL Injection Attempt -- duyuru.asp id UPDATE (web_specific_apps.rules) 2005778 - ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName SELECT (web_specific_apps.rules) 2005779 - ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName UNION SELECT (web_specific_apps.rules) 2005780 - ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName INSERT (web_specific_apps.rules) 2005781 - ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName DELETE (web_specific_apps.rules) 2005782 - ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName ASCII (web_specific_apps.rules) 2005783 - ET WEB_SPECIFIC_APPS Motionborg Web Real Estate SQL Injection Attempt -- admin_check_user.asp txtUserName UPDATE (web_specific_apps.rules) 2005855 - ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start INSERT (web_specific_apps.rules) 2005949 - ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key SELECT (web_specific_apps.rules) 2005950 - ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UNION SELECT (web_specific_apps.rules) 2005951 - ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key INSERT (web_specific_apps.rules) 2005952 - ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key DELETE (web_specific_apps.rules) 2005953 - ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key ASCII (web_specific_apps.rules) 2005954 - ET WEB_SPECIFIC_APPS Website Designs For Less Click N Print Coupons SQL Injection Attempt -- coupon_detail.asp key UPDATE (web_specific_apps.rules) 2005955 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num SELECT (web_specific_apps.rules) 2005956 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num UNION SELECT (web_specific_apps.rules) 2005957 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num INSERT (web_specific_apps.rules) 2005958 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num DELETE (web_specific_apps.rules) 2005959 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num ASCII (web_specific_apps.rules) 2005960 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- phonemessage.asp num UPDATE (web_specific_apps.rules) 2005961 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode SELECT (web_specific_apps.rules) 2005962 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode UNION SELECT (web_specific_apps.rules) 2005963 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode INSERT (web_specific_apps.rules) 2005964 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode DELETE (web_specific_apps.rules) 2005965 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode ASCII (web_specific_apps.rules) 2005966 - ET WEB_SPECIFIC_APPS While You Were Out (WYWO) InOut Board SQL Injection Attempt -- faqDsp.asp catcode UPDATE (web_specific_apps.rules) 2006083 - ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- set_preferences.asp INSERT (web_specific_apps.rules) 2006093 - ET WEB_SPECIFIC_APPS DMXReady Secure Login Manager SQL Injection Attempt -- list.asp SELECT (web_specific_apps.rules) 2006138 - ET WEB_SPECIFIC_APPS Enthrallweb eMates SQL Injection Attempt -- newsdetail.asp ID DELETE (web_specific_apps.rules) 2006158 - ET WEB_SPECIFIC_APPS Enthrallweb ePages SQL Injection Attempt -- actualpic.asp Biz_ID UPDATE (web_specific_apps.rules) 2006345 - ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa SELECT (web_specific_apps.rules) 2006346 - ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa UNION SELECT (web_specific_apps.rules) 2006348 - ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa DELETE (web_specific_apps.rules) 2006349 - ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa ASCII (web_specific_apps.rules) 2006350 - ET WEB_SPECIFIC_APPS Messageriescripthp SQL Injection Attempt -- lire-avis.php aa UPDATE (web_specific_apps.rules) 2006351 - ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa SELECT (web_specific_apps.rules) 2006352 - ET WEB_SPECIFIC_APPS ProNews SQL Injection Attempt -- lire-avis.php aa UNION SELECT (web_specific_apps.rules) 2006455 - ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page SELECT (web_specific_apps.rules) 2006456 - ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UNION SELECT (web_specific_apps.rules) 2006457 - ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page INSERT (web_specific_apps.rules) 2006458 - ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page DELETE (web_specific_apps.rules) 2006459 - ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page ASCII (web_specific_apps.rules) 2006460 - ET WEB_SPECIFIC_APPS WSPortal SQL Injection Attempt -- content.php page UPDATE (web_specific_apps.rules) 2006494 - ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- login.php login_username INSERT (web_specific_apps.rules) 2006501 - ET WEB_SPECIFIC_APPS Jasmine CMS SQL Injection Attempt -- news.php item DELETE (web_specific_apps.rules) 2006795 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi SELECT (web_specific_apps.rules) 2006796 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi UNION SELECT (web_specific_apps.rules) 2006797 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi INSERT (web_specific_apps.rules) 2006798 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi DELETE (web_specific_apps.rules) 2006799 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi ASCII (web_specific_apps.rules) 2006800 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp kullanici_ismi UPDATE (web_specific_apps.rules) 2006801 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre SELECT (web_specific_apps.rules) 2006802 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre UNION SELECT (web_specific_apps.rules) 2006803 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre INSERT (web_specific_apps.rules) 2006804 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre DELETE (web_specific_apps.rules) 2006805 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre ASCII (web_specific_apps.rules) 2006806 - ET WEB_SPECIFIC_APPS Metyus Okul Yonetim Sistemi SQL Injection Attempt -- uye_giris_islem.asp sifre UPDATE (web_specific_apps.rules) 2006826 - ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp ak UNION SELECT (web_specific_apps.rules) 2006851 - ET WEB_SPECIFIC_APPS ASPMForum SQL Injection Attempt -- kullanicilistesi.asp harf INSERT (web_specific_apps.rules) 2006978 - ET WEB_SPECIFIC_APPS Wallpaper Complete Website SQL Injection Attempt -- process.php login DELETE (web_specific_apps.rules) 2007006 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant SELECT (web_specific_apps.rules) 2007007 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant UNION SELECT (web_specific_apps.rules) 2007008 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant INSERT (web_specific_apps.rules) 2007009 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant DELETE (web_specific_apps.rules) 2007010 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant ASCII (web_specific_apps.rules) 2007011 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_show.asp id2006quant UPDATE (web_specific_apps.rules) 2007012 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup SELECT (web_specific_apps.rules) 2007013 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup UNION SELECT (web_specific_apps.rules) 2007014 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup INSERT (web_specific_apps.rules) 2007015 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup DELETE (web_specific_apps.rules) 2007016 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup ASCII (web_specific_apps.rules) 2007017 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp maingroup UPDATE (web_specific_apps.rules) 2007018 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup SELECT (web_specific_apps.rules) 2007019 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup UNION SELECT (web_specific_apps.rules) 2007020 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup INSERT (web_specific_apps.rules) 2007021 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup DELETE (web_specific_apps.rules) 2007022 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup ASCII (web_specific_apps.rules) 2007023 - ET WEB_SPECIFIC_APPS MidiCart ASP Shopping Cart and ASP Plus Shopping Cart SQL Injection Attempt -- item_list.asp secondgroup UPDATE (web_specific_apps.rules) 2008569 - ET POLICY External Unencrypted Connection to Ossec WUI (policy.rules) 2008838 - ET WEB_SPECIFIC_APPS DeltaScripts PHP Classifieds siteid parameter Remote SQL Injection (web_specific_apps.rules) 2008938 - ET WEB_SPECIFIC_APPS Multi SEO phpBB pfad parameter local file inclusion (web_specific_apps.rules) 2008994 - ET WEB_SPECIFIC_APPS Multiple Membership Script id parameter SQL injection (web_specific_apps.rules) 2009058 - ET WEB_SPECIFIC_APPS WSN Guest search.php search parameter SQL Injection (web_specific_apps.rules) 2009430 - ET WEB_SPECIFIC_APPS Mole viewsource.php fname Parameter Local File Inclusion (web_specific_apps.rules) 2009437 - ET WEB_SPECIFIC_APPS Mole viewsource.php dirn Parameter Local File Inclusion (web_specific_apps.rules) 2009838 - ET WEB_SPECIFIC_APPS WB News search.php config Parameter Remote File Inclusion (web_specific_apps.rules) 2009839 - ET WEB_SPECIFIC_APPS WB News archive.php config Parameter Remote File Inclusion -1 (web_specific_apps.rules) 2009840 - ET WEB_SPECIFIC_APPS WB News Archive.php config Parameter Remote File Inclusion -2 (web_specific_apps.rules) 2009841 - ET WEB_SPECIFIC_APPS WB News comments.php config Parameter Remote File Inclusion -1 (web_specific_apps.rules) 2009842 - ET WEB_SPECIFIC_APPS WB News Comments.php config Parameter Remote File Inclusion -2 (web_specific_apps.rules) 2009843 - ET WEB_SPECIFIC_APPS WB News news.php config Parameter Remote File Inclusion -1 (web_specific_apps.rules) 2009844 - ET WEB_SPECIFIC_APPS WB News News.php config Parameter Remote File Inclusion -2 (web_specific_apps.rules) 2009845 - ET WEB_SPECIFIC_APPS WB News SendFriend.php config Parameter Remote File Inclusion (web_specific_apps.rules) 2010862 - ET WEB_SPECIFIC_APPS Possible APC Network Management Card Cross Site Scripting Attempt (web_specific_apps.rules) 2011669 - ET EXPLOIT Linksys WAP54G debug.cgi Shell Access as Gemtek (exploit.rules) 2011794 - ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2011828 - ET WEB_SPECIFIC_APPS 724CMS section.php Module Parameter Local File inclusion Attempt (web_specific_apps.rules) 2011829 - ET WEB_SPECIFIC_APPS MyOWNspace getfeed.php file Parameter Local File Inclusion Attempt(1) (web_specific_apps.rules) 2011830 - ET WEB_SPECIFIC_APPS MyOWNspace getfeed.php file Parameter Local File Inclusion Attempt(2) (web_specific_apps.rules) 2011831 - ET WEB_SPECIFIC_APPS CMS Board site_path Parameter Remote File Inclusion Attempt (web_specific_apps.rules) 2011832 - ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2011833 - ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2011834 - ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter UNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2011835 - ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter UPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2011836 - ET WEB_SPECIFIC_APPS OvBB admincp.php smilieid Parameter INSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2011837 - ET WEB_SPECIFIC_APPS A6MamboHelpDesk Admin.a6mambohelpdesk.php Remote File inclusion Attempt (web_specific_apps.rules) 2011838 - ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2011840 - ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter UNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2011841 - ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter UPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2011842 - ET WEB_SPECIFIC_APPS PHP-Fusion mguser fotoalbum album_id Parameter INSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2011843 - ET WEB_SPECIFIC_APPS BaconMap updatelist.php filepath Local File Inclusion Attempt (web_specific_apps.rules) 2011844 - ET WEB_SPECIFIC_APPS Joomla com_rwcards mosConfig_absolute_path Remote File Inclusion Attempt (web_specific_apps.rules) 2011845 - ET WEB_SPECIFIC_APPS Lantern CMS intPassedLocationID Parameter Cross Site Scripting Attempt (web_specific_apps.rules) 2011846 - ET WEB_SPECIFIC_APPS OrangeHRM uri Parameter Local File Inclusion Attempt (web_specific_apps.rules) 2011847 - ET WEB_SPECIFIC_APPS Joomla com_jomestate Parameter Remote File Inclusion Attempt (web_specific_apps.rules) 2011852 - ET WEB_SPECIFIC_APPS W-Agora search.php bn Parameter Cross Site Scripting Attempt (web_specific_apps.rules) 2011880 - ET WEB_SPECIFIC_APPS phpBazar picturelib.php Remote File inclusion Attempt (web_specific_apps.rules) 2011884 - ET WEB_SPECIFIC_APPS iGaming CMS loadplugin.php load Parameter Local File inclusion Attempt (web_specific_apps.rules) 2011914 - ET SCAN DirBuster Scan in Progress (scan.rules) 2011928 - ET WEB_SPECIFIC_APPS TFTgallery adminlangfile Parameter Local File inclusion Attempt (web_specific_apps.rules) 2011930 - ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2011931 - ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php DELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2011932 - ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php UNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2011933 - ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php INSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2011934 - ET WEB_SPECIFIC_APPS Interactive Web Solutions site_info.php UPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2011936 - ET WEB_SPECIFIC_APPS Dolphin BxDolGzip.php file Disclosure Attempt (web_specific_apps.rules) 2011942 - ET WEB_SPECIFIC_APPS WordPress Vodpod Video Gallery Plugin gid Cross-Site Scripting Attempt (web_specific_apps.rules) 2011943 - ET WEB_SPECIFIC_APPS GeekLog filemgt SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2011944 - ET WEB_SPECIFIC_APPS GeekLog filemgt DELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2011945 - ET WEB_SPECIFIC_APPS GeekLog filemgt UNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2011946 - ET WEB_SPECIFIC_APPS GeekLog filemgt INSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2011947 - ET WEB_SPECIFIC_APPS GeekLog filemgt UPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2011948 - ET WEB_SPECIFIC_APPS AWCM window_top.php Remote File Inclusion Attempt (web_specific_apps.rules) 2011949 - ET WEB_SPECIFIC_APPS AWCM common.php Remote File Inclusion Attempt (web_specific_apps.rules) 2011950 - ET WEB_SPECIFIC_APPS AWCM header.php Remote File Inclusion Attempt (web_specific_apps.rules) 2011974 - ET SCAN Metasploit WMAP GET len 0 and type (scan.rules) 2011987 - ET WEB_SPECIFIC_APPS Softbiz Article Directory Script sbiz_id Parameter Blind SQL Injection Attempt (web_specific_apps.rules) 2012001 - ET WEB_SPECIFIC_APPS digiSHOP cart.php SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2012002 - ET WEB_SPECIFIC_APPS digiSHOP cart.php DELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2012003 - ET WEB_SPECIFIC_APPS digiSHOP cart.php UNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2012004 - ET WEB_SPECIFIC_APPS digiSHOP cart.php INSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2012005 - ET WEB_SPECIFIC_APPS digiSHOP cart.php UPDATE SET SQL Injection Attempt (web_specific_apps.rules) 2012006 - ET WEB_SPECIFIC_APPS MassMirror Uploader example_1.php Remote File Inclusion attempt (web_specific_apps.rules) 2012007 - ET WEB_SPECIFIC_APPS phpCow skin_file Parameter Remote File Inclusion Attempt (web_specific_apps.rules) 2012008 - ET WEB_SPECIFIC_APPS phpCow skin_file Parameter Local File Inclusion Attempt (web_specific_apps.rules) 2012009 - ET WEB_SPECIFIC_APPS WordPress FeedList Plugin i Parameter Cross Site Scripting Attempt (web_specific_apps.rules) 2012010 - ET WEB_SPECIFIC_APPS Zen Cart loader_file Parameter Local File Inclusion Attempt (web_specific_apps.rules) 2012011 - ET WEB_SPECIFIC_APPS Horde IMP fetchmailprefs.php Cross Site Scripting Attempt (web_specific_apps.rules) 2012012 - ET WEB_SPECIFIC_APPS The Uploader download_launch.php Remote File Disclosure Attempt (web_specific_apps.rules) 2012013 - ET WEB_SPECIFIC_APPS Mambo Component com_smf smf.php Remote File Inclusion Attempt (web_specific_apps.rules) 2012014 - ET WEB_SPECIFIC_APPS Joomla Jimtawl Component task Parameter Local File Inclusion Attempt (web_specific_apps.rules) 2012015 - ET WEB_SPECIFIC_APPS WebRCSdiff viewver.php File Inclusion Attempt (web_specific_apps.rules) 2012016 - ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter SELECT FROM SQL Injection Attempt (web_specific_apps.rules) 2012017 - ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter DELETE FROM SQL Injection Attempt (web_specific_apps.rules) 2012018 - ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter UNION SELECT SQL Injection Attempt (web_specific_apps.rules) 2012019 - ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter INSERT INTO SQL Injection Attempt (web_specific_apps.rules) 2015848 - ET INFO Imposter USPS Domain (info.rules) 2016580 - ET INFO Java Request to DynDNS Pro Dynamic DNS Domain (info.rules) 2027971 - ET EXPLOIT HiSilicon DVR - Application Credential Disclosure (CVE-2018-9995) (exploit.rules) 2027972 - ET EXPLOIT HiSilicon DVR - Buffer Overflow in Builtin Web Server (exploit.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP TCP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP UDP group 1 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP TCP group 2 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP UDP group 2 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP TCP group 3 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP UDP group 3 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP TCP group 4 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP UDP group 4 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP TCP group 5 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP UDP group 5 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP TCP group 6 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP UDP group 6 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP TCP group 7 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP UDP group 7 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP TCP group 8 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP UDP group 8 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP TCP group 9 (3coresec.rules) 2525017 - ET 3CORESec Poor Reputation IP UDP group 9 (3coresec.rules) 2525018 - ET 3CORESec Poor Reputation IP TCP group 10 (3coresec.rules) 2525019 - ET 3CORESec Poor Reputation IP UDP group 10 (3coresec.rules) 2525020 - ET 3CORESec Poor Reputation IP TCP group 11 (3coresec.rules) 2525021 - ET 3CORESec Poor Reputation IP UDP group 11 (3coresec.rules) 2525022 - ET 3CORESec Poor Reputation IP TCP group 12 (3coresec.rules) 2525023 - ET 3CORESec Poor Reputation IP UDP group 12 (3coresec.rules) 2525024 - ET 3CORESec Poor Reputation IP TCP group 13 (3coresec.rules) 2525025 - ET 3CORESec Poor Reputation IP UDP group 13 (3coresec.rules) 2525026 - ET 3CORESec Poor Reputation IP TCP group 14 (3coresec.rules) 2525027 - ET 3CORESec Poor Reputation IP UDP group 14 (3coresec.rules) 2525028 - ET 3CORESec Poor Reputation IP TCP group 15 (3coresec.rules) 2525029 - ET 3CORESec Poor Reputation IP UDP group 15 (3coresec.rules) 2525030 - ET 3CORESec Poor Reputation IP TCP group 16 (3coresec.rules) 2525031 - ET 3CORESec Poor Reputation IP UDP group 16 (3coresec.rules) 2525032 - ET 3CORESec Poor Reputation IP TCP group 17 (3coresec.rules) 2525033 - ET 3CORESec Poor Reputation IP UDP group 17 (3coresec.rules) 2800852 - ETPRO WEB_SPECIFIC_APPS IBM Tivoli Access Manager for e-business Multiple Cross Site Scripting URI ivtserver Param 1 (web_specific_apps.rules) 2800853 - ETPRO WEB_SPECIFIC_APPS IBM Tivoli Access Manager 6.1 for e-business Multiple Cross Site Scripting URI ibm wpm (web_specific_apps.rules) 2800916 - ETPRO SCADA SCADA NetBiter webScada Directory Transversal (scada.rules) 2800917 - ETPRO SCADA SCADA NetBiter webScada User Information Disclosure (scada.rules) 2800923 - ETPRO WEB_SPECIFIC_APPS Joomla JE Ajax Event Calendar Component SELECT FROM SQL Injection (web_specific_apps.rules) 2800924 - ETPRO WEB_SPECIFIC_APPS Joomla JE Ajax Event Calendar Component DELETE FROM SQL Injection (web_specific_apps.rules) 2800925 - ETPRO WEB_SPECIFIC_APPS Joomla JE Ajax Event Calendar Component INSERT INTO SQL Injection (web_specific_apps.rules) 2800926 - ETPRO WEB_SPECIFIC_APPS Joomla JE Ajax Event Calendar Component UNION SELECT SQL Injection (web_specific_apps.rules) 2800927 - ETPRO WEB_SPECIFIC_APPS Joomla JE Ajax Event Calendar Component UPDATE SET SQL Injection (web_specific_apps.rules) 2838353 - ETPRO TROJAN Win32/Unk.BR Stealer CnC Checkin (trojan.rules) 2838354 - ETPRO TROJAN Win32/InfinityLock/Crypt Ransomware CnC Checkin (trojan.rules) 2839119 - ETPRO TROJAN Win32/Spy.Socelars.S CnC Activity M1 (trojan.rules) 2842870 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-06-04 (current_events.rules) 2843723 - ETPRO TROJAN MassLogger Client Exfil via FTP M1 (trojan.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 35 -> Added to ciarmy.rules (1): # Version 59532 -> Added to sid-msg.map (37): 2030830 || ET EXPLOIT Apache2 Memory Corruption Inbound (CVE-2020-9490) || cve,2020-9490 || url,bugs.chromium.org/p/project-zero/issues/detail?id=2030&q=apache&can=1 2520144 || ET TOR Known Tor Exit Node TCP Traffic group 145 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520145 || ET TOR Known Tor Exit Node TCP Traffic group 146 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520146 || ET TOR Known Tor Exit Node TCP Traffic group 147 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520147 || ET TOR Known Tor Exit Node TCP Traffic group 148 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522832 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 833 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522833 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 834 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522834 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 835 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522835 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 836 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522836 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 837 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522837 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 838 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522838 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 839 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2525034 || ET 3CORESec Poor Reputation IP TCP group 18 || url,blacklist.3coresec.net/lists/et-open.txt 2525035 || ET 3CORESec Poor Reputation IP UDP group 18 || url,blacklist.3coresec.net/lists/et-open.txt 2525036 || ET 3CORESec Poor Reputation IP TCP group 19 || url,blacklist.3coresec.net/lists/et-open.txt 2525037 || ET 3CORESec Poor Reputation IP UDP group 19 || url,blacklist.3coresec.net/lists/et-open.txt 2525038 || ET 3CORESec Poor Reputation IP TCP group 20 || url,blacklist.3coresec.net/lists/et-open.txt 2525039 || ET 3CORESec Poor Reputation IP UDP group 20 || url,blacklist.3coresec.net/lists/et-open.txt 2843723 || ETPRO TROJAN MassLogger Client Exfil via FTP M1 || md5,c4c505b16156f1e25351183c5563a06d 2844260 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-03 1) || md5,4e02ba0c0e8b4ccefc3df5b576ddaf24 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2844261 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-03 2) || md5,c412cba5fd36ba2ca8a6b92bf69b8dd9 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2844262 || ETPRO TROJAN MSIL/Spy.Agent.CXE Variant CnC Activity || md5,0cf50d9509d8ede3565d5a543e7ce764 2844263 || ETPRO TROJAN Win32/TrojanDownloader.VB.QZK Variant CnC Activity || md5,d8737bcd63e82425c05e91becbaf5836 2844264 || ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) 2844265 || ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) 2844266 || ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) 2844267 || ETPRO SCAN ELF/Mirai User-Agent Observed (Inbound) 2844268 || ETPRO CURRENT_EVENTS Successful ABSA Phish 2020-09-03 2844269 || ETPRO CURRENT_EVENTS Successful DHL Phish 2020-09-03 2844270 || ETPRO CURRENT_EVENTS Successful American Express Phish 2020-09-03 2844271 || ETPRO CURRENT_EVENTS Successful American Express Phish 2020-09-03 2844272 || ETPRO CURRENT_EVENTS Successful American Express Phish 2020-09-03 2844273 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) 2020-09-03 2844274 || ETPRO CURRENT_EVENTS Successful Generic Phish 2020-09-03 2844275 || ETPRO TROJAN MassLogger Client Exfil via FTP M2 || md5,877c82dd43607ea589f56eb39804020e 2844276 || ETPRO TROJAN MeridianX Stealer Exfil Attempt || md5,383b8a30354274b31e981eca5d7efc12 2844277 || ETPRO TROJAN Observed Malicious SSL Cert (AZORult CnC) || md5,f6995415f16d67b2d59caebb595e6944 [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 34 -> Removed from ciarmy.rules (1): # Version 59508 -> Removed from sid-msg.map (1): 2843723 || ETPRO TROJAN MassLogger Client Exfil FTP || md5,c4c505b16156f1e25351183c5563a06d