*********************** snort-2.9.0-enhanced open-nogpl *********************** [***] Results from Oinkmaster started Tue Sep 15 18:32:13 2020 [***] [+++] Added rules: [+++] 2030880 - ET USER_AGENTS Suspicious User-Agent (Installed OK) (emerging-user_agents.rules) 2030881 - ET TROJAN Observed MageCart CnC Domain (mcdnn .me in TLS SNI) (emerging-trojan.rules) 2030882 - ET TROJAN Observed MageCart CnC Domain (mcdnn .net in TLS SNI) (emerging-trojan.rules) 2030883 - ET TROJAN Observed Magecart Exfil Domain (imags .pw in TLS SNI) (emerging-trojan.rules) 2030884 - ET TROJAN MageCart JS Retrieval (emerging-trojan.rules) 2030885 - ET TROJAN MageCart Exfil URI (emerging-trojan.rules) [///] Modified active rules: [///] 2007767 - ET USER_AGENTS Win32/Feebs.kw Worm User-Agent Detected (emerging-user_agents.rules) 2007826 - ET TROJAN Suspicious User-Agent (API-Guide test program) Used by Several trojans (emerging-trojan.rules) 2008152 - ET TROJAN Win32/FakeXPA Checkin URL (emerging-trojan.rules) 2008603 - ET USER_AGENTS Suspicious User-Agent Detected (RLMultySocket) (emerging-user_agents.rules) 2011374 - ET POLICY HTTP Request to a *.co.cc domain (emerging-policy.rules) 2011410 - ET DNS DNS Query for Suspicious .cz.cc Domain (emerging-dns.rules) 2011719 - ET POLICY Win32/Sogou User-Agent (SOGOU_UPDATER) (emerging-policy.rules) 2011912 - ET TROJAN Possible Fake AV Checkin (emerging-trojan.rules) 2012522 - ET POLICY DNS Query For XXX Adult Site Top Level Domain (emerging-policy.rules) 2012619 - ET USER_AGENTS Suspicious User-Agent Mozilla/3.0 (emerging-user_agents.rules) 2012627 - ET TROJAN FakeAV Check-in purporting to be MSIE with invalid terse HTTP headers (emerging-trojan.rules) 2012645 - ET TROJAN GET to Google with specific HTTP lib likely Cycbot/Bifrose/Kryptic checking Internet connection (emerging-trojan.rules) 2012694 - ET POLICY request to .xxx TLD (emerging-policy.rules) 2012729 - ET TROJAN Known Hostile Domain .ntkrnlpa.info Lookup (emerging-trojan.rules) 2012738 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8866.org (emerging-info.rules) 2012810 - ET POLICY HTTP Request to a *.tk domain (emerging-policy.rules) 2012827 - ET POLICY HTTP Request to a *.vv.cc domain (emerging-policy.rules) 2012939 - ET TROJAN Kazy/Kryptor/Cycbot Trojan Checkin (emerging-trojan.rules) 2012956 - ET DNS DNS Query for a Suspicious *.co.tv domain (emerging-dns.rules) 2013172 - ET DNS DNS Query for a Suspicious *.cu.cc domain (emerging-dns.rules) 2013213 - ET INFO DYNAMIC_DNS HTTP Request to a 3322.net Domain *.3322.org (emerging-info.rules) 2013508 - ET USER_AGENTS Downloader User-Agent HTTPGET (emerging-user_agents.rules) 2013535 - ET INFO HTTP Request to a *.tc domain (emerging-info.rules) 2013823 - ET INFO DYNAMIC_DNS Query to a Suspicious *.myftp.biz Domain (emerging-info.rules) 2014002 - ET TROJAN Fake Variation of Mozilla 4.0 - Likely Trojan (emerging-trojan.rules) 2014037 - ET INFO HTTP Request to a *.osa.pl domain (emerging-info.rules) 2014234 - ET TROJAN Fareit/Pony Downloader Checkin 3 (emerging-trojan.rules) 2014478 - ET INFO DYNAMIC_DNS Query to a *.3d-game.com Domain (emerging-info.rules) 2014484 - ET INFO DYNAMIC_DNS Query to a *.bbsindex.com Domain (emerging-info.rules) 2014511 - ET INFO DYNAMIC_DNS HTTP Request to a *.suroot.com Domain (emerging-info.rules) 2014784 - ET INFO DYNAMIC_DNS Query to 3322.net Domain *.8800.org (emerging-info.rules) 2014799 - ET POLICY OpenVPN Update Check (emerging-policy.rules) 2015460 - ET TROJAN Win32/Pift DNS TXT CnC Lookup ppift.net (emerging-trojan.rules) 2015576 - ET POLICY DNS Query to .onion proxy Domain (tor2web) (emerging-policy.rules) 2015633 - ET INFO DYNAMIC_DNS Query to Abused Domain *.mooo.com (emerging-info.rules) 2015634 - ET INFO DYNAMIC_DNS HTTP Request to Abused Domain *.mooo.com (emerging-info.rules) 2016300 - ET TROJAN Simda.C Checkin (emerging-trojan.rules) 2016550 - ET TROJAN Win32/Fareit Checkin 2 (emerging-trojan.rules) 2016553 - ET TROJAN Win32/Urausy.C Checkin (emerging-trojan.rules) 2016748 - ET TROJAN RansomCrypt Intial Check-in (emerging-trojan.rules) 2016871 - ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4. (emerging-policy.rules) 2016950 - ET TROJAN Possible Win32/Hupigon ip.txt with a Non-Mozilla UA (emerging-trojan.rules) 2016967 - ET TROJAN W32/Symmi Remote File Injector Initial CnC Beacon (emerging-trojan.rules) 2017645 - ET INFO DNS Query Domain .bit (emerging-info.rules) 2017926 - ET POLICY External IP Lookup / Tor Checker Domain (check.torproject .org in DNS lookup) (emerging-policy.rules) 2018046 - ET TROJAN Jadtree Downloader rar (emerging-trojan.rules) 2018213 - ET INFO HTTP Connection To DDNS Domain Myvnc.com (emerging-info.rules) 2018216 - ET INFO HTTP Connection To DDNS Domain Hopto.org (emerging-info.rules) 2018219 - ET INFO DYNAMIC_DNS HTTP Request to a *.sytes.net Domain (emerging-info.rules) 2018231 - ET INFO SUSPICIOUS .scr file download (emerging-info.rules) 2018395 - ET TROJAN Possible Kelihos.F EXE Download Common Structure 2 (emerging-trojan.rules) 2018518 - ET TROJAN Trojan.Win32.VBKrypt.cugq/Umbra Checkin (emerging-trojan.rules) 2018644 - ET TROJAN Win32/Zemot Checkin (emerging-trojan.rules) 2018752 - ET TROJAN Generic .bin download from Dotted Quad (emerging-trojan.rules) 2018918 - ET POLICY possible Xiaomi phone data leakage DNS (emerging-policy.rules) 2019694 - ET TROJAN Ponmocup Post Infection DNS Lookup intohave (emerging-trojan.rules) 2019695 - ET TROJAN Ponmocup Post Infection DNS Lookup fasternation (emerging-trojan.rules) 2019755 - ET TROJAN Bamital Headers - Likely CnC Beacon (emerging-trojan.rules) 2019759 - ET TROJAN Win32/Zemot Requesting PE (emerging-trojan.rules) 2019891 - ET TROJAN W32/Dridex POST CnC Beacon (emerging-trojan.rules) 2020065 - ET TROJAN DNS query for known Anunak APT Domain (ddnservice11.ru) (emerging-trojan.rules) 2020116 - ET POLICY DNS Query to .onion proxy Domain (onion.to) (emerging-policy.rules) 2020565 - ET POLICY Dropbox DNS Lookup - Possible Offsite File Backup in Use (emerging-policy.rules) 2020716 - ET POLICY Possible External IP Lookup ipinfo.io (emerging-policy.rules) 2020844 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (7hwr34n18.com) (emerging-trojan.rules) 2020869 - ET TROJAN Win32/Teslacrypt Ransomware .onion domain (wh47f2as19.com) (emerging-trojan.rules) 2021062 - ET WEB_SPECIFIC_APPS WP Jetpack/Twentyfifteen Possible XSS Request (emerging-web_specific_apps.rules) 2021528 - ET TROJAN KINS/ZeusVM Variant Retrieving Config (emerging-trojan.rules) 2021600 - ET POLICY External IP Lookup - www.ip.cn (emerging-policy.rules) 2021995 - ET TROJAN Win32/Necurs Common POST Header Structure (emerging-trojan.rules) 2022045 - ET POLICY DNS Query to .onion proxy Domain (forkinvestpay.com) (emerging-policy.rules) 2022225 - ET TROJAN Vawtrak HTTP CnC Beacon (emerging-trojan.rules) 2022280 - ET TROJAN Win32/Nivdort Posting Data 1 (emerging-trojan.rules) 2022351 - ET POLICY External IP Lookup - ipecho.net (emerging-policy.rules) 2022452 - ET TROJAN Scarlet Mimic DNS Lookup 42 (emerging-trojan.rules) 2022482 - ET TROJAN JS/Nemucod requesting EXE payload 2016-02-01 (emerging-trojan.rules) 2022504 - ET TROJAN Alphacrypt/TeslaCrypt Ransomware CnC Beacon (emerging-trojan.rules) 2022622 - ET CURRENT_EVENTS Likely Evil Macro EXE DL mar 15 2016 (emerging-current_events.rules) 2022769 - ET TROJAN Ransomware Locky CnC Beacon 2 (emerging-trojan.rules) 2023472 - ET POLICY External IP Lookup Domain (myip.opendns .com in DNS lookup) (emerging-policy.rules) 2023516 - ET POLICY Android Adups Firmware DNS Query 2 (emerging-policy.rules) 2023517 - ET POLICY Android Adups Firmware DNS Query 3 (emerging-policy.rules) 2023518 - ET POLICY Android Adups Firmware DNS Query 4 (emerging-policy.rules) 2023883 - ET DNS Query to a *.top domain - Likely Hostile (emerging-dns.rules) 2024235 - ET INFO DNS Query to Free Hosting Domain (freevnn . com) (emerging-info.rules) 2024265 - ET WEB_SERVER Jorgee Scan (emerging-web_server.rules) 2024527 - ET POLICY External IP Lookup Domain (ipapi .co in DNS lookup) (emerging-policy.rules) 2024828 - ET CURRENT_EVENTS Observed DNS Query to Browser Coinminer (crypto-loot[.]com) (emerging-current_events.rules) 2024831 - ET POLICY Observed IP Lookup Domain (l2 .io in DNS Lookup) (emerging-policy.rules) 2025072 - ET TROJAN Patchwork DNS Tunneling (nsn1.winodwsupdates .me) (emerging-trojan.rules) 2025073 - ET TROJAN Patchwork Domain (randreports .org in DNS Lookup) (emerging-trojan.rules) 2025078 - ET TROJAN Mirai Variant Domain (bigboatreps .pw in DNS Lookup) (emerging-trojan.rules) 2025079 - ET TROJAN Mirai Variant Domain (blacklister .nl in DNS Lookup) (emerging-trojan.rules) 2025081 - ET TROJAN Patchwork Domain (rannd .org in DNS Lookup) (emerging-trojan.rules) 2025092 - ET MALWARE Suspicious User-Agent (GeneralDownloadApplication) (emerging-malware.rules) 2025095 - ET POLICY .onion proxy Domain (onion .plus in DNS Lookup) (emerging-policy.rules) 2025096 - ET POLICY DNS Query to .onion proxy Domain (onion .casa in DNS Lookup) (emerging-policy.rules) 2029404 - ET TROJAN Win32/AZORult V3.3 Client Checkin M1 (emerging-trojan.rules) 2029405 - ET TROJAN Win32/AZORult V3.3 Client Checkin M2 (emerging-trojan.rules) 2029406 - ET TROJAN Win32/AZORult V3.3 Client Checkin M3 (emerging-trojan.rules) 2029439 - ET TROJAN Win32/AZORult V3.3 Client Checkin M4 (emerging-trojan.rules) 2029440 - ET TROJAN Win32/AZORult V3.3 Client Checkin M5 (emerging-trojan.rules) 2029441 - ET TROJAN Win32/AZORult V3.3 Client Checkin M6 (emerging-trojan.rules) 2029445 - ET TROJAN Win32/AZORult V3.3 Client Checkin M7 (emerging-trojan.rules) 2029446 - ET TROJAN Win32/AZORult V3.3 Client Checkin M8 (emerging-trojan.rules) 2029447 - ET TROJAN Win32/AZORult V3.3 Client Checkin M9 (emerging-trojan.rules) 2029460 - ET TROJAN Win32/AZORult V3.3 Client Checkin M10 (emerging-trojan.rules) 2029461 - ET TROJAN Win32/AZORult V3.3 Client Checkin M11 (emerging-trojan.rules) 2029462 - ET TROJAN Win32/AZORult V3.3 Client Checkin M12 (emerging-trojan.rules) 2029466 - ET TROJAN Win32/AZORult V3.3 Client Checkin M13 (emerging-trojan.rules) 2029467 - ET TROJAN Win32/AZORult V3.3 Client Checkin M14 (emerging-trojan.rules) 2029468 - ET TROJAN Win32/AZORult V3.3 Client Checkin M15 (emerging-trojan.rules) 2029482 - ET TROJAN Win32/AZORult V3.3 Client Checkin M16 (emerging-trojan.rules) 2029483 - ET TROJAN Win32/AZORult V3.3 Client Checkin M17 (emerging-trojan.rules) 2029484 - ET TROJAN Win32/AZORult V3.3 Client Checkin M18 (emerging-trojan.rules) 2029488 - ET TROJAN Win32/AZORult V3.3 Client Checkin M19 (emerging-trojan.rules) 2029489 - ET TROJAN Win32/AZORult V3.3 Client Checkin M20 (emerging-trojan.rules) 2029490 - ET TROJAN Win32/AZORult V3.3 Client Checkin M21 (emerging-trojan.rules) 2030053 - ET TROJAN Win32/IcedID Requesting Encoded Binary M4 (emerging-trojan.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (emerging-ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (emerging-ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (emerging-ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (emerging-ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (emerging-ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (emerging-ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (emerging-ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (emerging-ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (emerging-ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (emerging-ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (emerging-ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (emerging-ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (emerging-ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (emerging-ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (emerging-ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (emerging-ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (emerging-ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (emerging-ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (emerging-ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (emerging-ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (emerging-ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (emerging-ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (emerging-ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (emerging-ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (emerging-ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (emerging-ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (emerging-ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (emerging-ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (emerging-ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (emerging-ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (emerging-ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (emerging-ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (emerging-ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (emerging-ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (emerging-ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (emerging-ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (emerging-ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (emerging-ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (emerging-ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (emerging-ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (emerging-ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (emerging-ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (emerging-ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (emerging-ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (emerging-ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (emerging-ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (emerging-ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (emerging-ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (emerging-ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (emerging-ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (emerging-ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (emerging-ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (emerging-ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (emerging-ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (emerging-ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (emerging-ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (emerging-ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (emerging-ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (emerging-ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (emerging-ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (emerging-ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (emerging-ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (emerging-ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (emerging-ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (emerging-ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (emerging-ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (emerging-ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (emerging-ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (emerging-ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (emerging-ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (emerging-ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (emerging-ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (emerging-ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (emerging-ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (emerging-ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (emerging-ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (emerging-ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (emerging-ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (emerging-ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (emerging-ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (emerging-ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (emerging-ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (emerging-ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (emerging-ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (emerging-ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (emerging-ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (emerging-ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (emerging-ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (emerging-ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (emerging-ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (emerging-ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (emerging-ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (emerging-ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (emerging-ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (emerging-ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (emerging-ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (emerging-ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (emerging-ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (emerging-ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (emerging-ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (emerging-ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (emerging-ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (emerging-ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (emerging-ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (emerging-ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (emerging-ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (emerging-ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (emerging-ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (emerging-ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (emerging-ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (emerging-ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (emerging-ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (emerging-ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (emerging-ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (emerging-ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (emerging-ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (emerging-ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (emerging-ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (emerging-ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (emerging-ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (emerging-ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (emerging-ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (emerging-ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (emerging-ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (emerging-ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (emerging-ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (emerging-ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (emerging-ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (emerging-ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (emerging-ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (emerging-ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (emerging-ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (emerging-ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (emerging-ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (emerging-ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (emerging-ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (emerging-ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (emerging-ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (emerging-ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (emerging-ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (emerging-ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (emerging-ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (emerging-ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (emerging-ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (emerging-ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (emerging-ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (emerging-ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (emerging-ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (emerging-ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (emerging-ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (emerging-ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (emerging-ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (emerging-ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (emerging-ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (emerging-ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (emerging-ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (emerging-ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (emerging-ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (emerging-ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (emerging-ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (emerging-ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (emerging-ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (emerging-ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (emerging-ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (emerging-ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (emerging-ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (emerging-ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (emerging-ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (emerging-ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (emerging-ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (emerging-ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (emerging-ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (emerging-ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (emerging-ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (emerging-ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (emerging-ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (emerging-ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (emerging-ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (emerging-ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (emerging-ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (emerging-ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (emerging-ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (emerging-ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (emerging-ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (emerging-ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (emerging-ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (emerging-ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (emerging-ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (emerging-ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (emerging-ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (emerging-ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (emerging-ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (emerging-ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (emerging-ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (emerging-ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (emerging-ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (emerging-ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (emerging-ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (emerging-ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (emerging-ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (emerging-botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (emerging-botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (emerging-botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (emerging-botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (emerging-botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (emerging-botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (emerging-botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (emerging-botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (emerging-botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (emerging-botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (emerging-botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (emerging-botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (emerging-botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (emerging-botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (emerging-botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (emerging-botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (emerging-botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (emerging-botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP TCP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP UDP group 1 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP TCP group 2 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP UDP group 2 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP TCP group 3 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP UDP group 3 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP TCP group 4 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP UDP group 4 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP TCP group 5 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP UDP group 5 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP TCP group 6 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP UDP group 6 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP TCP group 7 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP UDP group 7 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP TCP group 8 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP UDP group 8 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP TCP group 9 (3coresec.rules) 2525017 - ET 3CORESec Poor Reputation IP UDP group 9 (3coresec.rules) 2525018 - ET 3CORESec Poor Reputation IP TCP group 10 (3coresec.rules) 2525019 - ET 3CORESec Poor Reputation IP UDP group 10 (3coresec.rules) 2525020 - ET 3CORESec Poor Reputation IP TCP group 11 (3coresec.rules) 2525021 - ET 3CORESec Poor Reputation IP UDP group 11 (3coresec.rules) 2525022 - ET 3CORESec Poor Reputation IP TCP group 12 (3coresec.rules) 2525023 - ET 3CORESec Poor Reputation IP UDP group 12 (3coresec.rules) 2525024 - ET 3CORESec Poor Reputation IP TCP group 13 (3coresec.rules) 2525025 - ET 3CORESec Poor Reputation IP UDP group 13 (3coresec.rules) 2525026 - ET 3CORESec Poor Reputation IP TCP group 14 (3coresec.rules) 2525027 - ET 3CORESec Poor Reputation IP UDP group 14 (3coresec.rules) 2525028 - ET 3CORESec Poor Reputation IP TCP group 15 (3coresec.rules) 2525029 - ET 3CORESec Poor Reputation IP UDP group 15 (3coresec.rules) 2525030 - ET 3CORESec Poor Reputation IP TCP group 16 (3coresec.rules) 2525031 - ET 3CORESec Poor Reputation IP UDP group 16 (3coresec.rules) 2525032 - ET 3CORESec Poor Reputation IP TCP group 17 (3coresec.rules) 2525033 - ET 3CORESec Poor Reputation IP UDP group 17 (3coresec.rules) 2525034 - ET 3CORESec Poor Reputation IP TCP group 18 (3coresec.rules) 2525035 - ET 3CORESec Poor Reputation IP UDP group 18 (3coresec.rules) 2525036 - ET 3CORESec Poor Reputation IP TCP group 19 (3coresec.rules) 2525037 - ET 3CORESec Poor Reputation IP UDP group 19 (3coresec.rules) 2525038 - ET 3CORESec Poor Reputation IP TCP group 20 (3coresec.rules) 2525039 - ET 3CORESec Poor Reputation IP UDP group 20 (3coresec.rules) [///] Modified inactive rules: [///] 2008277 - ET TROJAN Win32/Kryptik.AR Variant Winifixer.com Related Checkin URL (emerging-trojan.rules) [---] Disabled and modified rules: [---] 2007768 - ET TROJAN Pakes Update Detected (emerging-trojan.rules) 2015547 - ET TROJAN Pakes2 - EXE Download Request (emerging-trojan.rules) [---] Disabled rules: [---] 2015523 - ET TROJAN Pakes2 - Checkin - /test.php (emerging-trojan.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 43 -> Added to emerging-ciarmy.rules (1): # Version 59820 -> Added to sid-msg.map (12): 2007767 || ET USER_AGENTS Win32/Feebs.kw Worm User-Agent Detected || url,doc.emergingthreats.net/2007767 2008152 || ET TROJAN Win32/FakeXPA Checkin URL || url,doc.emergingthreats.net/2008152 2008277 || ET TROJAN Win32/Kryptik.AR Variant Winifixer.com Related Checkin URL || url,doc.emergingthreats.net/2008277 2030880 || ET USER_AGENTS Suspicious User-Agent (Installed OK) || md5,16035440878ec6e93d82c2aeea508630 2030881 || ET TROJAN Observed MageCart CnC Domain (mcdnn .me in TLS SNI) || url,sansec.io/research/largest-magento-hack-to-date 2030882 || ET TROJAN Observed MageCart CnC Domain (mcdnn .net in TLS SNI) || url,sansec.io/research/largest-magento-hack-to-date 2030883 || ET TROJAN Observed Magecart Exfil Domain (imags .pw in TLS SNI) || url,sansec.io/research/largest-magento-hack-to-date 2030884 || ET TROJAN MageCart JS Retrieval || url,sansec.io/research/largest-magento-hack-to-date 2030885 || ET TROJAN MageCart Exfil URI || url,sansec.io/research/largest-magento-hack-to-date 2520177 || ET TOR Known Tor Exit Node TCP Traffic group 178 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520178 || ET TOR Known Tor Exit Node TCP Traffic group 179 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522837 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 838 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 42 -> Removed from emerging-ciarmy.rules (1): # Version 59796 -> Removed from sid-msg.map (3): 2007767 || ET USER_AGENTS Pakes User-Agent Detected || url,doc.emergingthreats.net/2007767 2008152 || ET TROJAN Pakes/Cutwail/Kobcka Checkin URL || url,doc.emergingthreats.net/2008152 2008277 || ET TROJAN Pakes Winifixer.com Related Checkin URL || url,doc.emergingthreats.net/2008277