*********************** snort-edge etpro *********************** [***] Results from Oinkmaster started Tue Sep 8 18:18:42 2020 [***] [+++] Added rules: [+++] 2030848 - ET TROJAN Win32/Spy.Agent.PZE Variant CnC Activity (trojan.rules) 2030849 - ET MOBILE_MALWARE Android Joker CnC Configuration Retrieval (mobile_malware.rules) 2844308 - ETPRO TROJAN Win32/Stealer.tnf CnC Exfil (trojan.rules) 2844309 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request (systeminfo.txt) (info.rules) 2844310 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request (systeminfo.txt) M2 (info.rules) 2844311 - ETPRO TROJAN Win64/Spy.Agent.CL CnC Activity (trojan.rules) 2844312 - ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-09-08) (trojan.rules) 2844313 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 (current_events.rules) 2844314 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 (current_events.rules) 2844315 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 (current_events.rules) 2844316 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 (current_events.rules) 2844317 - ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-09-08 (current_events.rules) 2844318 - ETPRO CURRENT_EVENTS Successful Huntington Phish 2020-09-08 (current_events.rules) 2844319 - ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2020-09-08 (current_events.rules) 2844320 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-05 1) (trojan.rules) 2844321 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-05 2) (trojan.rules) 2844322 - ETPRO TROJAN Observed MSIL/MythBot CnC Domain in TLS SNI (trojan.rules) 2844323 - ETPRO TROJAN Masad Stealer Exfil Via Telegram M2 (trojan.rules) 2844324 - ETPRO TROJAN Win32/Remcos RAT Checkin 532 (trojan.rules) 2844325 - ETPRO TROJAN Win32/Remcos RAT Checkin 533 (trojan.rules) 2844326 - ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI (trojan.rules) 2844327 - ETPRO TROJAN PSWORM CnC Activity (trojan.rules) [///] Modified active rules: [///] 2001197 - ET WEB_SPECIFIC_APPS PHPNuke SQL injection attempt (web_specific_apps.rules) 2004041 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id SELECT (web_specific_apps.rules) 2004042 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id UNION SELECT (web_specific_apps.rules) 2004043 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id INSERT (web_specific_apps.rules) 2004044 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id DELETE (web_specific_apps.rules) 2004045 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id ASCII (web_specific_apps.rules) 2004046 - ET WEB_SPECIFIC_APPS PHPEcho CMS SQL Injection Attempt -- gallery.php id UPDATE (web_specific_apps.rules) 2004325 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang SELECT (web_specific_apps.rules) 2004326 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UNION SELECT (web_specific_apps.rules) 2004327 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang INSERT (web_specific_apps.rules) 2004328 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang DELETE (web_specific_apps.rules) 2004329 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang ASCII (web_specific_apps.rules) 2004330 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- mainfile.php lang UPDATE (web_specific_apps.rules) 2004695 - ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid SELECT (web_specific_apps.rules) 2004696 - ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid UNION SELECT (web_specific_apps.rules) 2004697 - ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid INSERT (web_specific_apps.rules) 2004698 - ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid DELETE (web_specific_apps.rules) 2004699 - ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid ASCII (web_specific_apps.rules) 2004700 - ET WEB_SPECIFIC_APPS PHPKit SQL Injection Attempt -- include.php catid UPDATE (web_specific_apps.rules) 2004701 - ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php SELECT (web_specific_apps.rules) 2004702 - ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php UNION SELECT (web_specific_apps.rules) 2004703 - ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php DELETE (web_specific_apps.rules) 2004704 - ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php ASCII (web_specific_apps.rules) 2004851 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id SELECT (web_specific_apps.rules) 2004852 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UNION SELECT (web_specific_apps.rules) 2004853 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id INSERT (web_specific_apps.rules) 2004854 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id DELETE (web_specific_apps.rules) 2004855 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id ASCII (web_specific_apps.rules) 2004856 - ET WEB_SPECIFIC_APPS PHP-Nuke SQL Injection Attempt -- modules.php category_id UPDATE (web_specific_apps.rules) 2005180 - ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php INSERT (web_specific_apps.rules) 2005181 - ET WEB_SPECIFIC_APPS PHPWind SQL Injection Attempt -- admin.php UPDATE (web_specific_apps.rules) 2005456 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active SELECT (web_specific_apps.rules) 2005457 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active UNION SELECT (web_specific_apps.rules) 2005458 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active INSERT (web_specific_apps.rules) 2005459 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active DELETE (web_specific_apps.rules) 2005460 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active ASCII (web_specific_apps.rules) 2005461 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- modules.php active UPDATE (web_specific_apps.rules) 2005462 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class SELECT (web_specific_apps.rules) 2005463 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class UNION SELECT (web_specific_apps.rules) 2005464 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class INSERT (web_specific_apps.rules) 2005465 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class DELETE (web_specific_apps.rules) 2005466 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class ASCII (web_specific_apps.rules) 2005467 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_class UPDATE (web_specific_apps.rules) 2005468 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl SELECT (web_specific_apps.rules) 2005469 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl UNION SELECT (web_specific_apps.rules) 2005470 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl INSERT (web_specific_apps.rules) 2005471 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl DELETE (web_specific_apps.rules) 2005472 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl ASCII (web_specific_apps.rules) 2005473 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php imageurl UPDATE (web_specific_apps.rules) 2005474 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl SELECT (web_specific_apps.rules) 2005475 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl UNION SELECT (web_specific_apps.rules) 2005476 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl INSERT (web_specific_apps.rules) 2005477 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl DELETE (web_specific_apps.rules) 2005478 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl ASCII (web_specific_apps.rules) 2005479 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php clickurl UPDATE (web_specific_apps.rules) 2005480 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code SELECT (web_specific_apps.rules) 2005481 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code UNION SELECT (web_specific_apps.rules) 2005482 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code INSERT (web_specific_apps.rules) 2005483 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code DELETE (web_specific_apps.rules) 2005484 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code ASCII (web_specific_apps.rules) 2005485 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php ad_code UPDATE (web_specific_apps.rules) 2005486 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position SELECT (web_specific_apps.rules) 2005487 - ET WEB_SPECIFIC_APPS Francisco Burzi PHP-Nuke SQL Injection Attempt -- index.php position UNION SELECT (web_specific_apps.rules) 2005784 - ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid SELECT (web_specific_apps.rules) 2005785 - ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid UNION SELECT (web_specific_apps.rules) 2005786 - ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid INSERT (web_specific_apps.rules) 2005787 - ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid DELETE (web_specific_apps.rules) 2005788 - ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid ASCII (web_specific_apps.rules) 2005789 - ET WEB_SPECIFIC_APPS PHPKIT SQL Injection Attempt -- comment.php subid UPDATE (web_specific_apps.rules) 2005967 - ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id SELECT (web_specific_apps.rules) 2005968 - ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id UNION SELECT (web_specific_apps.rules) 2005969 - ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id INSERT (web_specific_apps.rules) 2005970 - ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id DELETE (web_specific_apps.rules) 2005971 - ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id ASCII (web_specific_apps.rules) 2005972 - ET WEB_SPECIFIC_APPS phpBB2 Plus SQL Injection Attempt -- admin_acronyms.php id UPDATE (web_specific_apps.rules) 2006516 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID SELECT (web_specific_apps.rules) 2006517 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UNION SELECT (web_specific_apps.rules) 2006518 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID INSERT (web_specific_apps.rules) 2006519 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID DELETE (web_specific_apps.rules) 2006520 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID ASCII (web_specific_apps.rules) 2006521 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_ID UPDATE (web_specific_apps.rules) 2006522 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID SELECT (web_specific_apps.rules) 2006523 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID UNION SELECT (web_specific_apps.rules) 2006524 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID INSERT (web_specific_apps.rules) 2006525 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID DELETE (web_specific_apps.rules) 2006526 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID ASCII (web_specific_apps.rules) 2006527 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Project_ID UPDATE (web_specific_apps.rules) 2006969 - ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id SELECT (web_specific_apps.rules) 2006970 - ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id UNION SELECT (web_specific_apps.rules) 2006971 - ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id INSERT (web_specific_apps.rules) 2006972 - ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id DELETE (web_specific_apps.rules) 2006973 - ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id ASCII (web_specific_apps.rules) 2006974 - ET WEB_SPECIFIC_APPS phpBB SQL Injection Attempt -- admin_hacks_list.php hack_id UPDATE (web_specific_apps.rules) 2008614 - ET WEB_SPECIFIC_APPS PHP-Lance show.php catid SQL Injection (web_specific_apps.rules) 2008873 - ET WEB_SPECIFIC_APPS PHPStore Wholesales id Parameter SQL Injection (web_specific_apps.rules) 2008961 - ET WEB_SPECIFIC_APPS PHPmyGallery lang parameter Local File Inclusion (web_specific_apps.rules) 2009051 - ET WEB_SPECIFIC_APPS PHPOF DB_AdoDB.Class.PHP PHPOF_INCLUDE_PATH parameter Remote File Inclusion (web_specific_apps.rules) 2009137 - ET WEB_SPECIFIC_APPS PHP Realty dpage.php docID parameter SQL Injection (web_specific_apps.rules) 2009139 - ET WEB_SPECIFIC_APPS Million Pixel Ad Script tops_top.php id_cat parameter SQL Injection (web_specific_apps.rules) 2009743 - ET WEB_SPECIFIC_APPS phpDatingClub website.php page Parameter Local File Inclusion (web_specific_apps.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP TCP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP UDP group 1 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP TCP group 2 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP UDP group 2 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP TCP group 3 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP UDP group 3 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP TCP group 4 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP UDP group 4 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP TCP group 5 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP UDP group 5 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP TCP group 6 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP UDP group 6 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP TCP group 7 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP UDP group 7 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP TCP group 8 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP UDP group 8 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP TCP group 9 (3coresec.rules) 2525017 - ET 3CORESec Poor Reputation IP UDP group 9 (3coresec.rules) 2525018 - ET 3CORESec Poor Reputation IP TCP group 10 (3coresec.rules) 2525019 - ET 3CORESec Poor Reputation IP UDP group 10 (3coresec.rules) 2525020 - ET 3CORESec Poor Reputation IP TCP group 11 (3coresec.rules) 2525021 - ET 3CORESec Poor Reputation IP UDP group 11 (3coresec.rules) 2525022 - ET 3CORESec Poor Reputation IP TCP group 12 (3coresec.rules) 2525023 - ET 3CORESec Poor Reputation IP UDP group 12 (3coresec.rules) 2525024 - ET 3CORESec Poor Reputation IP TCP group 13 (3coresec.rules) 2525025 - ET 3CORESec Poor Reputation IP UDP group 13 (3coresec.rules) 2525026 - ET 3CORESec Poor Reputation IP TCP group 14 (3coresec.rules) 2525027 - ET 3CORESec Poor Reputation IP UDP group 14 (3coresec.rules) 2525028 - ET 3CORESec Poor Reputation IP TCP group 15 (3coresec.rules) 2525029 - ET 3CORESec Poor Reputation IP UDP group 15 (3coresec.rules) 2525030 - ET 3CORESec Poor Reputation IP TCP group 16 (3coresec.rules) 2525031 - ET 3CORESec Poor Reputation IP UDP group 16 (3coresec.rules) 2525032 - ET 3CORESec Poor Reputation IP TCP group 17 (3coresec.rules) 2525033 - ET 3CORESec Poor Reputation IP UDP group 17 (3coresec.rules) 2525034 - ET 3CORESec Poor Reputation IP TCP group 18 (3coresec.rules) 2525035 - ET 3CORESec Poor Reputation IP UDP group 18 (3coresec.rules) 2525036 - ET 3CORESec Poor Reputation IP TCP group 19 (3coresec.rules) 2525037 - ET 3CORESec Poor Reputation IP UDP group 19 (3coresec.rules) 2525038 - ET 3CORESec Poor Reputation IP TCP group 20 (3coresec.rules) 2525039 - ET 3CORESec Poor Reputation IP UDP group 20 (3coresec.rules) 2829548 - ETPRO TROJAN W32/Kimsuky Sending Encrypted System Information to CnC (trojan.rules) 2837877 - ETPRO TROJAN Possible Predator the Thief CnC Activity (trojan.rules) 2837995 - ETPRO TROJAN CHRONO CnC Checkin (trojan.rules) 2837998 - ETPRO TROJAN Win32/Winnti.AG CnC Activity (trojan.rules) 2840426 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2020-01-14 (current_events.rules) 2840550 - ETPRO TROJAN Masad Stealer Exfil Via Telegram M1 (trojan.rules) 2843120 - ETPRO TROJAN Win32.Staser.dspk (trojan.rules) 2844275 - ETPRO TROJAN MassLogger Client Exfil via FTP M2 (trojan.rules) [---] Removed rules: [---] 2844300 - ETPRO POLICY Observed DNS Query to Dynamic DNS Service (policy.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 38 -> Added to ciarmy.rules (1): # Version 59652 -> Added to sid-msg.map (24): 2030848 || ET TROJAN Win32/Spy.Agent.PZE Variant CnC Activity || md5,39d55aa51967c001b7cc85f539055637 2030849 || ET MOBILE_MALWARE Android Joker CnC Configuration Retrieval || url,research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/ 2520162 || ET TOR Known Tor Exit Node TCP Traffic group 163 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2840550 || ETPRO TROJAN Masad Stealer Exfil Via Telegram M1 2844308 || ETPRO TROJAN Win32/Stealer.tnf CnC Exfil || md5,97d2b1e80efdf3520463880f0f187c8a 2844309 || ETPRO INFO Suspicious Zipped Filename in Outbound POST Request (systeminfo.txt) 2844310 || ETPRO INFO Suspicious Zipped Filename in Outbound POST Request (systeminfo.txt) M2 2844311 || ETPRO TROJAN Win64/Spy.Agent.CL CnC Activity || md5,cfec968dad218e8d99c5dd63170f5a5f 2844312 || ETPRO TROJAN Observed Malicious SSL Cert (MalDoc DL 2020-09-08) 2844313 || ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 2844314 || ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 2844315 || ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 2844316 || ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2020-09-08 2844317 || ETPRO CURRENT_EVENTS Successful Netflix Phish 2020-09-08 2844318 || ETPRO CURRENT_EVENTS Successful Huntington Phish 2020-09-08 2844319 || ETPRO CURRENT_EVENTS Successful Ruralvia Phish 2020-09-08 2844320 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-05 1) || md5,28876da4bb6e1b56d6ada329f2354670 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2844321 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2020-09-05 2) || md5,5cc0c344eb5a21d975c758985fe8790b || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2844322 || ETPRO TROJAN Observed MSIL/MythBot CnC Domain in TLS SNI || md5,1e9943e715dedf856da6fce479352c2d 2844323 || ETPRO TROJAN Masad Stealer Exfil Via Telegram M2 || md5,3938ba3c360d6c325184cf090213854b 2844324 || ETPRO TROJAN Win32/Remcos RAT Checkin 532 2844325 || ETPRO TROJAN Win32/Remcos RAT Checkin 533 2844326 || ETPRO TROJAN Observed IcedID CnC Domain in TLS SNI 2844327 || ETPRO TROJAN PSWORM CnC Activity || md5,3ca59d84b5b7a468d7b76b91e334bc34 [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 37 -> Removed from ciarmy.rules (1): # Version 59628 -> Removed from sid-msg.map (9): 2500064 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500065 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2522846 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 847 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522847 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 848 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522848 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 849 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522849 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 850 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522850 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 851 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2840550 || ETPRO TROJAN Masad Stealer Exfil Via Telegram 2844300 || ETPRO POLICY Observed DNS Query to Dynamic DNS Service