*********************** snort-edge open-nogpl *********************** [***] Results from Oinkmaster started Fri Aug 28 18:06:58 2020 [***] [+++] Added rules: [+++] 2030809 - ET TROJAN MassLogger Client Data Exfil SMTP (emerging-trojan.rules) 2030810 - ET CURRENT_EVENTS Fedex Phishing Landing on Appspot Hosting (emerging-current_events.rules) 2030811 - ET CURRENT_EVENTS GET Request to Googleapis Hosting (set) (emerging-current_events.rules) 2030812 - ET TROJAN MSIL/CoinMiner Performing System Checkin (emerging-trojan.rules) 2030813 - ET TROJAN C3Pool CoinMiner Setup Script Download (emerging-trojan.rules) 2030814 - ET USER_AGENTS Suspicious User-Agent (boostsoftware-urlexists) (emerging-user_agents.rules) [///] Modified active rules: [///] 2006380 - ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted (emerging-policy.rules) 2006402 - ET POLICY Incoming Basic Auth Base64 HTTP Password detected unencrypted (emerging-policy.rules) 2016537 - ET INFO GET Minimal HTTP Headers Flowbit Set (emerging-info.rules) 2018958 - ET TROJAN Worm.Win32.Vobfus Checkin 3 (emerging-trojan.rules) 2018981 - ET TROJAN Probable OneLouder downloader (Zeus P2P) (emerging-trojan.rules) 2018983 - ET TROJAN Probable OneLouder downloader (Zeus P2P) (emerging-trojan.rules) 2019344 - ET CURRENT_EVENTS FAKEIE Minimal Headers (flowbit set) (emerging-current_events.rules) 2022578 - ET WEB_CLIENT JS Obfuscation - Possible Phishing 2016-03-01 (emerging-web_client.rules) 2024771 - ET TROJAN [PTsecurity] Possible Cobalt Strike payload (emerging-trojan.rules) 2025005 - ET CURRENT_EVENTS Possible Successful Generic Phish Jan 14 2016 (emerging-current_events.rules) 2025224 - ET TROJAN RocketMan Win32/Drun (emerging-trojan.rules) 2025627 - ET INFO [eSentire] Possible Kali Linux Updates (emerging-info.rules) 2026102 - ET EXPLOIT Linksys E-Series Device RCE Attempt (emerging-exploit.rules) 2026738 - ET TROJAN [PTsecurity] Trickbot Data Exfiltration (emerging-trojan.rules) 2026772 - ET TROJAN ServHelper CnC Inital Checkin (emerging-trojan.rules) 2026904 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (emerging-current_events.rules) 2027045 - ET USER_AGENTS Suspicious User-Agent (Clever Internet Suite) (emerging-user_agents.rules) 2027046 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-03-06 (emerging-current_events.rules) 2027057 - ET TROJAN MSIL/SkidRat CnC Checkin M1 (emerging-trojan.rules) 2027060 - ET TROJAN MSIL/SkidRat User-Agent Observed (emerging-trojan.rules) 2027063 - ET EXPLOIT Outbound GPON Authentication Bypass Attempt (CVE-2018-10561) (emerging-exploit.rules) 2027081 - ET WEB_CLIENT PirateBay Phish - Possibly PirateMatryoshka Related (emerging-web_client.rules) 2027087 - ET TROJAN Win32/Dorv Stealer Exfiltrating Data to CnC (emerging-trojan.rules) 2027096 - ET WEB_SPECIFIC_APPS Rails Arbitrary File Disclosure Attempt (emerging-web_specific_apps.rules) 2027098 - ET EXPLOIT Possible ZTE ZXV10 H108L Router Root RCE Attempt (emerging-exploit.rules) 2027101 - ET TROJAN Observed Malicious SSL Cert (Gootkit CnC) (emerging-trojan.rules) 2027102 - ET CURRENT_EVENTS Inbound JasperLoader Using Array Push Obfuscation (emerging-current_events.rules) 2027103 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (cookies.txt) M1 (emerging-trojan.rules) 2027105 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M1 (emerging-trojan.rules) 2027107 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (screenshot.) M1 (emerging-trojan.rules) 2027113 - ET TROJAN ChaseBot CnC Checkin (emerging-trojan.rules) 2027114 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (wallet.dat) M1 (emerging-trojan.rules) 2027117 - ET TROJAN Suspicious POST with Common Windows Process Names - Possible Process List Exfiltration (emerging-trojan.rules) 2027118 - ET TROJAN W32/VBS.SLoad.Backdoor Initial Base64 Encoded OK Server Response (emerging-trojan.rules) 2027119 - ET TROJAN ELF/Mirai Variant UA Outbound (Rift) (emerging-trojan.rules) 2027121 - ET TROJAN ELF/Mirai Variant UA Outbound (Tsunami) (emerging-trojan.rules) 2027123 - ET TROJAN ELF/Mirai Variant UA Outbound (Yowai) (emerging-trojan.rules) 2027125 - ET TROJAN ELF/Mirai Variant UA Outbound (Yakuza) (emerging-trojan.rules) 2027127 - ET TROJAN ELF/Mirai Variant UA Outbound (Hentai) (emerging-trojan.rules) 2027129 - ET TROJAN ELF/Mirai Variant UA Outbound (lessie) (emerging-trojan.rules) 2027131 - ET TROJAN ELF/Mirai Variant UA Outbound (Cakle) (emerging-trojan.rules) 2027133 - ET TROJAN ELF/Mirai Variant UA Outbound (Damien) (emerging-trojan.rules) 2027135 - ET TROJAN ELF/Mirai Variant UA Outbound (Solar) (emerging-trojan.rules) 2027137 - ET TROJAN ELF/Mirai Variant UA Outbound (muhstik) (emerging-trojan.rules) 2027139 - ET TROJAN ELF/Mirai Variant UA Outbound (Shaolin) (emerging-trojan.rules) 2027145 - ET CURRENT_EVENTS Spelevo EK Flash Exploit Attempt (emerging-current_events.rules) 2027147 - ET TROJAN Win32/Beapy CnC Checkin (emerging-trojan.rules) 2027148 - ET TROJAN PS/Beapy CnC Checkin (emerging-trojan.rules) 2027149 - ET TROJAN Py/Beapy CnC Checkin (emerging-trojan.rules) 2027153 - ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound (emerging-exploit.rules) 2027154 - ET MOBILE_MALWARE Android/BasBanke CnC Checkin (emerging-mobile_malware.rules) 2027156 - ET TROJAN AHK/BKDR_HTV.ZKGD-A Fake HTTP 500 Containing Encoded Commands Inbound (emerging-trojan.rules) 2027207 - ET INFO HTTP Request with Double Cache-Control (emerging-info.rules) 2027211 - ET TROJAN Outbound POST Request with Base64 ps PowerShell Command Output M1 (emerging-trojan.rules) 2027212 - ET TROJAN Outbound POST Request with Base64 ps PowerShell Command Output M2 (emerging-trojan.rules) 2027213 - ET TROJAN Outbound POST Request with Base64 ps PowerShell Command Output M3 (emerging-trojan.rules) 2027214 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (emerging-trojan.rules) 2027215 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (emerging-trojan.rules) 2027216 - ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC) (emerging-trojan.rules) 2027232 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M1 (emerging-attack_response.rules) 2027233 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M2 (emerging-attack_response.rules) 2027234 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16) Inbound via HTTP M1 (emerging-attack_response.rules) 2027235 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16) Inbound via HTTP M2 (emerging-attack_response.rules) 2027236 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M3 (emerging-attack_response.rules) 2027238 - ET ATTACK_RESPONSE Windows SCM DLL Hijack Command (UTF-16) Inbound via HTTP M3 (emerging-attack_response.rules) 2027269 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (cookie.txt) M1 (emerging-trojan.rules) 2027271 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (ccdata.txt) M1 (emerging-trojan.rules) 2027276 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (google_chrome_default_) M1 (emerging-trojan.rules) 2027278 - ET TROJAN Suspicious Zipped Filename in Outbound POST Request (Mozilla_Firefox_Cookies) M1 (emerging-trojan.rules) 2027286 - ET USER_AGENTS Aria2 User-Agent (emerging-user_agents.rules) 2027293 - ET TROJAN Megumin v2 Stealer User-Agent (emerging-trojan.rules) 2027294 - ET CURRENT_EVENTS Successful Generic Phish 2019-04-30 (set) (emerging-current_events.rules) 2027301 - ET TROJAN ServHelper CnC Command (Net User) (emerging-trojan.rules) 2027302 - ET TROJAN ServHelper CnC Command (Reg Add) (emerging-trojan.rules) 2027303 - ET TROJAN ServHelper CnC Command (Whoami) (emerging-trojan.rules) 2027310 - ET EXPLOIT WinRAR WinAce Containing CVE-2018-20250 Inbound - Path Traversal leading to RCE (emerging-exploit.rules) 2027311 - ET TROJAN JAR/Qealler Stealer HTTP Headers Observed (emerging-trojan.rules) 2027315 - ET WEB_CLIENT Attempted RCE in Wordpress Social Warfare Plugin Inbound (CVE-2019-9978) (emerging-web_client.rules) 2027334 - ET TROJAN PS/Unk.EB.Spreader CnC Checkin (emerging-trojan.rules) 2027344 - ET CURRENT_EVENTS Possible JS Credit Card Stealer Inbound (emerging-current_events.rules) 2027350 - ET WEB_SPECIFIC_APPS Jenkins Chained Exploits CVE-2018-1000861 and CVE-2019-1003000 M2 (emerging-web_specific_apps.rules) 2027351 - ET TROJAN ELF.SystemdMiner C2 Domain in DNS Lookup (emerging-trojan.rules) 2027352 - ET TROJAN ELF.SystemdMiner C2 Domain in DNS Lookup (emerging-trojan.rules) 2027354 - ET TROJAN MSIL/Almashreq Executing New Processes (emerging-trojan.rules) 2027357 - ET EXPLOIT Linksys Smart WiFi Information Disclosure Attempt Inbound (emerging-exploit.rules) 2027359 - ET MALWARE AppControls.com User-Agent (emerging-malware.rules) 2027365 - ET TROJAN HTA.BabyShark Checkin (emerging-trojan.rules) 2027371 - ET CURRENT_EVENTS Successful Generic Phish (set) 2019-05-21 (emerging-current_events.rules) 2029670 - ET CURRENT_EVENTS Successful Generic Mailbox Phish 2019-03-07 (emerging-current_events.rules) 2029671 - ET CURRENT_EVENTS Successful Generic Personalized Phish 2019-03-11 (emerging-current_events.rules) 2029674 - ET CURRENT_EVENTS Successful Interac Phish 2019-05-15 (emerging-current_events.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (emerging-ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (emerging-ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (emerging-ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (emerging-ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (emerging-ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (emerging-ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (emerging-ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (emerging-ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (emerging-ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (emerging-ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (emerging-ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (emerging-ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (emerging-ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (emerging-ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (emerging-ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (emerging-ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (emerging-ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (emerging-ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (emerging-ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (emerging-ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (emerging-ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (emerging-ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (emerging-ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (emerging-ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (emerging-ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (emerging-ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (emerging-ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (emerging-ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (emerging-ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (emerging-ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (emerging-ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (emerging-ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (emerging-ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (emerging-ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (emerging-ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (emerging-ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (emerging-ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (emerging-ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (emerging-ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (emerging-ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (emerging-ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (emerging-ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (emerging-ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (emerging-ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (emerging-ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (emerging-ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (emerging-ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (emerging-ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (emerging-ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (emerging-ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (emerging-ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (emerging-ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (emerging-ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (emerging-ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (emerging-ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (emerging-ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (emerging-ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (emerging-ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (emerging-ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (emerging-ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (emerging-ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (emerging-ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (emerging-ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (emerging-ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (emerging-ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (emerging-ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (emerging-ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (emerging-ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (emerging-ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (emerging-ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (emerging-ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (emerging-ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (emerging-ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (emerging-ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (emerging-ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (emerging-ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (emerging-ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (emerging-ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (emerging-ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (emerging-ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (emerging-ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (emerging-ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (emerging-ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (emerging-ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (emerging-ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (emerging-ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (emerging-ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (emerging-ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (emerging-ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (emerging-ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (emerging-ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (emerging-ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (emerging-ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (emerging-ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (emerging-ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (emerging-ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (emerging-ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (emerging-ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (emerging-ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (emerging-ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (emerging-ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (emerging-ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (emerging-ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (emerging-ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (emerging-ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (emerging-ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (emerging-ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (emerging-ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (emerging-ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (emerging-ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (emerging-ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (emerging-ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (emerging-ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (emerging-ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (emerging-ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (emerging-ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (emerging-ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (emerging-ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (emerging-ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (emerging-ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (emerging-ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (emerging-ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (emerging-ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (emerging-ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (emerging-ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (emerging-ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (emerging-ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (emerging-ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (emerging-ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (emerging-ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (emerging-ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (emerging-ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (emerging-ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (emerging-ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (emerging-ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (emerging-ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (emerging-ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (emerging-ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (emerging-ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (emerging-ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (emerging-ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (emerging-ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (emerging-ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (emerging-ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (emerging-ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (emerging-ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (emerging-ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (emerging-ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (emerging-ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (emerging-ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (emerging-ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (emerging-ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (emerging-ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (emerging-ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (emerging-ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (emerging-ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (emerging-ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (emerging-ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (emerging-ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (emerging-ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (emerging-ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (emerging-ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (emerging-ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (emerging-ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (emerging-ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (emerging-ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (emerging-ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (emerging-ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (emerging-ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (emerging-ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (emerging-ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (emerging-ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (emerging-ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (emerging-ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (emerging-ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (emerging-ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (emerging-ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (emerging-ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (emerging-ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (emerging-ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (emerging-ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (emerging-ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (emerging-ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (emerging-ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (emerging-ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (emerging-ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (emerging-ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (emerging-ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (emerging-ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (emerging-ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (emerging-ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (emerging-ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (emerging-ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (emerging-ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (emerging-ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (emerging-ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (emerging-ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (emerging-ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (emerging-ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (emerging-ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (emerging-botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (emerging-botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (emerging-botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (emerging-botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (emerging-botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (emerging-botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (emerging-botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (emerging-botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (emerging-botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (emerging-botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (emerging-botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (emerging-botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (emerging-botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (emerging-botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (emerging-botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (emerging-botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (emerging-botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (emerging-botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP TCP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP UDP group 1 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP TCP group 2 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP UDP group 2 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP TCP group 3 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP UDP group 3 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP TCP group 4 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP UDP group 4 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP TCP group 5 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP UDP group 5 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP TCP group 6 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP UDP group 6 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP TCP group 7 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP UDP group 7 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP TCP group 8 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP UDP group 8 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP TCP group 9 (3coresec.rules) 2525017 - ET 3CORESec Poor Reputation IP UDP group 9 (3coresec.rules) 2525018 - ET 3CORESec Poor Reputation IP TCP group 10 (3coresec.rules) 2525019 - ET 3CORESec Poor Reputation IP UDP group 10 (3coresec.rules) 2525020 - ET 3CORESec Poor Reputation IP TCP group 11 (3coresec.rules) 2525021 - ET 3CORESec Poor Reputation IP UDP group 11 (3coresec.rules) 2525022 - ET 3CORESec Poor Reputation IP TCP group 12 (3coresec.rules) 2525023 - ET 3CORESec Poor Reputation IP UDP group 12 (3coresec.rules) 2525024 - ET 3CORESec Poor Reputation IP TCP group 13 (3coresec.rules) 2525025 - ET 3CORESec Poor Reputation IP UDP group 13 (3coresec.rules) 2525026 - ET 3CORESec Poor Reputation IP TCP group 14 (3coresec.rules) 2525027 - ET 3CORESec Poor Reputation IP UDP group 14 (3coresec.rules) 2525028 - ET 3CORESec Poor Reputation IP TCP group 15 (3coresec.rules) 2525029 - ET 3CORESec Poor Reputation IP UDP group 15 (3coresec.rules) 2525030 - ET 3CORESec Poor Reputation IP TCP group 16 (3coresec.rules) 2525031 - ET 3CORESec Poor Reputation IP UDP group 16 (3coresec.rules) 2525032 - ET 3CORESec Poor Reputation IP TCP group 17 (3coresec.rules) 2525033 - ET 3CORESec Poor Reputation IP UDP group 17 (3coresec.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 31 -> Added to emerging-ciarmy.rules (1): # Version 59389 -> Added to sid-msg.map (10): 2030809 || ET TROJAN MassLogger Client Data Exfil SMTP || md5,862b6b45307a816ac1e3321ec66b212d 2030810 || ET CURRENT_EVENTS Fedex Phishing Landing on Appspot Hosting 2030811 || ET CURRENT_EVENTS GET Request to Googleapis Hosting (set) 2030812 || ET TROJAN MSIL/CoinMiner Performing System Checkin || md5,0bdfccd5aab30f98e212abde79d923ef 2030813 || ET TROJAN C3Pool CoinMiner Setup Script Download || md5,57d01da1ecf73b6ac9564c180e1363c6 2030814 || ET USER_AGENTS Suspicious User-Agent (boostsoftware-urlexists) 2520129 || ET TOR Known Tor Exit Node TCP Traffic group 130 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522781 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 782 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522782 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 783 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522783 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 784 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 30 -> Removed from emerging-ciarmy.rules (1): # Version 59365