*********************** snort-edge open-nogpl *********************** [***] Results from Oinkmaster started Fri Sep 4 18:35:56 2020 [***] [+++] Added rules: [+++] 2011391 - ET MALWARE Win32/Agent.PMS Variant CnC Activity (emerging-malware.rules) 2030014 - ET MALWARE Observed DNS Query to Malvertising Related Domain (emerging-malware.rules) 2030831 - ET TROJAN Win32/TaskPerformer Downloader CnC Activity (emerging-trojan.rules) 2030832 - ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel Remote Code Execution (Outbound) (emerging-exploit.rules) 2030833 - ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel Remote Code Execution (Inbound) (emerging-exploit.rules) 2030834 - ET TROJAN MSIL/Juliens Botnet CnC Activity M1 (emerging-trojan.rules) 2030835 - ET USER_AGENTS Microsoft Malware Protection User-Agent Observed (emerging-user_agents.rules) 2030836 - ET MALWARE Haken Clicker CnC Activity (emerging-malware.rules) [///] Modified active rules: [///] 2002790 - ET TROJAN Haxdoor Reporting User Activity (emerging-trojan.rules) 2004241 - ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip SELECT (emerging-web_specific_apps.rules) 2004242 - ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip UNION SELECT (emerging-web_specific_apps.rules) 2004243 - ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip INSERT (emerging-web_specific_apps.rules) 2004244 - ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip DELETE (emerging-web_specific_apps.rules) 2004245 - ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip ASCII (emerging-web_specific_apps.rules) 2004246 - ET WEB_SPECIFIC_APPS PHP-Stats SQL Injection Attempt -- php-stats.recphp.php ip UPDATE (emerging-web_specific_apps.rules) 2004307 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php SELECT (emerging-web_specific_apps.rules) 2004308 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php UNION SELECT (emerging-web_specific_apps.rules) 2004309 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php INSERT (emerging-web_specific_apps.rules) 2004310 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php DELETE (emerging-web_specific_apps.rules) 2004311 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php ASCII (emerging-web_specific_apps.rules) 2004312 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nukesentinel.php UPDATE (emerging-web_specific_apps.rules) 2004450 - ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp SELECT (emerging-web_specific_apps.rules) 2004451 - ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp UNION SELECT (emerging-web_specific_apps.rules) 2004452 - ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp INSERT (emerging-web_specific_apps.rules) 2004453 - ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp DELETE (emerging-web_specific_apps.rules) 2004454 - ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp ASCII (emerging-web_specific_apps.rules) 2004455 - ET WEB_SPECIFIC_APPS Omegasoft SQL Injection Attempt -- OmegaMw7.asp UPDATE (emerging-web_specific_apps.rules) 2004481 - ET WEB_SPECIFIC_APPS PHP JackKnife SQL Injection Attempt -- G_Display.php iCategoryUnq UNION SELECT (emerging-web_specific_apps.rules) 2004736 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php SELECT (emerging-web_specific_apps.rules) 2004737 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php UNION SELECT (emerging-web_specific_apps.rules) 2004738 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php INSERT (emerging-web_specific_apps.rules) 2004739 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php DELETE (emerging-web_specific_apps.rules) 2004740 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php ASCII (emerging-web_specific_apps.rules) 2004741 - ET WEB_SPECIFIC_APPS NukeSentinel SQL Injection Attempt -- nsbypass.php UPDATE (emerging-web_specific_apps.rules) 2004846 - ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UNION SELECT (emerging-web_specific_apps.rules) 2004847 - ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id INSERT (emerging-web_specific_apps.rules) 2004848 - ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id DELETE (emerging-web_specific_apps.rules) 2004849 - ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id ASCII (emerging-web_specific_apps.rules) 2004850 - ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id UPDATE (emerging-web_specific_apps.rules) 2005015 - ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id SELECT (emerging-web_specific_apps.rules) 2005016 - ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UNION SELECT (emerging-web_specific_apps.rules) 2005017 - ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id INSERT (emerging-web_specific_apps.rules) 2005018 - ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id DELETE (emerging-web_specific_apps.rules) 2005019 - ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id ASCII (emerging-web_specific_apps.rules) 2005020 - ET WEB_SPECIFIC_APPS Noname Media Photo Galerie Standard SQL Injection Attempt -- view.php id UPDATE (emerging-web_specific_apps.rules) 2005186 - ET WEB_SPECIFIC_APPS Online Web Building SQL Injection Attempt -- page.asp art_id SELECT (emerging-web_specific_apps.rules) 2005597 - ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id SELECT (emerging-web_specific_apps.rules) 2005598 - ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UNION SELECT (emerging-web_specific_apps.rules) 2005599 - ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id INSERT (emerging-web_specific_apps.rules) 2005600 - ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id DELETE (emerging-web_specific_apps.rules) 2005601 - ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id ASCII (emerging-web_specific_apps.rules) 2005602 - ET WEB_SPECIFIC_APPS Okul Web Otomasyon Sistemi SQL Injection Attempt -- etkinlikbak.asp id UPDATE (emerging-web_specific_apps.rules) 2005647 - ET WEB_SPECIFIC_APPS Image Gallery with Access Database SQL Injection Attempt -- default.asp order INSERT (emerging-web_specific_apps.rules) 2005675 - ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category SELECT (emerging-web_specific_apps.rules) 2005676 - ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UNION SELECT (emerging-web_specific_apps.rules) 2005677 - ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category INSERT (emerging-web_specific_apps.rules) 2005678 - ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category DELETE (emerging-web_specific_apps.rules) 2005679 - ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category ASCII (emerging-web_specific_apps.rules) 2005680 - ET WEB_SPECIFIC_APPS Nicola Asuni All In One Control Panel (AIOCP) SQL Injection Attempt -- cp_functions_downloads.php download_category UPDATE (emerging-web_specific_apps.rules) 2005937 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate SELECT (emerging-web_specific_apps.rules) 2005938 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UNION SELECT (emerging-web_specific_apps.rules) 2005939 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate INSERT (emerging-web_specific_apps.rules) 2005940 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate DELETE (emerging-web_specific_apps.rules) 2005941 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate ASCII (emerging-web_specific_apps.rules) 2005942 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- register.asp UserUpdate UPDATE (emerging-web_specific_apps.rules) 2005943 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp SELECT (emerging-web_specific_apps.rules) 2005944 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UNION SELECT (emerging-web_specific_apps.rules) 2005945 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp INSERT (emerging-web_specific_apps.rules) 2005946 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp DELETE (emerging-web_specific_apps.rules) 2005947 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp ASCII (emerging-web_specific_apps.rules) 2005948 - ET WEB_SPECIFIC_APPS Outfront Spooky Login SQL Injection Attempt -- a_register.asp UPDATE (emerging-web_specific_apps.rules) 2006510 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID SELECT (emerging-web_specific_apps.rules) 2006511 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UNION SELECT (emerging-web_specific_apps.rules) 2006512 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID INSERT (emerging-web_specific_apps.rules) 2006513 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID DELETE (emerging-web_specific_apps.rules) 2006514 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID ASCII (emerging-web_specific_apps.rules) 2006515 - ET WEB_SPECIFIC_APPS PHPAccounts SQL Injection Attempt -- index.php Outgoing_Type_ID UPDATE (emerging-web_specific_apps.rules) 2006591 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid SELECT (emerging-web_specific_apps.rules) 2006592 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UNION SELECT (emerging-web_specific_apps.rules) 2006593 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid INSERT (emerging-web_specific_apps.rules) 2006594 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid DELETE (emerging-web_specific_apps.rules) 2006595 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid ASCII (emerging-web_specific_apps.rules) 2006596 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp agentid UPDATE (emerging-web_specific_apps.rules) 2006597 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass SELECT (emerging-web_specific_apps.rules) 2006598 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UNION SELECT (emerging-web_specific_apps.rules) 2006599 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass INSERT (emerging-web_specific_apps.rules) 2006600 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass DELETE (emerging-web_specific_apps.rules) 2006601 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass ASCII (emerging-web_specific_apps.rules) 2006602 - ET WEB_SPECIFIC_APPS Novell ZENworks Patch Management (ZPM) SQL Injection Attempt -- downloadreport.asp pass UPDATE (emerging-web_specific_apps.rules) 2006750 - ET WEB_SPECIFIC_APPS Neocrome Seditio SQL Injection Attempt -- users.register.inc.php INSERT (emerging-web_specific_apps.rules) 2006807 - ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid SELECT (emerging-web_specific_apps.rules) 2006808 - ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid UNION SELECT (emerging-web_specific_apps.rules) 2006809 - ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid INSERT (emerging-web_specific_apps.rules) 2006810 - ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid DELETE (emerging-web_specific_apps.rules) 2006811 - ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid ASCII (emerging-web_specific_apps.rules) 2006812 - ET WEB_SPECIFIC_APPS Oxygen (O2PHP Bulletin Board) SQL Injection Attempt -- viewthread.php pid UPDATE (emerging-web_specific_apps.rules) 2007592 - ET TROJAN Hupigon URL Infection Checkin Detected (emerging-trojan.rules) 2007661 - ET TROJAN Hupigon User Agent Detected (RAV1.23) (emerging-trojan.rules) 2008665 - ET TROJAN Zbot/Zeus or Related Infection Checkin (emerging-trojan.rules) 2008830 - ET WEB_SPECIFIC_APPS DevelopItEasy Photo Gallery cat_id parameter SQL Injection (emerging-web_specific_apps.rules) 2008921 - ET WEB_SPECIFIC_APPS Nitrotech members.php id Parameter SQL Injection (emerging-web_specific_apps.rules) 2009065 - ET WEB_SPECIFIC_APPS PHP-Daily add_postit.php id Parameter SQL Injection (emerging-web_specific_apps.rules) 2009066 - ET WEB_SPECIFIC_APPS PHP-Daily delete.php id Parameter SQL Injection (emerging-web_specific_apps.rules) 2009067 - ET WEB_SPECIFIC_APPS PHP-Fusion Members CV(job) Module members.php sortby parameter SQL injection (emerging-web_specific_apps.rules) 2009068 - ET WEB_SPECIFIC_APPS iGaming CMS previews.php browse parameter SQL injection (emerging-web_specific_apps.rules) 2009069 - ET WEB_SPECIFIC_APPS iGaming CMS reviews.php browse parameter SQL injection (emerging-web_specific_apps.rules) 2009332 - ET WEB_SPECIFIC_APPS ODARS resource_categories_view.php CLASSES_ROOT parameter local file inclusion (emerging-web_specific_apps.rules) 2009335 - ET WEB_SPECIFIC_APPS nicLOR CMS-School showarticle.php aID Parameter SQL Injection (emerging-web_specific_apps.rules) 2009395 - ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Remote File Inclusion (emerging-web_specific_apps.rules) 2009396 - ET WEB_SPECIFIC_APPS OTManager ADM_Pagina.php Tipo Local File Inclusion (emerging-web_specific_apps.rules) 2009461 - ET WEB_SPECIFIC_APPS Orlando CMS init.php GLOBALS Parameter Local File Inclusion (emerging-web_specific_apps.rules) 2009462 - ET WEB_SPECIFIC_APPS Orlando CMS stage1.php GLOBALS Parameter Local File Inclusion (emerging-web_specific_apps.rules) 2009463 - ET WEB_SPECIFIC_APPS Orlando CMS stage4.php GLOBALS Parameter Local File Inclusion (emerging-web_specific_apps.rules) 2009464 - ET WEB_SPECIFIC_APPS Orlando CMS stage6.php GLOBALS Parameter Local File Inclusion (emerging-web_specific_apps.rules) 2009716 - ET WEB_SPECIFIC_APPS ECShop user.php order_sn Parameter SQL Injection (emerging-web_specific_apps.rules) 2009728 - ET WEB_SPECIFIC_APPS NotFTP config.php languages Parameter Local File Inclusion (emerging-web_specific_apps.rules) 2009906 - ET WEB_SPECIFIC_APPS Online Grades parents.php ADD Parameter SQL Injection (emerging-web_specific_apps.rules) 2010018 - ET WEB_SPECIFIC_APPS Possible Joomla Game Server Component id Parameter INSERT INTO SQL Injection (emerging-web_specific_apps.rules) 2010025 - ET WEB_SPECIFIC_APPS DM Albums album.php SECURITY_FILE Parameter Local File Inclusion (emerging-web_specific_apps.rules) 2010031 - ET WEB_SPECIFIC_APPS Possible Novell eDirectory 'dconserv.dlm' Cross-Site Scripting Attempt (emerging-web_specific_apps.rules) 2010355 - ET WEB_SPECIFIC_APPS OBOphiX fonctions_racine.php chemin_lib parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules) 2010539 - ET WEB_SPECIFIC_APPS Joomla Component com_digistore (pid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules) 2010540 - ET WEB_SPECIFIC_APPS Joomla Component com_jbook (Itemid) Blind SQL Injection Attempt (emerging-web_specific_apps.rules) 2010652 - ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2010653 - ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2010654 - ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules) 2010655 - ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules) 2010656 - ET WEB_SPECIFIC_APPS OSSIM repository_attachment.php UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules) 2010699 - ET WEB_SPECIFIC_APPS Possible HP Power Manager Management Web Server Login Remote Buffer Overflow Attempt (emerging-web_specific_apps.rules) 2011057 - ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2011058 - ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2011059 - ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules) 2011060 - ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules) 2011061 - ET WEB_SPECIFIC_APPS Oracle E-Business Suite Financials jtfwcpnt.jsp UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules) 2011268 - ET WEB_SPECIFIC_APPS Oracle Business Process Management context Parameter Cross Site Scripting Attempt (emerging-web_specific_apps.rules) 2011274 - ET WEB_SPECIFIC_APPS OpenX phpAdsNew phpAds_geoPlugin Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules) 2011480 - ET TROJAN IMDDOS Botnet User-Agent STORMDDOS (emerging-trojan.rules) 2011481 - ET TROJAN IMDDOS Botnet User-Agent IAMDDOS (emerging-trojan.rules) 2011483 - ET TROJAN IMDDOS Botnet User-Agent YTDDOS (emerging-trojan.rules) 2011492 - ET MALWARE Adware.Kraddare Checkin (emerging-malware.rules) 2011876 - ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2011877 - ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules) 2011878 - ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules) 2011879 - ET WEB_SPECIFIC_APPS DBHcms editmenu Parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules) 2011882 - ET WEB_SPECIFIC_APPS Open Web Analytics owa_action Parameter Local File inclusion Attempt (emerging-web_specific_apps.rules) 2011883 - ET WEB_SPECIFIC_APPS Open Web Analytics owa_do Parameter Local File inclusion Attempt (emerging-web_specific_apps.rules) 2011886 - ET WEB_SPECIFIC_APPS Webspell wCMS-Clanscript staticID Parameter SQL Injection Attempt (emerging-web_specific_apps.rules) 2011887 - ET SCAN Medusa User-Agent (emerging-scan.rules) 2011915 - ET SCAN DotDotPwn User-Agent (emerging-scan.rules) 2012020 - ET WEB_SPECIFIC_APPS DVD Rental Software cat_id parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules) 2012021 - ET WEB_SPECIFIC_APPS jSchool Advanced id_gallery Parameter SQL Injection Attempt (emerging-web_specific_apps.rules) 2012022 - ET WEB_SPECIFIC_APPS Joomla Community Builder Enhenced Component Local File Inclusion Attempt (emerging-web_specific_apps.rules) 2012023 - ET WEB_SPECIFIC_APPS ZyXEL P-660R-T1 HomeCurrent_Date Parameter Cross Site Scripting Attempt (emerging-web_specific_apps.rules) 2012024 - ET WEB_SPECIFIC_APPS Gbook MX newlangsel Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules) 2012025 - ET WEB_SPECIFIC_APPS Seo Panel file Parameter Local File Inclusion Attempt (emerging-web_specific_apps.rules) 2012026 - ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2012027 - ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2012028 - ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules) 2012029 - ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules) 2012030 - ET WEB_SPECIFIC_APPS Pre Online Tests Generator Pro UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules) 2012032 - ET WEB_SPECIFIC_APPS Abtp Portal Project skel_null.php Local File Inclusion Attempt (emerging-web_specific_apps.rules) 2012033 - ET WEB_SPECIFIC_APPS N-13 News default_login_language Parameter Local File Inclusion Attempt (emerging-web_specific_apps.rules) 2012034 - ET WEB_SPECIFIC_APPS eNdonesia artid Parameter SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2012035 - ET WEB_SPECIFIC_APPS eNdonesia artid Parameter DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2012036 - ET WEB_SPECIFIC_APPS eNdonesia artid Parameter UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules) 2012037 - ET WEB_SPECIFIC_APPS eNdonesia artid Parameter INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules) 2012038 - ET WEB_SPECIFIC_APPS eNdonesia artid Parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules) 2012039 - ET WEB_SPECIFIC_APPS Car Portal car Parameter Blind SQL Injection Attempt (emerging-web_specific_apps.rules) 2012040 - ET WEB_SPECIFIC_APPS Contenido idart Parameter Cross Site Scripting Attempt (emerging-web_specific_apps.rules) 2012073 - ET WEB_SPECIFIC_APPS Aigaion ID Parameter SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2012074 - ET WEB_SPECIFIC_APPS Aigaion ID Parameter DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2012077 - ET SCAN Goatzapszu Header from unknown Scanning Tool (emerging-scan.rules) 2012099 - ET WEB_SPECIFIC_APPS Joomla Component Billy Portfolio catid Parameter Blind SQL Injection Attempt (emerging-web_specific_apps.rules) 2013874 - ET WEB_SPECIFIC_APPS Joomla techfolio component DELETE FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2013875 - ET WEB_SPECIFIC_APPS Joomla techfolio component UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules) 2013876 - ET WEB_SPECIFIC_APPS Joomla techfolio component INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules) 2023996 - ET EXPLOIT TP-LINK Password Change GET Request (DNSChanger EK) (emerging-exploit.rules) 2024815 - ET EXPLOIT Likely Struts S2-053-CVE-2017-12611 Exploit Attempt M2 (emerging-exploit.rules) 2025930 - ET WEB_SPECIFIC_APPS Modx Revolution RCE (CVE-2018-1000207) (emerging-web_specific_apps.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (emerging-dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (emerging-ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (emerging-ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (emerging-ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (emerging-ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (emerging-ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (emerging-ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (emerging-ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (emerging-ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (emerging-ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (emerging-ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (emerging-ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (emerging-ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (emerging-ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (emerging-ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (emerging-ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (emerging-ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (emerging-ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (emerging-ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (emerging-ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (emerging-ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (emerging-ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (emerging-ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (emerging-ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (emerging-ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (emerging-ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (emerging-ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (emerging-ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (emerging-ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (emerging-ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (emerging-ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (emerging-ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (emerging-ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (emerging-ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (emerging-ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (emerging-ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (emerging-ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (emerging-ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (emerging-ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (emerging-ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (emerging-ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (emerging-ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (emerging-ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (emerging-ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (emerging-ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (emerging-ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (emerging-ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (emerging-ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (emerging-ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (emerging-ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (emerging-ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (emerging-ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (emerging-ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (emerging-ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (emerging-ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (emerging-ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (emerging-ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (emerging-ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (emerging-ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (emerging-ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (emerging-ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (emerging-ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (emerging-ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (emerging-ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (emerging-ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (emerging-ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (emerging-ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (emerging-ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (emerging-ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (emerging-ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (emerging-ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (emerging-ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (emerging-ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (emerging-ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (emerging-ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (emerging-ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (emerging-ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (emerging-ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (emerging-ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (emerging-ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (emerging-ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (emerging-ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (emerging-ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (emerging-ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (emerging-ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (emerging-ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (emerging-ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (emerging-ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (emerging-ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (emerging-ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (emerging-ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (emerging-ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (emerging-ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (emerging-ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (emerging-ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (emerging-ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (emerging-ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (emerging-ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (emerging-ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (emerging-ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (emerging-ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (emerging-ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (emerging-ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (emerging-ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (emerging-ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (emerging-ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (emerging-ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (emerging-ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (emerging-ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (emerging-ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (emerging-ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (emerging-ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (emerging-ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (emerging-ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (emerging-ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (emerging-ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (emerging-ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (emerging-ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (emerging-ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (emerging-ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (emerging-ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (emerging-ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (emerging-ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (emerging-ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (emerging-ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (emerging-ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (emerging-ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (emerging-ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (emerging-ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (emerging-ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (emerging-ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (emerging-ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (emerging-ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (emerging-ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (emerging-ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (emerging-ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (emerging-ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (emerging-ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (emerging-ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (emerging-ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (emerging-ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (emerging-ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (emerging-ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (emerging-ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (emerging-ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (emerging-ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (emerging-ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (emerging-ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (emerging-ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (emerging-ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (emerging-ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (emerging-ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (emerging-ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (emerging-ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (emerging-ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (emerging-ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (emerging-ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (emerging-ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (emerging-ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (emerging-ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (emerging-ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (emerging-ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (emerging-ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (emerging-ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (emerging-ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (emerging-ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (emerging-ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (emerging-ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (emerging-ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (emerging-ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (emerging-ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (emerging-ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (emerging-ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (emerging-ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (emerging-ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (emerging-ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (emerging-ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (emerging-ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (emerging-ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (emerging-ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (emerging-ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (emerging-ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (emerging-ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (emerging-ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (emerging-ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (emerging-ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (emerging-ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (emerging-ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (emerging-ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (emerging-ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (emerging-ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (emerging-ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (emerging-ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (emerging-ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (emerging-ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (emerging-ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (emerging-ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (emerging-ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (emerging-ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (emerging-ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (emerging-ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (emerging-botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (emerging-botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (emerging-botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (emerging-botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (emerging-botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (emerging-botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (emerging-botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (emerging-botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (emerging-botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (emerging-botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (emerging-botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (emerging-botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (emerging-botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (emerging-botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (emerging-botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (emerging-botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (emerging-botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (emerging-botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP TCP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP UDP group 1 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP TCP group 2 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP UDP group 2 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP TCP group 3 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP UDP group 3 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP TCP group 4 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP UDP group 4 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP TCP group 5 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP UDP group 5 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP TCP group 6 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP UDP group 6 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP TCP group 7 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP UDP group 7 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP TCP group 8 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP UDP group 8 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP TCP group 9 (3coresec.rules) 2525017 - ET 3CORESec Poor Reputation IP UDP group 9 (3coresec.rules) 2525018 - ET 3CORESec Poor Reputation IP TCP group 10 (3coresec.rules) 2525019 - ET 3CORESec Poor Reputation IP UDP group 10 (3coresec.rules) 2525020 - ET 3CORESec Poor Reputation IP TCP group 11 (3coresec.rules) 2525021 - ET 3CORESec Poor Reputation IP UDP group 11 (3coresec.rules) 2525022 - ET 3CORESec Poor Reputation IP TCP group 12 (3coresec.rules) 2525023 - ET 3CORESec Poor Reputation IP UDP group 12 (3coresec.rules) 2525024 - ET 3CORESec Poor Reputation IP TCP group 13 (3coresec.rules) 2525025 - ET 3CORESec Poor Reputation IP UDP group 13 (3coresec.rules) 2525026 - ET 3CORESec Poor Reputation IP TCP group 14 (3coresec.rules) 2525027 - ET 3CORESec Poor Reputation IP UDP group 14 (3coresec.rules) 2525028 - ET 3CORESec Poor Reputation IP TCP group 15 (3coresec.rules) 2525029 - ET 3CORESec Poor Reputation IP UDP group 15 (3coresec.rules) 2525030 - ET 3CORESec Poor Reputation IP TCP group 16 (3coresec.rules) 2525031 - ET 3CORESec Poor Reputation IP UDP group 16 (3coresec.rules) 2525032 - ET 3CORESec Poor Reputation IP TCP group 17 (3coresec.rules) 2525033 - ET 3CORESec Poor Reputation IP UDP group 17 (3coresec.rules) 2525034 - ET 3CORESec Poor Reputation IP TCP group 18 (3coresec.rules) 2525035 - ET 3CORESec Poor Reputation IP UDP group 18 (3coresec.rules) 2525036 - ET 3CORESec Poor Reputation IP TCP group 19 (3coresec.rules) 2525037 - ET 3CORESec Poor Reputation IP UDP group 19 (3coresec.rules) 2525038 - ET 3CORESec Poor Reputation IP TCP group 20 (3coresec.rules) 2525039 - ET 3CORESec Poor Reputation IP UDP group 20 (3coresec.rules) [---] Removed rules: [---] 2011391 - ET TROJAN Win32/Agent.PMS Variant CnC Activity (emerging-trojan.rules) 2030014 - ET TROJAN Observed DNS Query to Malvertising Related Domain (emerging-trojan.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 36 -> Added to emerging-ciarmy.rules (1): # Version 59556 -> Added to sid-msg.map (16): 2011391 || ET MALWARE Win32/Agent.PMS Variant CnC Activity 2030014 || ET MALWARE Observed DNS Query to Malvertising Related Domain || url,duo.com/labs/research/crxcavator-malvertising-2020 2030831 || ET TROJAN Win32/TaskPerformer Downloader CnC Activity || md5,d89560ec4dbb0ca75734b39009d089e5 2030832 || ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel Remote Code Execution (Outbound) || url,www.exploit-db.com/exploits/48743 2030833 || ET EXPLOIT vBulletin 5.6.2 widget_tabbedContainer_tab_panel Remote Code Execution (Inbound) || url,www.exploit-db.com/exploits/48743 2030834 || ET TROJAN MSIL/Juliens Botnet CnC Activity M1 || md5,73ed84016746f0b53889d20cbdbb6f07 2030835 || ET USER_AGENTS Microsoft Malware Protection User-Agent Observed 2030836 || ET MALWARE Haken Clicker CnC Activity || md5,02939b68596873ad1835d1062ee8836a || url,research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/ 2500064 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500065 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 33 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2520148 || ET TOR Known Tor Exit Node TCP Traffic group 149 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520149 || ET TOR Known Tor Exit Node TCP Traffic group 150 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522839 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 840 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522840 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 841 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522841 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 842 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522842 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 843 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 35 -> Removed from emerging-ciarmy.rules (1): # Version 59532 -> Removed from sid-msg.map (2): 2011391 || ET TROJAN Win32/Agent.PMS Variant CnC Activity 2030014 || ET TROJAN Observed DNS Query to Malvertising Related Domain || url,duo.com/labs/research/crxcavator-malvertising-2020