*********************** suricata-4.0-enhanced open-nogpl *********************** [***] Results from Oinkmaster started Mon Aug 3 18:07:47 2020 [***] [+++] Added rules: [+++] 2030635 - ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) (emerging-trojan.rules) 2030636 - ET TROJAN Magecart/Skimmer Domain in DNS Lookup (cloud-sources .com) (emerging-trojan.rules) 2030637 - ET TROJAN Magecart/Skimmer Domain in DNS Lookup (cdn-filestorm .com) (emerging-trojan.rules) 2030638 - ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (chretiendaujoudhui .com) (emerging-mobile_malware.rules) 2030639 - ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (leprotestant .com) (emerging-mobile_malware.rules) 2030640 - ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (vie-en-islam .com) (emerging-mobile_malware.rules) 2030641 - ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (viedechretien .org) (emerging-mobile_malware.rules) 2030642 - ET TROJAN TAIDOOR CnC Domain in DNS Lookup (www.cnaweb.mrslove .com) (emerging-trojan.rules) 2030643 - ET TROJAN TAIDOOR CnC Domain in DNS Lookup (www.infonew.dubya .net) (emerging-trojan.rules) [///] Modified active rules: [///] 2008433 - ET TROJAN Razy Variant Checkin (emerging-trojan.rules) 2013808 - ET TROJAN Dooptroop Dropper Checkin (emerging-trojan.rules) 2014313 - ET POLICY Executable Download From DropBox (emerging-policy.rules) 2014519 - ET INFO EXE - Served Inline HTTP (emerging-info.rules) 2016935 - ET WEB_SERVER SQL Injection Select Sleep Time Delay (emerging-web_server.rules) 2018677 - ET TROJAN Sharik/Smoke Loader Microsoft Connectivity check (emerging-trojan.rules) 2019680 - ET TROJAN Possible Archie EK Payload Checkin GET (emerging-trojan.rules) 2020899 - ET EXPLOIT D-Link Devices Home Network Administration Protocol Command Execution (emerging-exploit.rules) 2022025 - ET TROJAN Sharik/Smoke Loader Adobe Connectivity Check 2 (emerging-trojan.rules) 2022026 - ET TROJAN Sharik/Smoke Loader Java Connectivity Check (emerging-trojan.rules) 2022027 - ET TROJAN Sharik/Smoke Loader Adobe Connectivity Check 3 (emerging-trojan.rules) 2022683 - ET TROJAN Win32/CryptFile2 Ransomware Checkin (emerging-trojan.rules) 2022906 - ET TROJAN Towerweb Ransomware Landing Page (emerging-trojan.rules) 2022970 - ET TROJAN W32.Dreambot File Upload (No Data Sent) (emerging-trojan.rules) 2023144 - ET TROJAN AgentTesla PWS HTTP CnC Checkin (emerging-trojan.rules) 2023465 - ET TROJAN Win32/Jackpot Ransomware CnC Checkin (emerging-trojan.rules) 2023466 - ET EXPLOIT D-Link DSL-2740R Remote DNS Change Attempt (emerging-exploit.rules) 2023467 - ET EXPLOIT COMTREND ADSL Router CT-5367 Remote DNS Change Attempt (emerging-exploit.rules) 2023469 - ET POLICY External IP Address Lookup - b4secure .com (emerging-policy.rules) 2023470 - ET TROJAN Possible Emissary External IP Lookup (emerging-trojan.rules) 2023483 - ET MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher Sending Credit Card Info (emerging-mobile_malware.rules) 2023505 - ET TROJAN CerberTear Ransomware CnC Checkin (emerging-trojan.rules) 2023506 - ET TROJAN MSIL/Alcatrez Locker Ransomware CnC Checkin (emerging-trojan.rules) 2023507 - ET MOBILE_MALWARE Android.Trojan.HiddenApp.OU Checkin (emerging-mobile_malware.rules) 2023533 - ET TROJAN CryptoLuck / YafunnLocker Ransomware CnC Checkin (emerging-trojan.rules) 2023534 - ET TROJAN Win32/CHIP Ransomware CnC Checkin (emerging-trojan.rules) 2023535 - ET WEB_SERVER Possible Apache Struts OGNL Expression Injection (emerging-web_server.rules) 2023546 - ET TROJAN Win32/TrojanDownloader.Delf.BXC CnC Beacon (emerging-trojan.rules) 2023551 - ET TROJAN Locky CnC checkin Nov 21 (emerging-trojan.rules) 2023552 - ET TROJAN Locky CnC checkin Nov 21 M2 (emerging-trojan.rules) 2023558 - ET CURRENT_EVENTS Successful XBOOMBER Paypal Phish Nov 28 2016 (emerging-current_events.rules) 2023567 - ET TROJAN Sharik/Smoke Loader Receiving Payload (emerging-trojan.rules) 2023571 - ET TROJAN DistTrack/Shamoon CnC Beacon M2 (emerging-trojan.rules) 2023574 - ET WEB_SPECIFIC_APPS Joomla GoogleMaps Plugin Open Proxy Access (emerging-web_specific_apps.rules) 2023588 - ET TROJAN Trojan.Win32.Qadars Checkin (emerging-trojan.rules) 2023592 - ET CURRENT_EVENTS Successful iCloud Phish Oct 10 2016 (emerging-current_events.rules) 2023628 - ET EXPLOIT Netgear R7000 Command Injection Exploit (emerging-exploit.rules) 2023652 - ET TROJAN TeleBots BCS-server CnC Beacon (emerging-trojan.rules) 2023656 - ET TROJAN TeleBots VBS Backdoor CnC Beacon 2 (emerging-trojan.rules) 2023668 - ET INFO Unconfigured nginx Access (emerging-info.rules) 2023686 - ET EXPLOIT Possible CVE-2016-10033 PHPMailer RCE Attempt (emerging-exploit.rules) 2023691 - ET TROJAN MRCR1 Ransomware Checkin M1 (emerging-trojan.rules) 2023692 - ET TROJAN MRCR1 Ransomware Checkin M2 (emerging-trojan.rules) 2023694 - ET TROJAN Blackmoon/Banbra Configuration Request M2 (emerging-trojan.rules) 2023696 - ET CURRENT_EVENTS Successful Bradesco Bank Phish M1 Jan 05 2017 (emerging-current_events.rules) 2023751 - ET WEB_CLIENT Tech Support Phone Scam Landing M1 Jan 20 2017 (emerging-web_client.rules) 2023759 - ET CURRENT_EVENTS Possible Successful Generic Paypal Phish Jan 23 2016 (emerging-current_events.rules) 2024403 - ET CURRENT_EVENTS Possible Dropbox Phishing Landing - Title over non SSL (emerging-current_events.rules) 2024565 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 (emerging-current_events.rules) 2024572 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 03 2017 (emerging-current_events.rules) 2024573 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 (emerging-current_events.rules) 2024574 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (emerging-current_events.rules) 2024575 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (emerging-current_events.rules) 2025672 - ET CURRENT_EVENTS Shared Document Phishing Landing Nov 16 2016 (emerging-current_events.rules) 2025687 - ET CURRENT_EVENTS Email Settings Error Phishing Landing Nov 16 2016 (emerging-current_events.rules) 2029322 - ET POLICY Telegram API Certificate Observed (emerging-policy.rules) 2029706 - ET INFO Possible COVID-19 Domain in SSL Certificate M2 (emerging-info.rules) 2029707 - ET INFO Suspicious TLS SNI Request for Possible COVID-19 Domain M1 (emerging-info.rules) 2030053 - ET TROJAN Win32/IcedID Requesting Encoded Binary M4 (emerging-trojan.rules) 2030357 - ET TROJAN Win32/Ispen BADNEWS CnC Beacon (emerging-trojan.rules) 2030616 - ET POLICY XenArmor Password Recovery License Check (emerging-policy.rules) 2400000 - ET DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ET DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ET DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ET DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ET DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ET DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ET DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ET DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ET DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ET DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ET DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ET DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ET DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ET DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ET DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ET DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ET DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ET DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ET DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ET DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ET DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ET DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ET DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ET DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ET DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ET DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ET DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ET DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ET DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ET DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ET DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules) [---] Removed rules: [---] 2400031 - ET DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 12 -> Added to drop.rules (2): # VERSION 2770 # Generated 2020-08-02 00:05:02 EDT -> Added to sid-msg.map (17): 2029322 || ET POLICY Telegram API Certificate Observed 2030635 || ET TROJAN Observed Malicious SSL Cert (Cobalt Strike CnC) 2030636 || ET TROJAN Magecart/Skimmer Domain in DNS Lookup (cloud-sources .com) || url,twitter.com/felixaime/status/1287409263623770112 2030637 || ET TROJAN Magecart/Skimmer Domain in DNS Lookup (cdn-filestorm .com) || url,twitter.com/felixaime/status/1287409263623770112 2030638 || ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (chretiendaujoudhui .com) || url,citizenlab.ca/2020/08/nothing-sacred-nso-sypware-in-togo/ 2030639 || ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (leprotestant .com) || url,citizenlab.ca/2020/08/nothing-sacred-nso-sypware-in-togo/ 2030640 || ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (vie-en-islam .com) || url,citizenlab.ca/2020/08/nothing-sacred-nso-sypware-in-togo/ 2030641 || ET MOBILE_MALWARE NSO Group CnC Domain in DNS Lookup (viedechretien .org) || url,citizenlab.ca/2020/08/nothing-sacred-nso-sypware-in-togo/ 2030642 || ET TROJAN TAIDOOR CnC Domain in DNS Lookup (www.cnaweb.mrslove .com) || url,us-cert.cisa.gov/ncas/analysis-reports/ar20-216a 2030643 || ET TROJAN TAIDOOR CnC Domain in DNS Lookup (www.infonew.dubya .net) || url,us-cert.cisa.gov/ncas/analysis-reports/ar20-216a 2522788 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 789 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522789 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 790 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522790 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 791 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522791 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 792 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522792 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 793 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522793 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 794 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522794 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 795 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 11 -> Removed from drop.rules (2): # VERSION 2769 # Generated 2020-07-26 00:05:01 EDT -> Removed from sid-msg.map (44): 2029322 || ET POLICY Telegram API Cerficate Observed 2400031 || ET DROP Spamhaus DROP Listed Traffic Inbound group 32 || url,www.spamhaus.org/drop/drop.lasso 2520105 || ET TOR Known Tor Exit Node Traffic group 106 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520106 || ET TOR Known Tor Exit Node Traffic group 107 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520107 || ET TOR Known Tor Exit Node Traffic group 108 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520108 || ET TOR Known Tor Exit Node Traffic group 109 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520109 || ET TOR Known Tor Exit Node Traffic group 110 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520110 || ET TOR Known Tor Exit Node Traffic group 111 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520111 || ET TOR Known Tor Exit Node Traffic group 112 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520112 || ET TOR Known Tor Exit Node Traffic group 113 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520113 || ET TOR Known Tor Exit Node Traffic group 114 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520114 || ET TOR Known Tor Exit Node Traffic group 115 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520115 || ET TOR Known Tor Exit Node Traffic group 116 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520116 || ET TOR Known Tor Exit Node Traffic group 117 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520117 || ET TOR Known Tor Exit Node Traffic group 118 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520118 || ET TOR Known Tor Exit Node Traffic group 119 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520119 || ET TOR Known Tor Exit Node Traffic group 120 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520120 || ET TOR Known Tor Exit Node Traffic group 121 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520121 || ET TOR Known Tor Exit Node Traffic group 122 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520122 || ET TOR Known Tor Exit Node Traffic group 123 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520123 || ET TOR Known Tor Exit Node Traffic group 124 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520124 || ET TOR Known Tor Exit Node Traffic group 125 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520125 || ET TOR Known Tor Exit Node Traffic group 126 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520126 || ET TOR Known Tor Exit Node Traffic group 127 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520127 || ET TOR Known Tor Exit Node Traffic group 128 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520128 || ET TOR Known Tor Exit Node Traffic group 129 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520129 || ET TOR Known Tor Exit Node Traffic group 130 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520130 || ET TOR Known Tor Exit Node Traffic group 131 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520131 || ET TOR Known Tor Exit Node Traffic group 132 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520132 || ET TOR Known Tor Exit Node Traffic group 133 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520133 || ET TOR Known Tor Exit Node Traffic group 134 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520134 || ET TOR Known Tor Exit Node Traffic group 135 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520135 || ET TOR Known Tor Exit Node Traffic group 136 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520136 || ET TOR Known Tor Exit Node Traffic group 137 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520137 || ET TOR Known Tor Exit Node Traffic group 138 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520138 || ET TOR Known Tor Exit Node Traffic group 139 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520139 || ET TOR Known Tor Exit Node Traffic group 140 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520140 || ET TOR Known Tor Exit Node Traffic group 141 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520141 || ET TOR Known Tor Exit Node Traffic group 142 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520142 || ET TOR Known Tor Exit Node Traffic group 143 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520143 || ET TOR Known Tor Exit Node Traffic group 144 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520144 || ET TOR Known Tor Exit Node Traffic group 145 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520145 || ET TOR Known Tor Exit Node Traffic group 146 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520146 || ET TOR Known Tor Exit Node Traffic group 147 || url,doc.emergingthreats.net/bin/view/Main/TorRules