*********************** suricata-4.0-enhanced open-nogpl *********************** [***] Results from Oinkmaster started Tue Aug 4 18:23:00 2020 [***] [+++] Added rules: [+++] 2030644 - ET WEB_SPECIFIC_APPS LifterLMS Arbitrary File Write Attempt Inbound (CVE-2020-6008) (emerging-web_specific_apps.rules) 2030646 - ET CURRENT_EVENTS Possible Sucessful Generic Phish (set) 2020-08-04 (emerging-current_events.rules) [///] Modified active rules: [///] 2023653 - ET TROJAN TeleBots BCS-server User-Agent (emerging-trojan.rules) 2023654 - ET TROJAN TeleBots VBS Backdoor CnC Beacon 1 (emerging-trojan.rules) 2023811 - ET TROJAN Downeks Variant CnC Beacon (emerging-trojan.rules) 2023814 - ET TROJAN CryptoShield Ransomware Checkin (emerging-trojan.rules) 2023815 - ET TROJAN Shafttt MySQL Bruteforce Bot CnC Beacon (emerging-trojan.rules) 2023818 - ET INFO Windows Update/Microsoft FP Flowbit (emerging-info.rules) 2023830 - ET WEB_SPECIFIC_APPS Netgear WNR2000v5 Possible Serial Number Leak (emerging-web_specific_apps.rules) 2023868 - ET TROJAN Turla Kopiluwak User-Agent (emerging-trojan.rules) 2023870 - ET TROJAN Ursnif Variant CnC Beacon (emerging-trojan.rules) 2023874 - ET POLICY Hamas Terrorist Propaganda TV Channel (aqsatv.ps) (emerging-policy.rules) 2023876 - ET TROJAN Possible iKittens OSX MacDownloader CNC Beacon (emerging-trojan.rules) 2023889 - ET WEB_CLIENT Tech Support Phone Scam Landing Feb 09 2017 (emerging-web_client.rules) 2023950 - ET TROJAN MAGICHOUND.RETRIEVER CnC Beacon (emerging-trojan.rules) 2023965 - ET TROJAN CozyCar CnC Beacon (emerging-trojan.rules) 2023995 - ET EXPLOIT TP-LINK DNS Change GET Request (DNSChanger EK) (emerging-exploit.rules) 2023999 - ET CURRENT_EVENTS Successful Apple Account Phish Feb 17 2017 (emerging-current_events.rules) 2024002 - ET CURRENT_EVENTS Successful Banco Itau (BR) Mobile Phish Feb 17 2017 (emerging-current_events.rules) 2024003 - ET WEB_CLIENT Possible Phishing Verified by Visa title over non SSL Feb 17 2017 (emerging-web_client.rules) 2024006 - ET INFO Opera Adblocker Update Flowbit Set (emerging-info.rules) 2024007 - ET WEB_CLIENT Suspicious JS Refresh - Possible Phishing Redirect Feb 24 2017 (emerging-web_client.rules) 2024008 - ET WEB_CLIENT Possible Phishing Redirect Feb 24 2017 (emerging-web_client.rules) 2024009 - ET CURRENT_EVENTS Successful Craigslist (RO) Phish M1 Feb 24 2017 (emerging-current_events.rules) 2024010 - ET CURRENT_EVENTS Successful Craigslist (RO) Phish M2 Feb 24 2017 (emerging-current_events.rules) 2024016 - ET WEB_CLIENT Paypal Phishing Redirect M1 Feb 24 2017 (emerging-web_client.rules) 2024018 - ET WEB_CLIENT Common Paypal Phishing URI Feb 24 2017 (emerging-web_client.rules) 2024022 - ET TROJAN Pteranodon Backdoor Checkin (emerging-trojan.rules) 2024023 - ET TROJAN Pteranodon Backdoor CnC POST (emerging-trojan.rules) 2024024 - ET TROJAN Pteranodon Variant 1 Backdoor Checkin (emerging-trojan.rules) 2024025 - ET TROJAN Pteranodon Variant 2 Backdoor Checkin (emerging-trojan.rules) 2024026 - ET TROJAN Pteranodon Variant 3 Backdoor Checkin (emerging-trojan.rules) 2024027 - ET TROJAN Gamaredon File Stealer POST (emerging-trojan.rules) 2024033 - ET WEB_CLIENT Android Fake AV Download Landing Mar 06 2017 (emerging-web_client.rules) 2024120 - ET TROJAN MSIL/Matrix Ransomware CnC Activity (emerging-trojan.rules) 2024385 - ET CURRENT_EVENTS Possible iCloud Phishing Landing - Title over non SSL (emerging-current_events.rules) 2024391 - ET CURRENT_EVENTS Possible Paypal Phishing Landing - Title over non SSL (emerging-current_events.rules) 2024402 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL (emerging-current_events.rules) 2024451 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL (emerging-current_events.rules) 2024560 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 (emerging-current_events.rules) 2024566 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 (emerging-current_events.rules) 2024567 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 (emerging-current_events.rules) 2024568 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 (emerging-current_events.rules) 2024569 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 (emerging-current_events.rules) 2024570 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 (emerging-current_events.rules) 2024571 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 (emerging-current_events.rules) 2024807 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL (emerging-current_events.rules) 2024970 - ET CURRENT_EVENTS Possible Paypal Phishing Landing - Title over non SSL (emerging-current_events.rules) 2025137 - ET CURRENT_EVENTS Possible Facebook Phishing Landing - Title over non SSL (emerging-current_events.rules) 2025214 - ET CURRENT_EVENTS Paypal Phishing Landing 2018-01-18 M1 (emerging-current_events.rules) 2025662 - ET CURRENT_EVENTS Docusign Phishing Landing Mar 08 2017 (emerging-current_events.rules) 2025667 - ET CURRENT_EVENTS Apple Phishing Landing M2 Feb 13 2017 (emerging-current_events.rules) 2025675 - ET CURRENT_EVENTS Microsoft Live External Link Phishing Landing M2 Feb 14 2017 (emerging-current_events.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 13 -> Added to sid-msg.map (8): 2030644 || ET WEB_SPECIFIC_APPS LifterLMS Arbitrary File Write Attempt Inbound (CVE-2020-6008) || cve,2020-6008 || url,cpr-zero.checkpoint.com/vulns/cprid-2148/ 2030646 || ET CURRENT_EVENTS Possible Sucessful Generic Phish (set) 2020-08-04 2520105 || ET TOR Known Tor Exit Node Traffic group 106 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520106 || ET TOR Known Tor Exit Node Traffic group 107 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520107 || ET TOR Known Tor Exit Node Traffic group 108 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520108 || ET TOR Known Tor Exit Node Traffic group 109 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520109 || ET TOR Known Tor Exit Node Traffic group 110 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520110 || ET TOR Known Tor Exit Node Traffic group 111 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 12 -> Removed from sid-msg.map (1): 2500074 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 38 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts