*********************** suricata-4.0-enhanced open-nogpl *********************** [***] Results from Oinkmaster started Thu Aug 27 18:28:14 2020 [***] [+++] Added rules: [+++] 2030802 - ET INFO Suspicious GET To gate.php with no Referer (emerging-info.rules) 2030803 - ET TROJAN GoldenSpy Domain Observed (emerging-trojan.rules) 2030804 - ET EXPLOIT Possible Pulse Secure VPN RCE Inbound (CVE-2020-8218) (emerging-exploit.rules) 2030805 - ET TROJAN Babax Stealer Exfil via Telegram (emerging-trojan.rules) 2030806 - ET TROJAN Win32/AgentTesla Variant Exfil via Telegram (emerging-trojan.rules) 2030807 - ET TROJAN Grandoreiro CnC Activity (vbs) (emerging-trojan.rules) 2030808 - ET TROJAN Grandoreiro CnC Activity (iso) (emerging-trojan.rules) [///] Modified active rules: [///] 2008625 - ET P2P Pando Client User-Agent Detected (emerging-p2p.rules) 2013186 - ET TROJAN Win32.Renos/Artro Trojan Checkin M1 (emerging-trojan.rules) 2019627 - ET WEB_SERVER Possible Cookie Based BackDoor Used in Drupal Attacks (emerging-web_server.rules) 2025113 - ET WEB_CLIENT Possible Credentials Sent to Suspicious TLD via HTTP GET (emerging-web_client.rules) 2025198 - ET TROJAN Bitter RAT HTTP CnC Beacon M2 (emerging-trojan.rules) 2025431 - ET TROJAN Vidar/Arkei Stealer Client Data Upload (emerging-trojan.rules) 2026530 - ET CURRENT_EVENTS Successful Generic Phish (set) 2018-10-22 (emerging-current_events.rules) 2026538 - ET TROJAN Possible APT29 CozyBear/SeaDaddy SSL/TLS Certificate Observed (emerging-trojan.rules) 2026539 - ET TROJAN Possible APT28 DOC Uploader SSL/TLS Certificate Observed (emerging-trojan.rules) 2026540 - ET TROJAN Possible DarkTequila SSL/TLS Certificate Observed (emerging-trojan.rules) 2026544 - ET TROJAN Octopus Malware CnC Activity (emerging-trojan.rules) 2026552 - ET WEB_SERVER jQuery File Upload Attempt (emerging-web_server.rules) 2026554 - ET CURRENT_EVENTS Successful Cryptocurrency Exchange Phish (set) 2018-10-25 (emerging-current_events.rules) 2026556 - ET TROJAN Sharik/Smoke Fake 404 Response with Payload Location (emerging-trojan.rules) 2026565 - ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M1 (emerging-trojan.rules) 2026571 - ET TROJAN MSIL/Lordix Stealer Exfiltrating Data (emerging-trojan.rules) 2026572 - ET TROJAN MSIL.BackNet Checkin (emerging-trojan.rules) 2026578 - ET TROJAN APT33/CharmingKitten Encrypted Payload Inbound (emerging-trojan.rules) 2026588 - ET TROJAN MSIL.Kraken.v2 HTTP Pattern (emerging-trojan.rules) 2026589 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 1/2 CnC) (emerging-trojan.rules) 2026592 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 3 Staging Domain) (emerging-trojan.rules) 2026602 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain) (emerging-trojan.rules) 2026603 - ET TROJAN Observed Malicious SSL Cert (MageCart Group 5 Staging Domain) (emerging-trojan.rules) 2026605 - ET WEB_CLIENT Attempted WordPress GDPR Plugin Privilege Escalation M1 (Enable Registration) (emerging-web_client.rules) 2026606 - ET WEB_CLIENT Attempted WordPress GDPR Plugin Privilege Escalation M2 (Set as Administrator) (emerging-web_client.rules) 2026607 - ET TROJAN ELF/Muhstik Bot Reporting Vulnerable Server to CnC (emerging-trojan.rules) 2026609 - ET TROJAN Operation Baby Coin syschk CnC Communication (emerging-trojan.rules) 2026610 - ET TROJAN ELF/Muhstik Scanner Module Activity (emerging-trojan.rules) 2026616 - ET TROJAN Observed Malicious SSL Cert (ServHelper CnC) (emerging-trojan.rules) 2026618 - ET TROJAN Observed Malicious SSL Cert (APT29) (emerging-trojan.rules) 2026619 - ET TROJAN Hades APT Downloader Attempting to Retrieve Stage 2 Payload (emerging-trojan.rules) 2026640 - ET TROJAN Kraken C2 Domain Observed (kraken656kn6wyyx in DNS Lookup) (emerging-trojan.rules) 2026641 - ET TROJAN ArtraDownloader/TeleRAT Checkin (emerging-trojan.rules) 2026642 - ET TROJAN HackTool.Linux.SSHBRUTE.A Haiduc Initial Compromise C2 POST (emerging-trojan.rules) 2026670 - ET TROJAN L0rdix Stealer CnC Sending Screenshot (emerging-trojan.rules) 2026671 - ET TROJAN L0rdix Stealer CnC Data Exfil (emerging-trojan.rules) 2026672 - ET TROJAN DNSpionage Commands Embedded in Webpage Inbound (emerging-trojan.rules) 2026675 - ET CURRENT_EVENTS Inbound PowerShell Saving Base64 Decoded Payload to Temp M1 2018-11-29 (emerging-current_events.rules) 2026676 - ET CURRENT_EVENTS Inbound PowerShell Saving Base64 Decoded Payload to Temp M2 2018-11-29 (emerging-current_events.rules) 2026683 - ET TROJAN MSIL APT28 Zebrocy/Zekapab Reporting to CnC (emerging-trojan.rules) 2026688 - ET TROJAN [PTsecurity] WeChat (Ransomware/Stealer) HttpHeader (emerging-trojan.rules) 2026719 - ET WEB_SERVER HP Intelligent Management Java Deserialization RCE Attempt (emerging-web_server.rules) 2026720 - ET TROJAN Win32/DanaBot Harvesting Email Addresses 2 (emerging-trojan.rules) 2026721 - ET TROJAN Win32/DanaBot Harvesting Email Addresses 1 (emerging-trojan.rules) 2026725 - ET TROJAN ELF/Win32 Lucky Ransomware CnC Checkin (emerging-trojan.rules) 2026739 - ET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246) (emerging-web_specific_apps.rules) 2026740 - ET TROJAN Win32/ArtraDownloader Checkin (emerging-trojan.rules) 2026746 - ET INFO Suspicious Fake Login - Possible Phishing - 2018-12-31 (emerging-info.rules) 2026747 - ET INFO maas.io Image Download Flowbit Set (emerging-info.rules) 2026749 - ET CURRENT_EVENTS Suspicious Generic Login - Possible Successful Phish 2019-01-02 (emerging-current_events.rules) 2026751 - ET TROJAN MSIL APT28 Zebrocy/Zekapab Reporting to CnC M2 (emerging-trojan.rules) 2026752 - ET TROJAN APT28/Sofacy Zebrocy Go Variant CnC Activity (emerging-trojan.rules) 2026753 - ET TROJAN APT28/Sofacy Zebrocy Go Variant Downloader Error POST (emerging-trojan.rules) 2026754 - ET TROJAN APT28/Sofacy Zebrocy Secondary Payload CnC Checkin (emerging-trojan.rules) 2026758 - ET INFO External Host Probing for ChromeCast Devices (emerging-info.rules) 2026762 - ET TROJAN APT28 Zebrocy/Zekapab Reporting to CnC M3 (emerging-trojan.rules) 2026766 - ET TROJAN Operation Cobra Venom WSF Stage 2 - CnC Checkin (emerging-trojan.rules) 2026767 - ET TROJAN Observed Malicious SSL Cert (ServHelper RAT CnC) (emerging-trojan.rules) 2026805 - ET TROJAN Possible Sharik/Smoke Loader 7zip Connectivity Check (emerging-trojan.rules) 2026848 - ET CURRENT_EVENTS Python Eval Compile seen in HTTP Request Headers (emerging-current_events.rules) 2026849 - ET POLICY WinRM wsman Access - Possible Lateral Movement (emerging-policy.rules) 2026854 - ET TROJAN [PTsecurity] Possible Backdoor.Win32.TeamBot / RTM C2 Response (emerging-trojan.rules) 2026860 - ET EXPLOIT Possible Cisco RV320 RCE Attempt (CVE-2019-1652) (emerging-exploit.rules) 2026865 - ET TROJAN CoreDn CnC Checkin M1 (emerging-trojan.rules) 2026866 - ET TROJAN CoreDn CnC Checkin M2 (emerging-trojan.rules) 2026868 - ET POLICY Nimiq Miner Initiating Mining Session with Skypool (emerging-policy.rules) 2026880 - ET MALWARE AppControls.com User-Agent (emerging-malware.rules) 2026881 - ET MALWARE AppControls.com User-Agent (emerging-malware.rules) 2026891 - ET INFO Possible EXE Download From Suspicious TLD (.icu) - set (emerging-info.rules) 2026902 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (emerging-current_events.rules) 2026903 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (emerging-current_events.rules) 2026905 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) 2019-02-13 (emerging-current_events.rules) 2026907 - ET MOBILE_MALWARE Android/Xnore Fake Facebook Login Credentials Collected (emerging-mobile_malware.rules) 2026908 - ET POLICY Suspicious SSN Parameter in HTTP POST - Possible Phishing (emerging-policy.rules) 2026909 - ET POLICY Suspicious CVV Parameter in HTTP POST - Possible Phishing (emerging-policy.rules) 2026910 - ET TROJAN OSX/Shlayer CnC Activity M1 (emerging-trojan.rules) 2026911 - ET TROJAN OSX/Shlayer CnC Landing M2 (emerging-trojan.rules) 2026912 - ET TROJAN OSX/Shlayer CnC Activity M3 (emerging-trojan.rules) 2026913 - ET TROJAN OSX/Shlayer CnC Activity M4 (emerging-trojan.rules) 2026914 - ET USER_AGENTS SFML User-Agent (libsfml-network) (emerging-user_agents.rules) 2026916 - ET TROJAN DirectsX CnC Checkin (emerging-trojan.rules) 2026944 - ET TROJAN Observed Malicious SSL Cert (LazarusGroup CnC) (emerging-trojan.rules) 2026947 - ET TROJAN TickGroup Datper CnC Checkin M1 (emerging-trojan.rules) 2026948 - ET TROJAN TickGroup Datper CnC Checkin M2 (emerging-trojan.rules) 2026949 - ET TROJAN TickGroup Datper CnC Checkin M3 (emerging-trojan.rules) 2026950 - ET WEB_SPECIFIC_APPS WP Cost Estimator Plugin AFI Vulnerability (emerging-web_specific_apps.rules) 2026952 - ET TROJAN BrushaLoader CnC DNS Lookup (emerging-trojan.rules) 2026985 - ET TROJAN ArtraDownloader CnC Checkin (emerging-trojan.rules) 2026986 - ET TROJAN OSX/Shlayer Malicious Download Request (emerging-trojan.rules) 2026987 - ET TROJAN JS/Agent.NZH CnC Response (emerging-trojan.rules) 2027025 - ET TROJAN [PTsecurity] Win32/Spy.RTM/Redaman IP Check (emerging-trojan.rules) 2029667 - ET CURRENT_EVENTS Successful Fedex/DHL Phish 2018-10-22 (emerging-current_events.rules) 2029668 - ET CURRENT_EVENTS Successful Microsoft Account Phish 2019-01-29 (emerging-current_events.rules) 2029669 - ET CURRENT_EVENTS Successful Generic Personalized Phish 2019-02-13 (emerging-current_events.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 30 -> Added to sid-msg.map (10): 2030802 || ET INFO Suspicious GET To gate.php with no Referer 2030803 || ET TROJAN GoldenSpy Domain Observed || url,trustwave.azureedge.net/media/16908/the-golden-tax-department-and-emergence-of-goldenspy-malware.pdf 2030804 || ET EXPLOIT Possible Pulse Secure VPN RCE Inbound (CVE-2020-8218) || url,www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/ 2030805 || ET TROJAN Babax Stealer Exfil via Telegram || url,twitter.com/Pyhoma07/status/1279758745560584195 || md5,7413dfd6fc0eed1927e1d44c23b80571 2030806 || ET TROJAN Win32/AgentTesla Variant Exfil via Telegram || md5,0c22e92073fc56a574a6c860ddef1c2d || url,twitter.com/James_inthe_box/status/1298742352069054464 2030807 || ET TROJAN Grandoreiro CnC Activity (vbs) || md5,2cb39126dd8f22ffdf2ad2b679405653 || url,app.any.run/tasks/aa328aa8-e521-429f-9c42-9583f7e87c76/ 2030808 || ET TROJAN Grandoreiro CnC Activity (iso) || md5,2cb39126dd8f22ffdf2ad2b679405653 || url,app.any.run/tasks/aa328aa8-e521-429f-9c42-9583f7e87c76/ 2520126 || ET TOR Known Tor Exit Node Traffic group 127 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520127 || ET TOR Known Tor Exit Node Traffic group 128 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520128 || ET TOR Known Tor Exit Node Traffic group 129 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 29 -> Removed from sid-msg.map (10): 2522781 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 782 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522782 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 783 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522783 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 784 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522784 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 785 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522785 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 786 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522786 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 787 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522787 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 788 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522788 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 789 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522789 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 790 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522790 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 791 || url,doc.emergingthreats.net/bin/view/Main/TorRules