*********************** suricata-4.0-enhanced open-nogpl *********************** [***] Results from Oinkmaster started Wed Sep 2 17:45:32 2020 [***] [+++] Added rules: [+++] 2030822 - ET MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.f (DNS Lookup) (emerging-mobile_malware.rules) 2030823 - ET TROJAN Zyklon CnC Activity (emerging-trojan.rules) 2030824 - ET TROJAN Observed IcedID CnC Domain in TLS SNI (emerging-trojan.rules) 2030825 - ET MALWARE Win32/Xetapp Installer Checkin (emerging-malware.rules) 2030826 - ET TROJAN Lemon_Duck Linux Shell Script CnC Activity (emerging-trojan.rules) 2030827 - ET TROJAN Lemon_Duck CnC Activity (emerging-trojan.rules) 2030828 - ET TROJAN Observed MageCart CnC Domain in TLS SNI (emerging-trojan.rules) 2030829 - ET TROJAN TURLA APT CnC Activity (emerging-trojan.rules) [///] Modified active rules: [///] 2000571 - ET POLICY AOL Webmail Message Send (emerging-policy.rules) 2001595 - ET CHAT Skype VOIP Checking Version (Startup) (emerging-chat.rules) 2002762 - ET TROJAN Torpig Reporting User Activity (x25) (emerging-trojan.rules) 2002872 - ET POLICY Myspace Login Attempt (emerging-policy.rules) 2003066 - ET TROJAN Torpig Reporting User Activity (wur8) (emerging-trojan.rules) 2003239 - ET TROJAN W32.Downloader Tibs.jy Reporting to C&C (2) (emerging-trojan.rules) 2003306 - ET MALWARE 180solutions Spyware (tracked event 2 reporting) (emerging-malware.rules) 2003457 - ET POLICY Metacafe.com Social Site Access (emerging-policy.rules) 2003458 - ET POLICY Orkut.com Social Site Access (emerging-policy.rules) 2004132 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum ASCII (emerging-web_specific_apps.rules) 2004133 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_forum UPDATE (emerging-web_specific_apps.rules) 2004134 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user SELECT (emerging-web_specific_apps.rules) 2004135 - ET WEB_SPECIFIC_APPS w-Agora SQL Injection Attempt -- search.php search_user UNION SELECT (emerging-web_specific_apps.rules) 2007568 - ET TROJAN Zlob Updating via HTTP (emerging-trojan.rules) 2007763 - ET POLICY CBS Streaming Video (emerging-policy.rules) 2007764 - ET POLICY NBC Streaming Video (emerging-policy.rules) 2007787 - ET TROJAN Zhelatin npopup Update Detected (emerging-trojan.rules) 2007832 - ET TROJAN Theoreon.com Related Trojan Checkin (emerging-trojan.rules) 2008003 - ET TROJAN Win32.Agent.cyt (Or variant) HTTP POST Checkin (emerging-trojan.rules) 2008051 - ET POLICY Dell MyWay Remote control agent (emerging-policy.rules) 2008115 - ET P2P Tor Get Status Request (emerging-p2p.rules) 2008185 - ET TROJAN Win32 Cloaker Related Post Infection Checkin (emerging-trojan.rules) 2008321 - ET TROJAN Win32.Small.AB or related Post-infection checkin (emerging-trojan.rules) 2008329 - ET TROJAN xpsecuritycenter.com Fake AntiVirus GET-Install Checkin (emerging-trojan.rules) 2008377 - ET TROJAN Virtumod/Agent.ufv/Virtumonde Get Request (emerging-trojan.rules) 2008406 - ET POLICY RemoteSpy.com Upload Detect (emerging-policy.rules) 2008545 - ET TROJAN Social-bos.biz related trojan checkin (trackid=hex) (emerging-trojan.rules) 2008561 - ET POLICY External Unencrypted Connection To Aanval Console (emerging-policy.rules) 2008863 - ET TROJAN Virtumonde Variant Reporting to Controller via HTTP (3) (emerging-trojan.rules) 2008958 - ET TROJAN Waledac Beacon Traffic Detected (emerging-trojan.rules) 2008989 - ET POLICY IP Check Domain (showmyip in HTTP Host) (emerging-policy.rules) 2009215 - ET TROJAN Farfli HTTP Checkin Activity (emerging-trojan.rules) 2009530 - ET TROJAN Sality - Fake Opera User-Agent (Opera/8.89) (emerging-trojan.rules) 2009808 - ET TROJAN Win32.Virut - GET (emerging-trojan.rules) 2009998 - ET POLICY Smilebox Spyware Download (emerging-policy.rules) 2010242 - ET TROJAN WindowsEnterpriseSuite FakeAV get_product_domains.php (emerging-trojan.rules) 2011378 - ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter SELECT FROM SQL Injection Attempt (emerging-web_specific_apps.rules) 2011380 - ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter UNION SELECT SQL Injection Attempt (emerging-web_specific_apps.rules) 2011381 - ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter INSERT INTO SQL Injection Attempt (emerging-web_specific_apps.rules) 2011382 - ET WEB_SPECIFIC_APPS iScripts MultiCart orderid Parameter UPDATE SET SQL Injection Attempt (emerging-web_specific_apps.rules) 2011383 - ET WEB_SPECIFIC_APPS CSSTidy css_optimiser.php url Parameter Cross Site Scripting Attempt (emerging-web_specific_apps.rules) 2011384 - ET WEB_SPECIFIC_APPS MAXcms fm_includes_special Parameter Remote File Inclusion Attempt (emerging-web_specific_apps.rules) 2011385 - ET WEB_SPECIFIC_APPS Joomla NoticeBoard Component controller Parameter Local File Inclusion Attempt (emerging-web_specific_apps.rules) 2015848 - ET INFO Imposter USPS Domain (emerging-info.rules) 2015896 - ET TROJAN Andromeda Check-in Response (emerging-trojan.rules) 2016580 - ET INFO Java Request to DynDNS Pro Dynamic DNS Domain (emerging-info.rules) 2016583 - ET INFO SUSPICIOUS Java Request to DNSDynamic Dynamic DNS Domain (emerging-info.rules) 2022858 - ET CURRENT_EVENTS Suspicious BITS EXE DL From Dotted Quad (emerging-current_events.rules) 2023400 - ET TROJAN Bitter RAT HTTP CnC Beacon (emerging-trojan.rules) 2024369 - ET TROJAN PLATINUM Dipsind CnC Beacon (emerging-trojan.rules) 2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish (site40 . net) Jul 18 2017 (emerging-info.rules) 2025980 - ET POLICY TRR DNS over HTTPS detected (emerging-policy.rules) 2026436 - ET TROJAN Win32.YordanyanActiveAgent Generic CnC Pattern (emerging-trojan.rules) 2026514 - ET TROJAN XLS.Unk DDE rar Drop Attempt (.live) (emerging-trojan.rules) 2027345 - ET WEB_SPECIFIC_APPS Possible SharePoint RCE Attempt (CVE-2019-0604) (emerging-web_specific_apps.rules) 2027971 - ET EXPLOIT HiSilicon DVR - Application Credential Disclosure (CVE-2018-9995) (emerging-exploit.rules) 2027972 - ET EXPLOIT HiSilicon DVR - Buffer Overflow in Builtin Web Server (emerging-exploit.rules) 2028566 - ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC) (emerging-trojan.rules) 2028570 - ET TROJAN Possible TransparentTribe APT CnC Activity (emerging-trojan.rules) 2028572 - ET TROJAN Suspected Tunna Proxy M1 (emerging-trojan.rules) 2028573 - ET TROJAN Suspected Tunna Proxy M2 (emerging-trojan.rules) 2028574 - ET TROJAN Suspected Tunna Proxy M3 (emerging-trojan.rules) 2028575 - ET TROJAN Suspected Tunna Proxy M4 (emerging-trojan.rules) 2028576 - ET TROJAN Possible Tunna Proxy Activity (Response) (emerging-trojan.rules) 2028577 - ET TROJAN Possible Tunna Proxy Closing Connection (emerging-trojan.rules) 2028578 - ET TROJAN Suspected Tunna Proxy M1 (Outbound) (emerging-trojan.rules) 2028579 - ET TROJAN Suspected Tunna Proxy M2 (Outbound) (emerging-trojan.rules) 2028580 - ET TROJAN Suspected Tunna Proxy M3 (Outbound) (emerging-trojan.rules) 2028581 - ET TROJAN Suspected Tunna Proxy M4 (Outbound) (emerging-trojan.rules) 2028582 - ET TROJAN Possible Tunna Proxy Activity (Response) (emerging-trojan.rules) 2028583 - ET TROJAN Possible Tunna Proxy Closing Connection (emerging-trojan.rules) 2028588 - ET TROJAN [TGI] Cobalt Strike Malleable C2 Request (O365 Profile) (emerging-trojan.rules) 2028599 - ET TROJAN Plead TSCookie CnC Checkin M1 (emerging-trojan.rules) 2028600 - ET TROJAN Plead TSCookie CnC Checkin M2 (emerging-trojan.rules) 2028601 - ET TROJAN Plead TSCookie CnC Checkin M3 (emerging-trojan.rules) 2028602 - ET TROJAN Plead TSCookie CnC Checkin M4 (emerging-trojan.rules) 2028603 - ET EXPLOIT DLink DNS 320 Remote Code Execution (CVE-2019-16057) (emerging-exploit.rules) 2028612 - ET MALWARE Win32/GameHack.DJC CnC Activity (emerging-malware.rules) 2028618 - ET TROJAN Tortoiseshell/HMH CnC Activity (emerging-trojan.rules) 2028620 - ET TROJAN OSX/GMERA.B CnC Checkin (emerging-trojan.rules) 2028622 - ET MOBILE_MALWARE MOONSHINE payload C2 activity (emerging-mobile_malware.rules) 2028623 - ET POLICY Observed Suspicious SSL Cert (Minerpool - CoinMining) (emerging-policy.rules) 2028625 - ET TROJAN DonotGroup CnC Domain Observed in DNS Query (emerging-trojan.rules) 2028626 - ET TROJAN Observed Malicious SSL Cert (DeadlyKiss APT) (emerging-trojan.rules) 2028627 - ET TROJAN Possible DeadlyKiss APT CnC Domain Observed in DNS Query (emerging-trojan.rules) 2028628 - ET TROJAN Possible DeadlyKiss APT CnC Domain Observed in DNS Query (emerging-trojan.rules) 2028630 - ET TROJAN PHPStudy CnC Domain in DNS Lookup (emerging-trojan.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2525000 - ET 3CORESec Poor Reputation IP group 1 (3coresec.rules) 2525001 - ET 3CORESec Poor Reputation IP group 2 (3coresec.rules) 2525002 - ET 3CORESec Poor Reputation IP group 3 (3coresec.rules) 2525003 - ET 3CORESec Poor Reputation IP group 4 (3coresec.rules) 2525004 - ET 3CORESec Poor Reputation IP group 5 (3coresec.rules) 2525005 - ET 3CORESec Poor Reputation IP group 6 (3coresec.rules) 2525006 - ET 3CORESec Poor Reputation IP group 7 (3coresec.rules) 2525007 - ET 3CORESec Poor Reputation IP group 8 (3coresec.rules) 2525008 - ET 3CORESec Poor Reputation IP group 9 (3coresec.rules) 2525009 - ET 3CORESec Poor Reputation IP group 10 (3coresec.rules) 2525010 - ET 3CORESec Poor Reputation IP group 11 (3coresec.rules) 2525011 - ET 3CORESec Poor Reputation IP group 12 (3coresec.rules) 2525012 - ET 3CORESec Poor Reputation IP group 13 (3coresec.rules) 2525013 - ET 3CORESec Poor Reputation IP group 14 (3coresec.rules) 2525014 - ET 3CORESec Poor Reputation IP group 15 (3coresec.rules) 2525015 - ET 3CORESec Poor Reputation IP group 16 (3coresec.rules) 2525016 - ET 3CORESec Poor Reputation IP group 17 (3coresec.rules) [///] Modified inactive rules: [///] 2011513 - ET DELETED Possible Phoenix Exploit Kit - PROPFIND AVI (emerging-deleted.rules) 2011514 - ET DELETED Phoenix Exploit Kit - tmp/flash.swf (emerging-deleted.rules) 2011515 - ET DELETED Phoenix Exploit Kit - collab.pdf (emerging-deleted.rules) 2011814 - ET DELETED SEO Exploit Kit - client exploited by SMB (emerging-deleted.rules) 2011815 - ET DELETED SEO Exploit Kit - client exploited by Acrobat (emerging-deleted.rules) 2011905 - ET DELETED exploit kit x/index.php?s=dexc (emerging-deleted.rules) 2011907 - ET DELETED exploit kit x/l.php?s=dexc (emerging-deleted.rules) [+++] Added non-rule lines: [+++] -> Added to 3coresec.rules (1): # Version 34 -> Added to sid-msg.map (15): 2030822 || ET MOBILE_MALWARE Backdoor.AndroidOS.Ahmyth.f (DNS Lookup) || md5,cf71ba878434605a3506203829c63b9d 2030823 || ET TROJAN Zyklon CnC Activity || md5,3c8afeb46c1e1a217c0f108c3fb5f4f4 || url,twitter.com/500mk500/status/1301173604072202248 2030824 || ET TROJAN Observed IcedID CnC Domain in TLS SNI 2030825 || ET MALWARE Win32/Xetapp Installer Checkin || md5,e9c4c9048651f62d39b12220d19dd936 2030826 || ET TROJAN Lemon_Duck Linux Shell Script CnC Activity || url,github.com/sophoslabs/IoCs/blob/master/Trojan-LDMiner.csv 2030827 || ET TROJAN Lemon_Duck CnC Activity || url,github.com/sophoslabs/IoCs/blob/master/Trojan-LDMiner.csv 2030828 || ET TROJAN Observed MageCart CnC Domain in TLS SNI || url,twitter.com/felixaime/status/1301090258671542272 2030829 || ET TROJAN TURLA APT CnC Activity || url,www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf 2520140 || ET TOR Known Tor Exit Node Traffic group 141 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520141 || ET TOR Known Tor Exit Node Traffic group 142 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520142 || ET TOR Known Tor Exit Node Traffic group 143 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520143 || ET TOR Known Tor Exit Node Traffic group 144 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522829 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 830 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522830 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 831 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522831 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 832 || url,doc.emergingthreats.net/bin/view/Main/TorRules [---] Removed non-rule lines: [---] -> Removed from 3coresec.rules (1): # Version 33