*********************** snort-2.9.0-enhanced etpro ***********************

[***] Results from Oinkmaster started Thu Mar 14 20:15:48 2019 [***]

[+++]          Added rules:          [+++]

 2027083 - ET TROJAN Win32/Termite Agent Implant CnC Checkin (trojan.rules)
 2027084 - ET TROJAN Win32/Termite Agent Implant Keep-Alive (trojan.rules)
 2835331 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wroba.g Reporting Infection via SMTP (mobile_malware.rules)
 2835332 - ETPRO MOBILE_MALWARE Android/Wangniu Checkin (mobile_malware.rules)
 2835333 - ETPRO MOBILE_MALWARE Android/Domob.G Checkin (mobile_malware.rules)
 2835334 - ETPRO MOBILE_MALWARE Android.Monitor.SpyApp.D CnC Beacon (mobile_malware.rules)
 2835335 - ETPRO TROJAN Possible BabyShark HTA Download (trojan.rules)
 2835336 - ETPRO TROJAN Receiving BabyShark HTA (trojan.rules)
 2835337 - ETPRO TROJAN VBS/CageyChameleon Retrieving In-Memory Implant (trojan.rules)
 2835338 - ETPRO TROJAN VBS/CageyChameleon Receiving In-Memory Implant (trojan.rules)
 2835339 - ETPRO TROJAN VBS/CageyChameleon CnC Beacon (trojan.rules)
 2835340 - ETPRO TROJAN VBS/CageyChameleon CnC Beacon (Common Malicious Process List Construct) (trojan.rules)
 2835341 - ETPRO TROJAN VBS/CageyChameleon Receiving Command (trojan.rules)
 2835342 - ETPRO TROJAN VBS/CageyChameleon Retrieving Further Stage Payload (trojan.rules)
 2835343 - ETPRO TROJAN PowerShell/PowerPike CnC Beacon (trojan.rules)
 2835344 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 1) (trojan.rules)
 2835345 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 2) (trojan.rules)
 2835346 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 3) (trojan.rules)
 2835347 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 4) (trojan.rules)
 2835348 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 5) (trojan.rules)
 2835349 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 6) (trojan.rules)
 2835350 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 7) (trojan.rules)
 2835351 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 8) (trojan.rules)
 2835352 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 9) (trojan.rules)
 2835353 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 10) (trojan.rules)
 2835354 - ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv1 (exploit.rules)
 2835355 - ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv1 (exploit.rules)
 2835356 - ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv2 (exploit.rules)
 2835357 - ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv2 (exploit.rules)
 2835358 - ETPRO TROJAN Unit13 Reporting Infection (trojan.rules)
 2835359 - ETPRO TROJAN ELF/Tsunami.NCF IRC Checkin (trojan.rules)
 2835360 - ETPRO CURRENT_EVENTS Observed EXE Request for Ursnif Payload 2018-03-14 (current_events.rules)
 2835361 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
 2835363 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC) (trojan.rules)
 2835364 - ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC 2) (trojan.rules)
 2835365 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-13 (current_events.rules)
 2835366 - ETPRO CURRENT_EVENTS Successful CAF FR Phish 2019-03-14 (current_events.rules)
 2835367 - ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-14 (current_events.rules)
 2835368 - ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-03-14 (current_events.rules)
 2835369 - ETPRO CURRENT_EVENTS Successful Booking.com Phish 2019-03-14 (current_events.rules)
 2835370 - ETPRO CURRENT_EVENTS Successful Smartsheet Phish 2019-03-14 (current_events.rules)
 2835371 - ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-14 (current_events.rules)
 2835372 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-14 (current_events.rules)
 2835373 - ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information Phish 2019-03-14 (current_events.rules)
 2835374 - ETPRO CURRENT_EVENTS Successful Vodafone Credit Card Information Phish 2019-03-14 (current_events.rules)
 2835375 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-14 (current_events.rules)
 2835376 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-03-14 (current_events.rules)
 2835377 - ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-03-14 (current_events.rules)
 2835378 - ETPRO CURRENT_EVENTS Successful Citrix Sharefile Phish 2019-03-14 (current_events.rules)
 2835379 - ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-03-14 (current_events.rules)
 2835380 - ETPRO CURRENT_EVENTS Successful Luno Phish 2019-03-14 (current_events.rules)
 2835381 - ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2019-03-14 (current_events.rules)
 2835382 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-03-14 (current_events.rules)
 2835383 - ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-03-14 (current_events.rules)
 2835384 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-14 (current_events.rules)
 2835385 - ETPRO CURRENT_EVENTS Successful RedButton Phish 2019-03-14 (current_events.rules)


[///]     Modified active rules:     [///]

 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules)
 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules)
 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (ciarmy.rules)
 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (ciarmy.rules)
 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (ciarmy.rules)
 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (ciarmy.rules)
 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (ciarmy.rules)
 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (ciarmy.rules)
 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (ciarmy.rules)
 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (ciarmy.rules)
 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (ciarmy.rules)
 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (ciarmy.rules)
 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (ciarmy.rules)
 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (ciarmy.rules)
 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (ciarmy.rules)
 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (ciarmy.rules)
 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (ciarmy.rules)
 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (ciarmy.rules)
 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (ciarmy.rules)
 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (ciarmy.rules)
 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (ciarmy.rules)
 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (ciarmy.rules)
 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (ciarmy.rules)
 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (ciarmy.rules)
 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (ciarmy.rules)
 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (ciarmy.rules)
 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (ciarmy.rules)
 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (ciarmy.rules)
 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (ciarmy.rules)
 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (ciarmy.rules)
 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (ciarmy.rules)
 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (ciarmy.rules)
 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (ciarmy.rules)
 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (ciarmy.rules)
 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (ciarmy.rules)
 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (ciarmy.rules)
 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (ciarmy.rules)
 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (ciarmy.rules)
 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (ciarmy.rules)
 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (ciarmy.rules)
 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (ciarmy.rules)
 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (ciarmy.rules)
 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (ciarmy.rules)
 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (ciarmy.rules)
 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (ciarmy.rules)
 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (ciarmy.rules)
 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (ciarmy.rules)
 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (ciarmy.rules)
 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (ciarmy.rules)
 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (ciarmy.rules)
 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (ciarmy.rules)
 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (ciarmy.rules)
 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (ciarmy.rules)
 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (ciarmy.rules)
 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (ciarmy.rules)
 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (ciarmy.rules)
 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (ciarmy.rules)
 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (ciarmy.rules)
 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (ciarmy.rules)
 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (ciarmy.rules)
 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (ciarmy.rules)
 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (ciarmy.rules)
 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (ciarmy.rules)
 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (ciarmy.rules)
 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (ciarmy.rules)
 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (ciarmy.rules)
 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (ciarmy.rules)
 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (ciarmy.rules)
 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (ciarmy.rules)
 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (ciarmy.rules)
 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (ciarmy.rules)
 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (ciarmy.rules)
 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (ciarmy.rules)
 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (ciarmy.rules)
 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (ciarmy.rules)
 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (ciarmy.rules)
 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (ciarmy.rules)
 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (ciarmy.rules)
 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (ciarmy.rules)
 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (ciarmy.rules)
 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (ciarmy.rules)
 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (ciarmy.rules)
 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (ciarmy.rules)
 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (ciarmy.rules)
 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (ciarmy.rules)
 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (ciarmy.rules)
 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (ciarmy.rules)
 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (ciarmy.rules)
 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (ciarmy.rules)
 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (ciarmy.rules)
 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (ciarmy.rules)
 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (ciarmy.rules)
 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (ciarmy.rules)
 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (ciarmy.rules)
 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (ciarmy.rules)
 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (ciarmy.rules)
 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (ciarmy.rules)
 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (ciarmy.rules)
 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (ciarmy.rules)
 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (ciarmy.rules)
 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (ciarmy.rules)
 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (ciarmy.rules)
 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (ciarmy.rules)
 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (ciarmy.rules)
 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (ciarmy.rules)
 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (ciarmy.rules)
 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (ciarmy.rules)
 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (ciarmy.rules)
 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (ciarmy.rules)
 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (ciarmy.rules)
 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (ciarmy.rules)
 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (ciarmy.rules)
 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (ciarmy.rules)
 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (ciarmy.rules)
 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (ciarmy.rules)
 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (ciarmy.rules)
 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (ciarmy.rules)
 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (ciarmy.rules)
 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (ciarmy.rules)
 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (ciarmy.rules)
 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (ciarmy.rules)
 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (ciarmy.rules)
 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (ciarmy.rules)
 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (ciarmy.rules)
 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (ciarmy.rules)
 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (ciarmy.rules)
 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (ciarmy.rules)
 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (ciarmy.rules)
 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (ciarmy.rules)
 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (ciarmy.rules)
 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (ciarmy.rules)
 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (ciarmy.rules)
 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (ciarmy.rules)
 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (ciarmy.rules)
 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (ciarmy.rules)
 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (ciarmy.rules)
 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (ciarmy.rules)
 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (ciarmy.rules)
 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (ciarmy.rules)
 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (ciarmy.rules)
 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (ciarmy.rules)
 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (ciarmy.rules)
 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (ciarmy.rules)
 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (ciarmy.rules)
 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (ciarmy.rules)
 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (ciarmy.rules)
 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (ciarmy.rules)
 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (ciarmy.rules)
 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (ciarmy.rules)
 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (ciarmy.rules)
 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (ciarmy.rules)
 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (ciarmy.rules)
 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (ciarmy.rules)
 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (ciarmy.rules)
 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (ciarmy.rules)
 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (ciarmy.rules)
 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (ciarmy.rules)
 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (ciarmy.rules)
 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (ciarmy.rules)
 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (ciarmy.rules)
 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (ciarmy.rules)
 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (ciarmy.rules)
 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (ciarmy.rules)
 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (ciarmy.rules)
 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (ciarmy.rules)
 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (ciarmy.rules)
 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (ciarmy.rules)
 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (ciarmy.rules)
 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (ciarmy.rules)
 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (ciarmy.rules)
 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (ciarmy.rules)
 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (ciarmy.rules)
 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (ciarmy.rules)
 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (ciarmy.rules)
 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (ciarmy.rules)
 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (ciarmy.rules)
 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (ciarmy.rules)
 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (ciarmy.rules)
 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (ciarmy.rules)
 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (ciarmy.rules)
 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (ciarmy.rules)
 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (ciarmy.rules)
 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (ciarmy.rules)
 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (ciarmy.rules)
 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (ciarmy.rules)
 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (ciarmy.rules)
 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (ciarmy.rules)
 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (ciarmy.rules)
 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (ciarmy.rules)
 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (ciarmy.rules)
 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (ciarmy.rules)
 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (ciarmy.rules)
 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (ciarmy.rules)
 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (ciarmy.rules)
 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (ciarmy.rules)
 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (ciarmy.rules)
 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (ciarmy.rules)
 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (ciarmy.rules)
 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (ciarmy.rules)
 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (ciarmy.rules)
 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (ciarmy.rules)
 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (ciarmy.rules)
 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules)
 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules)
 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules)
 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules)
 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules)
 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules)
 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules)
 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules)
 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules)
 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules)
 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules)
 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules)
 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules)
 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules)
 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules)
 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules)
 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules)
 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules)
 2831259 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.bo CnC Beacon (mobile_malware.rules)
 2832759 - ETPRO CURRENT_EVENTS MalDoc Requesting Ursnif Payload 2018-09-24 (current_events.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to ciarmy.rules (1):
        # Version 47371

     -> Added to sid-msg.map (58):
        2027083 || ET TROJAN Win32/Termite Agent Implant CnC Checkin || md5,2820653437d5935d94fcb0c997d6f13c
        2027084 || ET TROJAN Win32/Termite Agent Implant Keep-Alive || md5,2820653437d5935d94fcb0c997d6f13c
        2520162 || ET TOR Known Tor Exit Node TCP Traffic group 82 || url,doc.emergingthreats.net/bin/view/Main/TorRules
        2520164 || ET TOR Known Tor Exit Node TCP Traffic group 83 || url,doc.emergingthreats.net/bin/view/Main/TorRules
        2835331 || ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Wroba.g Reporting Infection via SMTP || md5,0a4e8d3fe5ee383ba3a22d0f00670ce3
        2835332 || ETPRO MOBILE_MALWARE Android/Wangniu Checkin || md5,bb28527a17e8f291e2e7db1bb58204cd
        2835333 || ETPRO MOBILE_MALWARE Android/Domob.G Checkin || md5,75bd13b0f6fb6418622990f9b9452e9a
        2835334 || ETPRO MOBILE_MALWARE Android.Monitor.SpyApp.D CnC Beacon || md5,affafba28ef5beaaf580922c5244e366
        2835335 || ETPRO TROJAN Possible BabyShark HTA Download || md5,cf264f9bca2f2fbcc2c1e7a4a491afec || url,unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/
        2835336 || ETPRO TROJAN Receiving BabyShark HTA || url,unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/
        2835337 || ETPRO TROJAN VBS/CageyChameleon Retrieving In-Memory Implant || url,otx.alienvault.com/pulse/5c011fb979bebc3506f08907/related
        2835338 || ETPRO TROJAN VBS/CageyChameleon Receiving In-Memory Implant || url,otx.alienvault.com/pulse/5c011fb979bebc3506f08907/related
        2835339 || ETPRO TROJAN VBS/CageyChameleon CnC Beacon || url,otx.alienvault.com/pulse/5c011fb979bebc3506f08907/related
        2835340 || ETPRO TROJAN VBS/CageyChameleon CnC Beacon (Common Malicious Process List Construct) || url,otx.alienvault.com/pulse/5c011fb979bebc3506f08907/related
        2835341 || ETPRO TROJAN VBS/CageyChameleon Receiving Command || url,otx.alienvault.com/pulse/5c011fb979bebc3506f08907/related
        2835342 || ETPRO TROJAN VBS/CageyChameleon Retrieving Further Stage Payload || url,otx.alienvault.com/pulse/5c011fb979bebc3506f08907/related
        2835343 || ETPRO TROJAN PowerShell/PowerPike CnC Beacon || url,otx.alienvault.com/pulse/5c011fb979bebc3506f08907/related
        2835344 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 1) || md5,c76bf96ebdc5f4f7b1f2d5a9189df90a || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835345 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 2) || md5,1210536bd7efdfab56dc53ed3c5bd5e7 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835346 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 3) || md5,5f35942b71e84e2a5ca61938bd923aa4 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835347 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 4) || md5,c959a561f94917c6c67681dddeff01f8 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835348 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 5) || md5,e80466b7b99a202529bacfa44c45a5ee || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835349 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 6) || md5,a2df6120839e0aef6cda47d465a73301 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835350 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 7) || md5,1b8c280fe63f9afcd97002fe30c02993 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835351 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 8) || md5,b2eadf24c31603dd1b376630b697f30f || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835352 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 9) || md5,1bdd979cf8c7ec3b40eec82d1bd6a7cc || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835353 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-03-14 10) || md5,769131f5e663ddd4e8b82b3361b59940 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html
        2835354 || ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv1
        2835355 || ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv1 || cve,2019-0703
        2835356 || ETPRO EXPLOIT Possible CVE-2019-0703 Request SMBv2 || cve,2019-0703
        2835357 || ETPRO EXPLOIT Possible CVE-2019-0703 Response SMBv2 || cve,2019-0703
        2835358 || ETPRO TROJAN Unit13 Reporting Infection || md5,6bceb3a63f66df38c840aff6f0e68e35
        2835359 || ETPRO TROJAN ELF/Tsunami.NCF IRC Checkin || md5,3009d83e593c782c738ed47f71fd7f69
        2835360 || ETPRO CURRENT_EVENTS Observed EXE Request for Ursnif Payload 2018-03-14 || md5,8a1c86da681c4cba8d6b3aaf625dc9d5
        2835361 || ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC)
        2835363 || ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC) || md5,a25002b7ff7ec2b8107d0379830bf92a
        2835364 || ETPRO TROJAN Observed Malicious SSL Cert (VBS Downloader/CnC 2) || md5,a25002b7ff7ec2b8107d0379830bf92a
        2835365 || ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-13
        2835366 || ETPRO CURRENT_EVENTS Successful CAF FR Phish 2019-03-14
        2835367 || ETPRO CURRENT_EVENTS Successful Apple Phish 2019-03-14
        2835368 || ETPRO CURRENT_EVENTS Successful BBVA Phish 2019-03-14
        2835369 || ETPRO CURRENT_EVENTS Successful Booking.com Phish 2019-03-14
        2835370 || ETPRO CURRENT_EVENTS Successful Smartsheet Phish 2019-03-14
        2835371 || ETPRO CURRENT_EVENTS Successful WeTransfer Phish 2019-03-14
        2835372 || ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-14
        2835373 || ETPRO CURRENT_EVENTS Successful Paypal Credit Card Information Phish 2019-03-14
        2835374 || ETPRO CURRENT_EVENTS Successful Vodafone Credit Card Information Phish 2019-03-14
        2835375 || ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-03-14
        2835376 || ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-03-14
        2835377 || ETPRO CURRENT_EVENTS Successful Outlook Phish 2019-03-14
        2835378 || ETPRO CURRENT_EVENTS Successful Citrix Sharefile Phish 2019-03-14
        2835379 || ETPRO CURRENT_EVENTS Successful Dropbox Phish 2019-03-14
        2835380 || ETPRO CURRENT_EVENTS Successful Luno Phish 2019-03-14
        2835381 || ETPRO CURRENT_EVENTS Successful Deutsche Bank Phish 2019-03-14
        2835382 || ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-03-14
        2835383 || ETPRO CURRENT_EVENTS Successful Paxful Phish 2019-03-14
        2835384 || ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-03-14
        2835385 || ETPRO CURRENT_EVENTS Successful RedButton Phish 2019-03-14

[---]     Removed non-rule lines:    [---]

     -> Removed from ciarmy.rules (1):
        # Version 47347