*********************** suricata-4.0-enhanced etpro *********************** [***] Results from Oinkmaster started Wed Dec 19 19:07:24 2018 [***] [+++] Added rules: [+++] 2026738 - ET TROJAN [PTsecurity] Trickbot Data Exfiltration (trojan.rules) 2026739 - ET WEB_SPECIFIC_APPS Jenkins Attempted LFI Exploitation (CVE-2018-17246) (web_specific_apps.rules) 2833986 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 457 (mobile_malware.rules) 2833987 - ETPRO TROJAN Rogue ProxyAutoConfig Domain in DNS Lookup (trojan.rules) 2833988 - ETPRO MALWARE PUP.PCmedic Module DL (malware.rules) 2833989 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 1) (trojan.rules) 2833990 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 2) (trojan.rules) 2833991 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 3) (trojan.rules) 2833992 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 4) (trojan.rules) 2833993 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 5) (trojan.rules) 2833994 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 6) (trojan.rules) 2833995 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 7) (trojan.rules) 2833996 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 8) (trojan.rules) 2833997 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 9) (trojan.rules) 2833998 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-12-19 (current_events.rules) 2833999 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-12-19 (current_events.rules) 2834000 - ETPRO CURRENT_EVENTS Successful Bittrex Phish 2018-12-19 (current_events.rules) 2834001 - ETPRO CURRENT_EVENTS Successful Fibank Phish 2018-12-19 (current_events.rules) 2834002 - ETPRO CURRENT_EVENTS Successful Fibank Phish 2018-12-19 (current_events.rules) 2834003 - ETPRO CURRENT_EVENTS Successful US Bank Phish 2018-12-19 (current_events.rules) 2834004 - ETPRO CURRENT_EVENTS Successful Bell Phish 2018-12-19 (current_events.rules) 2834005 - ETPRO CURRENT_EVENTS Successful DHL Phish 2018-12-19 (current_events.rules) 2834006 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2018-12-19 (current_events.rules) 2834007 - ETPRO CURRENT_EVENTS Successful Simplii Phish 2018-12-19 (current_events.rules) 2834008 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-12-19 (current_events.rules) 2834009 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-12-19 (current_events.rules) 2834010 - ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-12-19 (current_events.rules) 2834011 - ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish 2018-12-19 (current_events.rules) 2834012 - ETPRO CURRENT_EVENTS Successful NAB Phish 2018-12-19 (current_events.rules) 2834013 - ETPRO CURRENT_EVENTS Successful Facebook DMCA Phish 2018-12-19 (current_events.rules) 2834014 - ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) (trojan.rules) 2834015 - ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) (trojan.rules) 2834016 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 CnC) (trojan.rules) [///] Modified active rules: [///] 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [---] Removed rules: [---] 2405018 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Added non-rule lines: [+++] -> Added to sid-msg.map (43): 2026738 || ET TROJAN [PTsecurity] Trickbot Data Exfiltration 2026739 || ET WEB_SPECIFIC_APPS Jenkins Attempted LFI Exploitation (CVE-2018-17246) || url,www.bleepingcomputer.com/news/security/file-inclusion-bug-in-kibana-console-for-elasticsearch-gets-exploit-code/ 2404027 || ET CNC Shadowserver Reported CnC Server group 28 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2500084 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 43 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500086 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 44 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500088 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 45 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500090 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 46 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500092 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 47 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2520158 || ET TOR Known Tor Exit Node Traffic group 80 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520160 || ET TOR Known Tor Exit Node Traffic group 81 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523410 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 706 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2833986 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 457 || md5,9782dc09d5cae27b87c60ef6c36ebc2b 2833987 || ETPRO TROJAN Rogue ProxyAutoConfig Domain in DNS Lookup 2833988 || ETPRO MALWARE PUP.PCmedic Module DL || md5,e920fe751d6ba178474873090bb246cf 2833989 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 1) || md5,fbe6a244c3de3c0a5a9f31e16dcd5485 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833990 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 2) || md5,bdf35203cfa8a969feade9bb07c9c552 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833991 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 3) || md5,9741897e65cbfec18152d7693a86152f || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833992 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 4) || md5,756e7a510ceed538697a653577649693 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833993 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 5) || md5,35db549d42535cf32964d7482bac3dd4 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833994 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 6) || md5,2af90f696e4a4a4be697520a9b8cc709 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833995 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 7) || md5,572968a360db3bd2fbef2f79e91a987d || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833996 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 8) || md5,0c7ebe1723029e7bf5a23ce025871594 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833997 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2018-12-19 9) || md5,a604b999eb9526f93632d3e0412cd283 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2833998 || ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-12-19 2833999 || ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2018-12-19 2834000 || ETPRO CURRENT_EVENTS Successful Bittrex Phish 2018-12-19 2834001 || ETPRO CURRENT_EVENTS Successful Fibank Phish 2018-12-19 2834002 || ETPRO CURRENT_EVENTS Successful Fibank Phish 2018-12-19 2834003 || ETPRO CURRENT_EVENTS Successful US Bank Phish 2018-12-19 2834004 || ETPRO CURRENT_EVENTS Successful Bell Phish 2018-12-19 2834005 || ETPRO CURRENT_EVENTS Successful DHL Phish 2018-12-19 2834006 || ETPRO CURRENT_EVENTS Successful Microsoft Phish 2018-12-19 2834007 || ETPRO CURRENT_EVENTS Successful Simplii Phish 2018-12-19 2834008 || ETPRO CURRENT_EVENTS Successful Paypal Phish 2018-12-19 2834009 || ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-12-19 2834010 || ETPRO CURRENT_EVENTS Successful Credit Card Information Phish 2018-12-19 2834011 || ETPRO CURRENT_EVENTS Successful Microsoft Outlook Phish 2018-12-19 2834012 || ETPRO CURRENT_EVENTS Successful NAB Phish 2018-12-19 2834013 || ETPRO CURRENT_EVENTS Successful Facebook DMCA Phish 2018-12-19 2834014 || ETPRO TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) 2834015 || ETPRO TROJAN Observed Malicious SSL Cert (PowerEnum CnC) 2834016 || ETPRO TROJAN Observed Malicious SSL Cert (FIN7 CnC) [---] Removed non-rule lines: [---] -> Removed from sid-msg.map (3): 2404027 || ET CNC Shadowserver Reported CnC Server IP group 28 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 20108 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC