*********************** snort-2.9.0-enhanced etpro *********************** [***] Results from Oinkmaster started Mon Jul 24 16:30:43 2017 [***] [+++] Added rules: [+++] 2827268 - ETPRO TROJAN Donoff .onion Proxy Domain (trojan.rules) 2827269 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 185 (mobile_malware.rules) 2827270 - ETPRO TROJAN Genome K2T IP Check (trojan.rules) 2827271 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 186 (mobile_malware.rules) 2827272 - ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 32-bit (current_events.rules) 2827273 - ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 64-bit (current_events.rules) 2827274 - ETPRO TROJAN DNS Query to Cerber Domain (1n5mod . top) (trojan.rules) 2827275 - ETPRO TROJAN DNS Query to Cerber Domain (1mpsnr . top) (trojan.rules) 2827276 - ETPRO TROJAN DNS Query to Cerber Domain (1eiuce . top) (trojan.rules) 2827277 - ETPRO TROJAN DNS Query to Cerber Domain (1j9jad . top) (trojan.rules) 2827278 - ETPRO TROJAN Imminent Monitor MainInformation Command (trojan.rules) 2827279 - ETPRO TROJAN W32/Emotet.v4 Checkin (trojan.rules) [///] Modified active rules: [///] 2024470 - ET INFO HTTP POST to Free Webhost - Possible Successful Phish (site40 . net) Jul 18 2017 (info.rules) 2024486 - ET TROJAN Shifr Ransomware Malicious Domain in SNI Observed (trojan.rules) 2814281 - ETPRO CURRENT_EVENTS Successful Amex Account Phish Oct 8 2015 (current_events.rules) 2815172 - ETPRO CURRENT_EVENTS Successful Apple Phish M1 Dec 2 2015 (current_events.rules) 2815173 - ETPRO CURRENT_EVENTS Successful Apple Phish M2 Dec 2 2015 (current_events.rules) 2815245 - ETPRO CURRENT_EVENTS Successful Paypal Phish M1 Dec 8 2015 (current_events.rules) 2815497 - ETPRO CURRENT_EVENTS Successful Anonisma Paypal Phish Dec 28 2015 (current_events.rules) 2816612 - ETPRO CURRENT_EVENTS Successful American Express Phish Mar 10 2016 (current_events.rules) 2821138 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016 (current_events.rules) 2821139 - ETPRO CURRENT_EVENTS Successful AOL Phish M1 Jul 14 2016 (current_events.rules) 2821140 - ETPRO CURRENT_EVENTS Successful AOL Phish M3 Jul 14 20116 (current_events.rules) 2824193 - ETPRO TROJAN Donoff .onion Proxy Domain (trojan.rules) 2827261 - ETPRO TROJAN PoshC2 SSL Cert Observed (trojan.rules) 2827265 - ETPRO TROJAN MSIL/Unk.Stealer Exfil via FTP (trojan.rules) [+++] Added non-rule lines: [+++] -> Added to sid-msg.map (13): 2824193 || ETPRO TROJAN Donoff .onion Proxy Domain || url,blog.threattrack.com/donoff-malicious-macro-zepto/ || md5,e9fb46451c814d240dae038f8c055cee 2827268 || ETPRO TROJAN Donoff .onion Proxy Domain || url,blog.threattrack.com/donoff-malicious-macro-zepto/ || md5,2af42543ef5bbca28333456215f0a808 2827269 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 185 || md5,3d6aae4e88102ee41b22a90572d0f542 2827270 || ETPRO TROJAN Genome K2T IP Check || md5,e8c0a93a233f300cf5a1dfa8af5e823d 2827271 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 186 || md5,a6369e3ad469348e72c24fa61d6beb2b 2827272 || ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 32-bit 2827273 || ETPRO CURRENT_EVENTS Possible Ursniff TOR Module DL 64-bit 2827274 || ETPRO TROJAN DNS Query to Cerber Domain (1n5mod . top) 2827275 || ETPRO TROJAN DNS Query to Cerber Domain (1mpsnr . top) 2827276 || ETPRO TROJAN DNS Query to Cerber Domain (1eiuce . top) 2827277 || ETPRO TROJAN DNS Query to Cerber Domain (1j9jad . top) 2827278 || ETPRO TROJAN Imminent Monitor MainInformation Command || md5,c57cd560a011de80ea7670f13c5eec6b 2827279 || ETPRO TROJAN W32/Emotet.v4 Checkin [---] Removed non-rule lines: [---] -> Removed from sid-msg.map (1): 2824193 || ETPRO TROJAN Donoff .onion Proxy Domain || md5,e9fb46451c814d240dae038f8c055cee