*********************** snort-2.9.0-enhanced etpro *********************** [***] Results from Oinkmaster started Wed Aug 16 15:59:57 2017 [***] [+++] Added rules: [+++] 2024554 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules) 2024555 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules) 2024556 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules) 2024557 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 (current_events.rules) 2024558 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 13 (current_events.rules) 2024559 - ET CURRENT_EVENTS Successful Adobe Online Phish Aug 16 2016 (current_events.rules) 2024560 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 (current_events.rules) 2024561 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Sept 2 (current_events.rules) 2024562 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 13 (current_events.rules) 2024563 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 (current_events.rules) 2024564 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 (current_events.rules) 2024565 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 (current_events.rules) 2024566 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 (current_events.rules) 2024567 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 (current_events.rules) 2024568 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 (current_events.rules) 2024569 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 (current_events.rules) 2024570 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 (current_events.rules) 2024571 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 (current_events.rules) 2024572 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 03 2017 (current_events.rules) 2024573 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 (current_events.rules) 2024574 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules) 2024575 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules) 2024576 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 24 2017 (current_events.rules) 2024577 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 25 2017 (current_events.rules) 2024578 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 31 2017 (current_events.rules) 2024579 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 08 2017 (current_events.rules) 2024580 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 06 2017 (current_events.rules) 2024581 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 10 2017 (current_events.rules) 2024582 - ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 11 2017 (current_events.rules) 2024583 - ET CURRENT_EVENTS Possible YapiKredi Bank (TR) Phish - Landing Page - Title over non SSL (current_events.rules) 2024584 - ET DOS CLDAP Amplification Reflection (PoC based) (dos.rules) 2024585 - ET DOS Potential CLDAP Amplification Reflection (dos.rules) 2827550 - ETPRO WEB_CLIENT MSIE/Edge Browser Type Confusion Vuln (CVE-2017-0037) (web_client.rules) 2827551 - ETPRO CURRENT_EVENTS Disdain EK Landing 2017-08-15 (current_events.rules) 2827552 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 11 (mobile_malware.rules) 2827553 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 12 (mobile_malware.rules) 2827554 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu SMS/Contact Exfil via SMTP (mobile_malware.rules) 2827555 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu SMS/Contact Exfil via SMTP 2 (mobile_malware.rules) 2827556 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu Reporting Infection via SMTP (mobile_malware.rules) 2827557 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 3 (mobile_malware.rules) 2827558 - ETPRO CURRENT_EVENTS Successful Chase Phish M1 Aug 16 2017 (current_events.rules) 2827559 - ETPRO CURRENT_EVENTS Successful Chase Phish M2 Aug 16 2017 (current_events.rules) 2827560 - ETPRO TROJAN Cobalt Strike Malleable C2 Custom Profile (trojan.rules) 2827561 - ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 4 (mobile_malware.rules) 2827562 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP (mobile_malware.rules) 2827563 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 2 (mobile_malware.rules) [///] Modified active rules: [///] 2022925 - ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Jun 29 2016 (current_events.rules) 2024547 - ET CURRENT_EVENTS Successful Square Phish Nov 16 2015 (current_events.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 1 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 2 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 2 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 3 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 3 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 4 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 4 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 5 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 5 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 6 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 6 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 7 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 7 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 8 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 8 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 9 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 9 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 10 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 10 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 11 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 11 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 12 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 12 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 13 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 13 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 14 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 14 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 15 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 15 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 16 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 16 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 17 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 17 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 18 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 18 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 19 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 19 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 20 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 20 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 21 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 22 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 22 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 23 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 23 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 24 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 24 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 25 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 26 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 26 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 27 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 27 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 28 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 28 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 29 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 29 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 30 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 30 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 31 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 31 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 32 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 32 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 33 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 33 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 34 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 34 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 35 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 36 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 37 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 38 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 39 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 39 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 40 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 40 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 41 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 41 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 42 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 42 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 43 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 43 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 44 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 44 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 45 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 45 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 46 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 46 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 47 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 47 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 48 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 48 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 49 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 49 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 (ciarmy.rules) 2403400 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 51 (ciarmy.rules) 2403401 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 (ciarmy.rules) 2403402 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 52 (ciarmy.rules) 2403403 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 52 (ciarmy.rules) 2403404 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 (ciarmy.rules) 2403405 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 (ciarmy.rules) 2403406 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 54 (ciarmy.rules) 2403407 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 54 (ciarmy.rules) 2403408 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 55 (ciarmy.rules) 2403409 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 55 (ciarmy.rules) 2403410 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 56 (ciarmy.rules) 2403411 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 (ciarmy.rules) 2403412 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 57 (ciarmy.rules) 2403413 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 57 (ciarmy.rules) 2403414 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 58 (ciarmy.rules) 2403415 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 (ciarmy.rules) 2403416 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 (ciarmy.rules) 2403417 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 (ciarmy.rules) 2403418 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 60 (ciarmy.rules) 2403419 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 60 (ciarmy.rules) 2403420 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 61 (ciarmy.rules) 2403421 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 61 (ciarmy.rules) 2403422 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 62 (ciarmy.rules) 2403423 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 62 (ciarmy.rules) 2403424 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 63 (ciarmy.rules) 2403425 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 63 (ciarmy.rules) 2403426 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 64 (ciarmy.rules) 2403427 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 64 (ciarmy.rules) 2403428 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 65 (ciarmy.rules) 2403429 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 65 (ciarmy.rules) 2403430 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 66 (ciarmy.rules) 2403431 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 66 (ciarmy.rules) 2403432 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 67 (ciarmy.rules) 2403433 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 67 (ciarmy.rules) 2403434 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 68 (ciarmy.rules) 2403435 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 68 (ciarmy.rules) 2403436 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 69 (ciarmy.rules) 2403437 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 69 (ciarmy.rules) 2403438 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 70 (ciarmy.rules) 2403439 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 70 (ciarmy.rules) 2403440 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 71 (ciarmy.rules) 2403441 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 71 (ciarmy.rules) 2403442 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 72 (ciarmy.rules) 2403443 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 72 (ciarmy.rules) 2403444 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 73 (ciarmy.rules) 2403445 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 73 (ciarmy.rules) 2403446 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 74 (ciarmy.rules) 2403447 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 74 (ciarmy.rules) 2403448 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 75 (ciarmy.rules) 2403449 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 75 (ciarmy.rules) 2403450 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 76 (ciarmy.rules) 2403451 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 76 (ciarmy.rules) 2403452 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 77 (ciarmy.rules) 2403453 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 77 (ciarmy.rules) 2403454 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 78 (ciarmy.rules) 2403455 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 78 (ciarmy.rules) 2403456 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 79 (ciarmy.rules) 2403457 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 79 (ciarmy.rules) 2403458 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 80 (ciarmy.rules) 2403459 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 80 (ciarmy.rules) 2403460 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 81 (ciarmy.rules) 2403461 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 81 (ciarmy.rules) 2403462 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 82 (ciarmy.rules) 2403463 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 82 (ciarmy.rules) 2403464 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 83 (ciarmy.rules) 2403465 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 83 (ciarmy.rules) 2403466 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 84 (ciarmy.rules) 2403467 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 84 (ciarmy.rules) 2403468 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 85 (ciarmy.rules) 2403469 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 85 (ciarmy.rules) 2403470 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 86 (ciarmy.rules) 2403471 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 86 (ciarmy.rules) 2403472 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 87 (ciarmy.rules) 2403473 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 87 (ciarmy.rules) 2403474 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 88 (ciarmy.rules) 2403475 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 88 (ciarmy.rules) 2403476 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 89 (ciarmy.rules) 2403477 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 89 (ciarmy.rules) 2403478 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 90 (ciarmy.rules) 2403479 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 90 (ciarmy.rules) 2403480 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 91 (ciarmy.rules) 2403481 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 91 (ciarmy.rules) 2403482 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 92 (ciarmy.rules) 2403483 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 92 (ciarmy.rules) 2403484 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 93 (ciarmy.rules) 2403485 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 93 (ciarmy.rules) 2403486 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 94 (ciarmy.rules) 2403487 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 94 (ciarmy.rules) 2403488 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 95 (ciarmy.rules) 2403489 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 95 (ciarmy.rules) 2403490 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 96 (ciarmy.rules) 2403491 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 96 (ciarmy.rules) 2403492 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 97 (ciarmy.rules) 2403493 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 97 (ciarmy.rules) 2403494 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 98 (ciarmy.rules) 2403495 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 98 (ciarmy.rules) 2403496 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 99 (ciarmy.rules) 2403497 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 99 (ciarmy.rules) 2403498 - ET CINS Active Threat Intelligence Poor Reputation IP TCP group 100 (ciarmy.rules) 2403499 - ET CINS Active Threat Intelligence Poor Reputation IP UDP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 110 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 1080 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 1090 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 1863 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 1875 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 2009 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 2828 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405018 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405019 - ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 (botcc.portgrouped.rules) 2405020 - ET CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405021 - ET CNC Shadowserver Reported CnC Server Port 4646 Group 1 (botcc.portgrouped.rules) 2405022 - ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 (botcc.portgrouped.rules) 2405023 - ET CNC Shadowserver Reported CnC Server Port 4723 Group 1 (botcc.portgrouped.rules) 2405024 - ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 (botcc.portgrouped.rules) 2405025 - ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405026 - ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 (botcc.portgrouped.rules) 2405027 - ET CNC Shadowserver Reported CnC Server Port 6532 Group 1 (botcc.portgrouped.rules) 2405028 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405029 - ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 (botcc.portgrouped.rules) 2405030 - ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405031 - ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405032 - ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405033 - ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405034 - ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405035 - ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405036 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405037 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405038 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405039 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405040 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405041 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405042 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405043 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405044 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405045 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405046 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405047 - ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405048 - ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 (botcc.portgrouped.rules) 2405049 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405050 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405051 - ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405052 - ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405053 - ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405054 - ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405055 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405056 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405057 - ET CNC Shadowserver Reported CnC Server Port 9872 Group 1 (botcc.portgrouped.rules) 2405058 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405059 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405060 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405061 - ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 (botcc.portgrouped.rules) 2405062 - ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405063 - ET CNC Shadowserver Reported CnC Server Port 21333 Group 1 (botcc.portgrouped.rules) 2405064 - ET CNC Shadowserver Reported CnC Server Port 26745 Group 1 (botcc.portgrouped.rules) 2405065 - ET CNC Shadowserver Reported CnC Server Port 32768 Group 1 (botcc.portgrouped.rules) 2405066 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2405067 - ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 (botcc.portgrouped.rules) 2816347 - ETPRO CURRENT_EVENTS Successful Apple Phish Feb 22 M1 2016 (current_events.rules) 2820684 - ETPRO CURRENT_EVENTS Successful Apple Phish Jun 15 2016 (current_events.rules) 2821938 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 31 2016 (current_events.rules) 2822710 - ETPRO CURRENT_EVENTS Successful BancoPosta Click Phish Oct 18 2016 (current_events.rules) 2822945 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 26 2016 (current_events.rules) 2823438 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Nov 22 2016 (current_events.rules) 2823641 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Dec 05 2016 (current_events.rules) 2823692 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish M2 Dec 08 2016 (current_events.rules) 2824235 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Jan 05 2017 (current_events.rules) 2824404 - ETPRO CURRENT_EVENTS Successful Bank of America Phish Jan 12 2017 (current_events.rules) 2824468 - ETPRO CURRENT_EVENTS Successful Lloyds Bank Phish Jan 17 2017 (current_events.rules) 2825132 - ETPRO TROJAN Win32/TinyNuke CnC Checkin (trojan.rules) 2827010 - ETPRO TROJAN Win32/Vortex Ransomware Domain in SNI (trojan.rules) 2827442 - ETPRO EXPLOIT Microsoft JET Database Engine RCE Inbound (CVE-2017-0250) (exploit.rules) 2827511 - ETPRO TROJAN MSIL/XnxxAgent Spam Bot Version Check (trojan.rules) 2827519 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 1) (trojan.rules) 2827520 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 2) (trojan.rules) 2827521 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2017-08-15 3) (trojan.rules) 2827545 - ETPRO TROJAN W32.Defray Ransomware Checkin (trojan.rules) [---] Disabled and modified rules: [---] 2821917 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Aug 30 2016 (current_events.rules) 2821918 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M2 Aug 30 2016 (current_events.rules) 2822807 - ETPRO CURRENT_EVENTS Successful Bank of America Phish M1 Oct 21 2016 (current_events.rules) 2822939 - ETPRO CURRENT_EVENTS Successful Banco Itau (BR) Phish Oct 27 2016 (current_events.rules) 2824793 - ETPRO CURRENT_EVENTS Successful Banco Itau Phish Feb 06 2017 (current_events.rules) [---] Removed rules: [---] 2815778 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules) 2815780 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules) 2816419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 (current_events.rules) 2820535 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 (current_events.rules) 2821142 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 13 (current_events.rules) 2821704 - ETPRO CURRENT_EVENTS Successful Adobe Online Phish Aug 16 2016 (current_events.rules) 2821765 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 (current_events.rules) 2821985 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Sept 2 (current_events.rules) 2822659 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 13 (current_events.rules) 2822908 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 (current_events.rules) 2822915 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 (current_events.rules) 2823263 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 (current_events.rules) 2823300 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 (current_events.rules) 2823419 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 (current_events.rules) 2823697 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 (current_events.rules) 2823823 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 (current_events.rules) 2823974 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 (current_events.rules) 2824125 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 (current_events.rules) 2824174 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 03 2017 (current_events.rules) 2824398 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 (current_events.rules) 2824444 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules) 2824445 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 (current_events.rules) 2826503 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 24 2017 (current_events.rules) 2826525 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 25 2017 (current_events.rules) 2826565 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 31 2017 (current_events.rules) 2826663 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 08 2017 (current_events.rules) 2827034 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 06 2017 (current_events.rules) 2827069 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 10 2017 (current_events.rules) 2827082 - ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 11 2017 (current_events.rules) [+++] Added non-rule lines: [+++] -> Added to ciarmy.rules (1): # Version 3372 -> Added to sid-msg.map (82): 2022925 || ET CURRENT_EVENTS Tech Support Phone Scam Landing M1 Jun 29 2016 2024554 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2024555 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2024556 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2024557 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 2024558 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 13 2024559 || ET CURRENT_EVENTS Successful Adobe Online Phish Aug 16 2016 2024560 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 2024561 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Sept 2 2024562 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 13 2024563 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 2024564 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 2024565 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 2024566 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 2024567 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 2024568 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 2024569 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 2024570 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 2024571 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 2024572 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 03 2017 2024573 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 2024574 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 2024575 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 2024576 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 24 2017 2024577 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 25 2017 2024578 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) May 31 2017 2024579 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 08 2017 2024580 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 06 2017 2024581 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 10 2017 2024582 || ET CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 11 2017 2024583 || ET CURRENT_EVENTS Possible YapiKredi Bank (TR) Phish - Landing Page - Title over non SSL 2024584 || ET DOS CLDAP Amplification Reflection (PoC based) || url,packetstormsecurity.com/files/139561/LDAP-Amplication-Denial-Of-Service.html || url,www.akamai.com/us/en/multimedia/documents/state-of-the-internet/cldap-threat-advisory.pdf 2024585 || ET DOS Potential CLDAP Amplification Reflection || url,packetstormsecurity.com/files/139561/LDAP-Amplication-Denial-Of-Service.html || url,www.akamai.com/us/en/multimedia/documents/state-of-the-internet/cldap-threat-advisory.pdf 2404724 || ET CNC Ransomware Tracker Reported CnC Server TCP group 163 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404725 || ET CNC Ransomware Tracker Reported CnC Server UDP group 163 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404726 || ET CNC Ransomware Tracker Reported CnC Server TCP group 164 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404727 || ET CNC Ransomware Tracker Reported CnC Server UDP group 164 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404728 || ET CNC Ransomware Tracker Reported CnC Server TCP group 165 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404729 || ET CNC Ransomware Tracker Reported CnC Server UDP group 165 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2815778 || ETPRO DELETED Possible Successful Generic Phish (set) Feb 26 2815780 || ETPRO DELETED Possible Successful Generic Phish (set) Feb 26 2816419 || ETPRO DELETED Possible Successful Generic Phish (set) Feb 26 2820535 || ETPRO DELETED Possible Successful Generic Phish (set) Jun 8 2821142 || ETPRO DELETED Possible Successful Generic Phish (set) Jul 13 2821704 || ETPRO DELETED Successful Adobe Online Phish Aug 16 2016 2821765 || ETPRO DELETED Possible Successful Generic Phish (set) Aug 19 2016 2821985 || ETPRO DELETED Possible Successful Generic Phish (set) Sept 2 2822659 || ETPRO DELETED Possible Successful Generic Phish (set) Oct 13 2822908 || ETPRO DELETED Possible Successful Generic Phish (set) Oct 25 2822915 || ETPRO DELETED Possible Successful Generic Phish (set) Oct 26 2823263 || ETPRO DELETED Possible Successful Generic Phish (set) Nov 15 2016 2823300 || ETPRO DELETED Possible Successful Generic Phish (set) Nov 16 2016 2823419 || ETPRO DELETED Possible Successful Generic Phish (set) Nov 22 2016 2823697 || ETPRO DELETED Possible Successful Generic Phish (set) Dec 07 2016 2823823 || ETPRO DELETED Possible Successful Generic Phish (set) Dec 13 2016 2823974 || ETPRO DELETED Possible Successful Generic Phish (set) Dec 20 2016 2824125 || ETPRO DELETED Possible Successful Generic Phish (set) Dec 27 2016 2824174 || ETPRO DELETED Possible Successful Generic Phish (set) Jan 03 2017 2824398 || ETPRO DELETED Possible Successful Generic Phish (set) Jan 12 2017 2824444 || ETPRO DELETED Possible Successful Generic Phish (set) Jan 17 2017 2824445 || ETPRO DELETED Possible Successful Generic Phish (set) Jan 17 2017 2826503 || ETPRO DELETED Possible Successful Generic Phish (set) May 24 2017 2826525 || ETPRO DELETED Possible Successful Generic Phish (set) May 25 2017 2826565 || ETPRO DELETED Possible Successful Generic Phish (set) May 31 2017 2826663 || ETPRO DELETED Possible Successful Generic Phish (set) Jun 08 2017 2827034 || ETPRO DELETED Possible Successful Generic Phish (set) Jul 06 2017 2827069 || ETPRO DELETED Possible Successful Generic Phish (set) Jul 10 2017 2827082 || ETPRO DELETED Possible Successful Generic Phish (set) Jul 11 2017 2827550 || ETPRO WEB_CLIENT MSIE/Edge Browser Type Confusion Vuln (CVE-2017-0037) 2827551 || ETPRO CURRENT_EVENTS Disdain EK Landing 2017-08-15 2827552 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 11 || md5,3b5117787bdcc274a1e921c34c0614bf 2827553 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.ic SMS/Contact Exfil via SMTP 12 || md5,3b5117787bdcc274a1e921c34c0614bf 2827554 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu SMS/Contact Exfil via SMTP || md5,fb38fc21daf5161b8dbeedcf99135242 2827555 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu SMS/Contact Exfil via SMTP 2 || md5,fb38fc21daf5161b8dbeedcf99135242 2827556 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.eu Reporting Infection via SMTP || md5,fb38fc21daf5161b8dbeedcf99135242 2827557 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 3 || md5,703e0ea0c93aefabfb2d93685cae73c8 2827558 || ETPRO CURRENT_EVENTS Successful Chase Phish M1 Aug 16 2017 2827559 || ETPRO CURRENT_EVENTS Successful Chase Phish M2 Aug 16 2017 2827560 || ETPRO TROJAN Cobalt Strike Malleable C2 Custom Profile || md5,6b2b65517778554fb66733b0a0473bb0 2827561 || ETPRO MOBILE_MALWARE Trojan.AndroidOS.SmsThief.ac SMS/Contact Exfil via SMTP 4 || md5,703e0ea0c93aefabfb2d93685cae73c8 2827562 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP || md5,dd9bc6a349b1e5aa54b6bd85fcee1f91 2827563 || ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.ij / SmsThief SMS/Contact Exfil via SMTP 2 || md5,dd9bc6a349b1e5aa54b6bd85fcee1f91 [---] Removed non-rule lines: [---] -> Removed from ciarmy.rules (1): # Version 3369 -> Removed from sid-msg.map (34): 2022925 || ET CURRENT_EVENTS Tech Support Phone Scam Landing Jun 29 M1 2523342 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 672 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523343 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 672 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523344 || ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 673 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2523345 || ET TOR Known Tor Relay/Router (Not Exit) Node UDP Traffic group 673 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2815778 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2815780 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2816419 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2820535 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 2821142 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 13 2821704 || ETPRO CURRENT_EVENTS Successful Adobe Online Phish Aug 16 2016 2821765 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Aug 19 2016 2821985 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Sept 2 2822659 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 13 2822908 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 25 2822915 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Oct 26 2823263 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 15 2016 2823300 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 16 2016 2823419 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Nov 22 2016 2823697 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 07 2016 2823823 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 13 2016 2823974 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 20 2016 2824125 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Dec 27 2016 2824174 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 03 2017 2824398 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 12 2017 2824444 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 2824445 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jan 17 2017 2826503 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 24 2017 2826525 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 25 2017 2826565 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) May 31 2017 2826663 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 08 2017 2827034 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 06 2017 2827069 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 10 2017 2827082 || ETPRO CURRENT_EVENTS Possible Successful Generic Phish (set) Jul 11 2017