*********************** snort-2.9.0-enhanced etpro *********************** [***] Results from Oinkmaster started Thu Sep 21 16:09:12 2017 [***] [+++] Added rules: [+++] 2008752 - ET MALWARE AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) (malware.rules) 2009526 - ET MALWARE Downloader Checkin - Downloads Rogue Adware (malware.rules) 2011492 - ET MALWARE Adware.Kraddare Checkin (malware.rules) 2013017 - ET MALWARE Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related (malware.rules) 2013556 - ET MALWARE UBar Trojan/Adware Checkin 1 (malware.rules) 2013557 - ET MALWARE UBar Trojan/Adware Checkin 2 (malware.rules) 2013558 - ET MALWARE UBar Trojan/Adware Checkin 3 (malware.rules) 2013956 - ET MALWARE W32/SmartPops Adware Outbound Off-Port MSSQL Communication (malware.rules) 2014583 - ET MALWARE Adware/FakeAV.Kraddare Checkin UA (malware.rules) 2024722 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction) (malware.rules) 2024723 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus) (malware.rules) 2024724 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo) (malware.rules) 2024725 - ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (opurie) (malware.rules) 2024726 - ET MALWARE Malicious Adware Chrome Extension Detected (1) (malware.rules) 2024727 - ET MALWARE Malicious Adware Chrome Extension Detected (2) (malware.rules) 2024751 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu Certificate flowbit set (trojan.rules) 2024752 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 2 (trojan.rules) 2024753 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 3 (trojan.rules) 2024754 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 4 (trojan.rules) 2024755 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 5 (trojan.rules) 2024756 - ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu (trojan.rules) 2024757 - ET TROJAN Observed Malicious SSL Cert (MalDoc DL) (trojan.rules) 2024758 - ET TROJAN Win32/Trojan.Inject.BDM Communicating with CnC (trojan.rules) 2405102 - ET CNC Shadowserver Reported CnC Server Port 54321 Group 1 (botcc.portgrouped.rules) 2405103 - ET CNC Shadowserver Reported CnC Server Port 65267 Group 1 (botcc.portgrouped.rules) 2804467 - ETPRO MALWARE Win-Adware/KorAdware.389120 Checkin (malware.rules) 2804606 - ETPRO MALWARE Win32/Adware.Kraddare.AI Checkin (malware.rules) 2805644 - ETPRO MALWARE Variant.Adware.SMSHoax.72 Checkin (malware.rules) 2807394 - ETPRO MALWARE Adware-NS.dldr Checkin (malware.rules) 2809804 - ETPRO MALWARE FakeAdwareCleaner.A Checkin (malware.rules) 2811015 - ETPRO MALWARE Adware.SMSHoax Install (malware.rules) 2813045 - ETPRO MALWARE Adware.Ymeta CnC Checkin (malware.rules) 2814203 - ETPRO MALWARE Adware.Win32/Bayads Activity (malware.rules) 2819949 - ETPRO MALWARE Win32/Adware.Offtoup.A Checkin (malware.rules) 2821750 - ETPRO MALWARE Win32/Adware.FileTour.BPL Checkin (malware.rules) 2823952 - ETPRO MALWARE MSIL/PUP.Linkury Toolbar Adware (malware.rules) 2828021 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 217 (mobile_malware.rules) 2828022 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 218 (mobile_malware.rules) 2828023 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 219 (mobile_malware.rules) 2828024 - ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab App List Exfil (mobile_malware.rules) [+++] Enabled and modified rules: [+++] 2803731 - ETPRO USER_AGENTS Win32/Obfuscator.XZ User-Agent (myInternet) (user_agents.rules) [///] Modified active rules: [///] 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2402001 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 110 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 1080 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 1090 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 1346 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 1453 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 1863 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 1875 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 1887 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 1888 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 1889 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 1921 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 1935 Group 1 (botcc.portgrouped.rules) 2405018 - ET CNC Shadowserver Reported CnC Server Port 2009 Group 1 (botcc.portgrouped.rules) 2405019 - ET CNC Shadowserver Reported CnC Server Port 2087 Group 1 (botcc.portgrouped.rules) 2405020 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405021 - ET CNC Shadowserver Reported CnC Server Port 2345 Group 1 (botcc.portgrouped.rules) 2405022 - ET CNC Shadowserver Reported CnC Server Port 2525 Group 1 (botcc.portgrouped.rules) 2405023 - ET CNC Shadowserver Reported CnC Server Port 2828 Group 1 (botcc.portgrouped.rules) 2405024 - ET CNC Shadowserver Reported CnC Server Port 3060 Group 1 (botcc.portgrouped.rules) 2405025 - ET CNC Shadowserver Reported CnC Server Port 3179 Group 1 (botcc.portgrouped.rules) 2405026 - ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405027 - ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405028 - ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405029 - ET CNC Shadowserver Reported CnC Server Port 3435 Group 1 (botcc.portgrouped.rules) 2405030 - ET CNC Shadowserver Reported CnC Server Port 3737 Group 1 (botcc.portgrouped.rules) 2405031 - ET CNC Shadowserver Reported CnC Server Port 4040 Group 1 (botcc.portgrouped.rules) 2405032 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405033 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405034 - ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 (botcc.portgrouped.rules) 2405035 - ET CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405036 - ET CNC Shadowserver Reported CnC Server Port 4510 Group 1 (botcc.portgrouped.rules) 2405037 - ET CNC Shadowserver Reported CnC Server Port 4646 Group 1 (botcc.portgrouped.rules) 2405038 - ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 (botcc.portgrouped.rules) 2405039 - ET CNC Shadowserver Reported CnC Server Port 4723 Group 1 (botcc.portgrouped.rules) 2405040 - ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 (botcc.portgrouped.rules) 2405041 - ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405042 - ET CNC Shadowserver Reported CnC Server Port 5487 Group 1 (botcc.portgrouped.rules) 2405043 - ET CNC Shadowserver Reported CnC Server Port 5500 Group 1 (botcc.portgrouped.rules) 2405044 - ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 (botcc.portgrouped.rules) 2405045 - ET CNC Shadowserver Reported CnC Server Port 6532 Group 1 (botcc.portgrouped.rules) 2405046 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405047 - ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 (botcc.portgrouped.rules) 2405048 - ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405049 - ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405050 - ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405051 - ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405052 - ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405053 - ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405054 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405055 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405056 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405057 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405058 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405059 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405060 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405061 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405062 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405063 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405064 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405065 - ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405066 - ET CNC Shadowserver Reported CnC Server Port 6678 Group 1 (botcc.portgrouped.rules) 2405067 - ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 (botcc.portgrouped.rules) 2405068 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405069 - ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 (botcc.portgrouped.rules) 2405070 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405071 - ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405072 - ET CNC Shadowserver Reported CnC Server Port 7193 Group 1 (botcc.portgrouped.rules) 2405073 - ET CNC Shadowserver Reported CnC Server Port 7665 Group 1 (botcc.portgrouped.rules) 2405074 - ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405075 - ET CNC Shadowserver Reported CnC Server Port 7777 Group 1 (botcc.portgrouped.rules) 2405076 - ET CNC Shadowserver Reported CnC Server Port 8000 Group 1 (botcc.portgrouped.rules) 2405077 - ET CNC Shadowserver Reported CnC Server Port 8059 Group 1 (botcc.portgrouped.rules) 2405078 - ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405079 - ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405080 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405081 - ET CNC Shadowserver Reported CnC Server Port 8718 Group 1 (botcc.portgrouped.rules) 2405082 - ET CNC Shadowserver Reported CnC Server Port 8765 Group 1 (botcc.portgrouped.rules) 2405083 - ET CNC Shadowserver Reported CnC Server Port 8879 Group 1 (botcc.portgrouped.rules) 2405084 - ET CNC Shadowserver Reported CnC Server Port 8888 Group 1 (botcc.portgrouped.rules) 2405085 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405086 - ET CNC Shadowserver Reported CnC Server Port 9731 Group 1 (botcc.portgrouped.rules) 2405087 - ET CNC Shadowserver Reported CnC Server Port 9872 Group 1 (botcc.portgrouped.rules) 2405088 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405089 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405090 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405091 - ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 (botcc.portgrouped.rules) 2405092 - ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405093 - ET CNC Shadowserver Reported CnC Server Port 21321 Group 1 (botcc.portgrouped.rules) 2405094 - ET CNC Shadowserver Reported CnC Server Port 21333 Group 1 (botcc.portgrouped.rules) 2405095 - ET CNC Shadowserver Reported CnC Server Port 26745 Group 1 (botcc.portgrouped.rules) 2405096 - ET CNC Shadowserver Reported CnC Server Port 32164 Group 1 (botcc.portgrouped.rules) 2405097 - ET CNC Shadowserver Reported CnC Server Port 32768 Group 1 (botcc.portgrouped.rules) 2405098 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2405099 - ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 (botcc.portgrouped.rules) 2405100 - ET CNC Shadowserver Reported CnC Server Port 47221 Group 1 (botcc.portgrouped.rules) 2405101 - ET CNC Shadowserver Reported CnC Server Port 51987 Group 1 (botcc.portgrouped.rules) 2804477 - ETPRO USER_AGENTS HTTP Request with Random User-Agent (user_agents.rules) 2804997 - ETPRO USER_AGENTS Trojan/Swisyn.wvn User-Agent (Injection) (user_agents.rules) 2805021 - ETPRO USER_AGENTS Adware.CasinoClient User-Agent(caszx) (user_agents.rules) 2805109 - ETPRO USER_AGENTS Win32/Hupigon.DZ User-Agent (IEFILES.INS) (user_agents.rules) 2805290 - ETPRO USER_AGENTS Win32/VBInject.QW User-Agent (Sek8War) (user_agents.rules) 2805401 - ETPRO USER_AGENTS Variant.Barys.4238 User-Agent (user_agents.rules) 2805569 - ETPRO USER_AGENTS Win32/Adware.Kraddare.FS User-Agent(inter) (user_agents.rules) 2805625 - ETPRO USER_AGENTS User-Agent (Kaka) (user_agents.rules) 2822035 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2823673 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2824690 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2825000 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2825752 - ETPRO TROJAN Win32/MoonWind CnC (trojan.rules) 2827243 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2827395 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2827464 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2827746 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2827757 - ETPRO TROJAN Win32.Denes CnC Beacon (trojan.rules) 2827764 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) 2827807 - ETPRO TROJAN W32/DOTHETUK CNC Checkin (trojan.rules) 2827814 - ETPRO TROJAN Win32/Banload variant CnC (trojan.rules) 2827858 - ETPRO TROJAN VB:Trojan.Valyria Downloader DNS Query (kekeoffer . com) (trojan.rules) 2827991 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) (current_events.rules) [///] Modified inactive rules: [///] 2803734 - ETPRO USER_AGENTS TrojanProxy.Ukstories.e User-Agent (mcsmss) (user_agents.rules) 2803790 - ETPRO USER_AGENTS Win32/Gabpath User-Agent (FPUpdater) (user_agents.rules) 2803805 - ETPRO USER_AGENTS Win32/Hermes.B@mm User-Agent (Hermes) (user_agents.rules) 2803809 - ETPRO USER_AGENTS Win32/Adware.GabPath.BM User-Agent (Blammi) (user_agents.rules) 2803832 - ETPRO USER_AGENTS Win32/Adware.GabPath.CB User-Agent (FPInstaller) (user_agents.rules) 2803839 - ETPRO USER_AGENTS Adware.Win32/Gabpath User-Agent (BMRecover) (user_agents.rules) 2803872 - ETPRO USER_AGENTS AdWare.Win32.Gabpath User-Agent (OCInstaller) (user_agents.rules) 2803873 - ETPRO USER_AGENTS AdWare.Win32.Gabpath User-Agent (Oncues) (user_agents.rules) 2803885 - ETPRO USER_AGENTS Win32/Calelk.C User-Agent (Informer) (user_agents.rules) 2803900 - ETPRO USER_AGENTS Sasfis/Atraps.AVWU/AMTU.Proxy Contacting CnC via Googleusercontent Translate (user_agents.rules) 2803931 - ETPRO USER_AGENTS W32/Gabpath.A.gen!Eldorado User-Agent (OCRecover) (user_agents.rules) 2803934 - ETPRO USER_AGENTS Backdoor.Win32.Sheldor.dt User-Agent (x3) (user_agents.rules) 2803947 - ETPRO USER_AGENTS Win32/Gabpath User-Agent (WhereSphere) (user_agents.rules) 2803949 - ETPRO USER_AGENTS Win32/Jinzie User-Agent (PopRocks) (user_agents.rules) 2803954 - ETPRO USER_AGENTS Win32.Malware.XGW@aSlsEHbG User-Agent (olesio) (user_agents.rules) 2803995 - ETPRO USER_AGENTS Win32/Kryptik.UNM User-Agent (bansol) (user_agents.rules) 2804002 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (stalone) (user_agents.rules) 2804009 - ETPRO USER_AGENTS Backdoor.Win32/Hanove.A User-Agent (SIMPLE) (user_agents.rules) 2804023 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (chuck) (user_agents.rules) 2804025 - ETPRO USER_AGENTS Win32/Kryptik.UNM User-Agent (wolf) (user_agents.rules) 2804036 - ETPRO USER_AGENTS Win32/Kryptik.UNM User-Agent (dieter) (user_agents.rules) 2804037 - ETPRO USER_AGENTS Generic.Malware.dld!!.9C8D00AA User-Agent (*!%) (user_agents.rules) 2804038 - ETPRO USER_AGENTS Generic.Malware.dld!!.9C8D00AA User-Agent (microsoft.com) (user_agents.rules) 2804049 - ETPRO USER_AGENTS Win32/Malushka.A User-Agent (netboom) (user_agents.rules) 2804057 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (solders) (user_agents.rules) 2804058 - ETPRO USER_AGENTS W32/Rimecud.gen.cr User-Agent (goci) (user_agents.rules) 2804060 - ETPRO USER_AGENTS Win32/Rimecud.A User-Agent (cadara) (user_agents.rules) 2804068 - ETPRO USER_AGENTS Trojan.Win32.Agent2.lpa User-Agent (Ali) (user_agents.rules) 2804069 - ETPRO USER_AGENTS Trojan.Win32.Agent2.lpa User-Agent (Exp) (user_agents.rules) 2804081 - ETPRO USER_AGENTS Trojan-Dropper.Win32.Injector.uua User-Agent (google___) (user_agents.rules) 2804104 - ETPRO USER_AGENTS AdWare.Win32.EzSearch.g User-Agent (WindowEzSearch) - Likely Trojan (user_agents.rules) 2804114 - ETPRO USER_AGENTS User-Agent (Mozila Firefox) (user_agents.rules) 2804115 - ETPRO USER_AGENTS User-Agent (Mozilla/4.0 competible) (user_agents.rules) 2804216 - ETPRO USER_AGENTS AdWare.Win32.SmartSearch!IK User-Agent (SmartSearch) (user_agents.rules) 2804218 - ETPRO USER_AGENTS AdWare.Win32.Wizpop User-Agent (WizSearch) (user_agents.rules) 2804219 - ETPRO USER_AGENTS Adware.SearchGuard User-Agent (searchguard) (user_agents.rules) 2804385 - ETPRO USER_AGENTS Win32/SouGouDownloader.A User-Agent (SouGouDownloader) (user_agents.rules) 2804403 - ETPRO USER_AGENTS Trojan.Win32.Menti.kgbj User-Agent (user_agents.rules) 2804410 - ETPRO USER_AGENTS Win32/Banload.AGV User-Agent (BOTPA5BG8S) (user_agents.rules) 2804411 - ETPRO USER_AGENTS Trojan.Win32.Swisyn.mtz User-Agent (SALLAMAILZILLA) (user_agents.rules) 2804526 - ETPRO USER_AGENTS Trojan-Dropper.Win32.Dapato.aafb User-Agent (cibabam) (user_agents.rules) 2804536 - ETPRO USER_AGENTS Adware.EoRezo.T User-Agent (EoEngine) (user_agents.rules) 2804695 - ETPRO USER_AGENTS Hutizu Rootkit Checkin User-Agent (user_agents.rules) 2804734 - ETPRO USER_AGENTS User-Agent (GPRemove) (user_agents.rules) 2804747 - ETPRO USER_AGENTS Rogue.Win32/Onescan User-Agent (fileboan_install) (user_agents.rules) [---] Removed rules: [---] 2008752 - ET TROJAN AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) (trojan.rules) 2009526 - ET TROJAN Downloader Checkin - Downloads Rogue Adware (trojan.rules) 2011492 - ET TROJAN Adware.Kraddare Checkin (trojan.rules) 2013017 - ET TROJAN Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related (trojan.rules) 2013556 - ET TROJAN UBar Trojan/Adware Checkin 1 (trojan.rules) 2013557 - ET TROJAN UBar Trojan/Adware Checkin 2 (trojan.rules) 2013558 - ET TROJAN UBar Trojan/Adware Checkin 3 (trojan.rules) 2013956 - ET TROJAN W32/SmartPops Adware Outbound Off-Port MSSQL Communication (trojan.rules) 2014583 - ET TROJAN Adware/FakeAV.Kraddare Checkin UA (trojan.rules) 2024722 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction) (trojan.rules) 2024723 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus) (trojan.rules) 2024724 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo) (trojan.rules) 2024725 - ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (opurie) (trojan.rules) 2024726 - ET TROJAN Malicious Adware Chrome Extension Detected (1) (trojan.rules) 2024727 - ET TROJAN Malicious Adware Chrome Extension Detected (2) (trojan.rules) 2804467 - ETPRO TROJAN Win-Adware/KorAdware.389120 Checkin (trojan.rules) 2804606 - ETPRO TROJAN Win32/Adware.Kraddare.AI Checkin (trojan.rules) 2805644 - ETPRO TROJAN Variant.Adware.SMSHoax.72 Checkin (trojan.rules) 2807394 - ETPRO TROJAN Adware-NS.dldr Checkin (trojan.rules) 2809804 - ETPRO TROJAN FakeAdwareCleaner.A Checkin (trojan.rules) 2811015 - ETPRO TROJAN Adware.SMSHoax Install (trojan.rules) 2813045 - ETPRO TROJAN Adware.Ymeta CnC Checkin (trojan.rules) 2814203 - ETPRO TROJAN Adware.Win32/Bayads Activity (trojan.rules) 2819949 - ETPRO TROJAN Win32/Adware.Offtoup.A Checkin (trojan.rules) 2821750 - ETPRO TROJAN Win32/Adware.FileTour.BPL Checkin (trojan.rules) 2823952 - ETPRO TROJAN MSIL/PUP.Linkury Toolbar Adware (trojan.rules) 2827955 - ETPRO TROJAN Malicious Domain in SNI (Meterpreter) (trojan.rules) [+++] Added non-rule lines: [+++] -> Added to sid-msg.map (142): 2008752 || ET MALWARE AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) || url,doc.emergingthreats.net/2008752 2009526 || ET MALWARE Downloader Checkin - Downloads Rogue Adware || url,doc.emergingthreats.net/2009526 2011492 || ET MALWARE Adware.Kraddare Checkin 2013017 || ET MALWARE Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related || url,doc.emergingthreats.net/2009987 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-112613-5052-99&tabid=2 2013556 || ET MALWARE UBar Trojan/Adware Checkin 1 || url,www.threatexpert.com/report.aspx?md5=81a119f7f47663c03053e76146f54fe9 2013557 || ET MALWARE UBar Trojan/Adware Checkin 2 2013558 || ET MALWARE UBar Trojan/Adware Checkin 3 2013956 || ET MALWARE W32/SmartPops Adware Outbound Off-Port MSSQL Communication 2014583 || ET MALWARE Adware/FakeAV.Kraddare Checkin UA || url,www.scumware.org/report/update.best-pc.co.kr 2024722 || ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024723 || ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024724 || ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024725 || ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (opurie) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024726 || ET MALWARE Malicious Adware Chrome Extension Detected (1) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024727 || ET MALWARE Malicious Adware Chrome Extension Detected (2) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024751 || ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu Certificate flowbit set || md5,d93dd17a9adf84ca2839708d603d3bd6 2024752 || ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 2 || md5,d93dd17a9adf84ca2839708d603d3bd6 2024753 || ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 3 || md5,d93dd17a9adf84ca2839708d603d3bd6 2024754 || ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 4 || md5,d93dd17a9adf84ca2839708d603d3bd6 2024755 || ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu pkt Checker flowbit set 5 || md5,d93dd17a9adf84ca2839708d603d3bd6 2024756 || ET TROJAN [PTsecurity] Backdoor.Java.Adwind.cu || md5,d93dd17a9adf84ca2839708d603d3bd6 2024757 || ET TROJAN Observed Malicious SSL Cert (MalDoc DL) || md5,69f8181bfe4a53d9e0b73c81a4ae4587 2024758 || ET TROJAN Win32/Trojan.Inject.BDM Communicating with CnC || md5,52c193a7994a6bb55ec85addc8987c10 2404744 || ET CNC Ransomware Tracker Reported CnC Server TCP group 173 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404745 || ET CNC Ransomware Tracker Reported CnC Server UDP group 173 || url,ransomwaretracker.abuse.ch || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405013 || ET CNC Shadowserver Reported CnC Server Port 1887 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405014 || ET CNC Shadowserver Reported CnC Server Port 1888 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405015 || ET CNC Shadowserver Reported CnC Server Port 1889 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405016 || ET CNC Shadowserver Reported CnC Server Port 1921 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 1935 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 2009 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405019 || ET CNC Shadowserver Reported CnC Server Port 2087 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405020 || ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405021 || ET CNC Shadowserver Reported CnC Server Port 2345 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405022 || ET CNC Shadowserver Reported CnC Server Port 2525 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405023 || ET CNC Shadowserver Reported CnC Server Port 2828 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405024 || ET CNC Shadowserver Reported CnC Server Port 3060 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405025 || ET CNC Shadowserver Reported CnC Server Port 3179 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405026 || ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405027 || ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405028 || ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405029 || ET CNC Shadowserver Reported CnC Server Port 3435 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405030 || ET CNC Shadowserver Reported CnC Server Port 3737 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405031 || ET CNC Shadowserver Reported CnC Server Port 4040 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405032 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405033 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405034 || ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405035 || ET CNC Shadowserver Reported CnC Server Port 4466 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405036 || ET CNC Shadowserver Reported CnC Server Port 4510 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405037 || ET CNC Shadowserver Reported CnC Server Port 4646 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405038 || ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405039 || ET CNC Shadowserver Reported CnC Server Port 4723 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405040 || ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405041 || ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405042 || ET CNC Shadowserver Reported CnC Server Port 5487 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405043 || ET CNC Shadowserver Reported CnC Server Port 5500 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405044 || ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405045 || ET CNC Shadowserver Reported CnC Server Port 6532 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405046 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405047 || ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405048 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405049 || ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405050 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405051 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405052 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405053 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405054 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405055 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405056 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405057 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405058 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405059 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405060 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405061 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405062 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405063 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405064 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405065 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405066 || ET CNC Shadowserver Reported CnC Server Port 6678 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405067 || ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405068 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405069 || ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405070 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405071 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405072 || ET CNC Shadowserver Reported CnC Server Port 7193 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405073 || ET CNC Shadowserver Reported CnC Server Port 7665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405074 || ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405075 || ET CNC Shadowserver Reported CnC Server Port 7777 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405076 || ET CNC Shadowserver Reported CnC Server Port 8000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405077 || ET CNC Shadowserver Reported CnC Server Port 8059 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405078 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405079 || ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405080 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405081 || ET CNC Shadowserver Reported CnC Server Port 8718 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405082 || ET CNC Shadowserver Reported CnC Server Port 8765 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405083 || ET CNC Shadowserver Reported CnC Server Port 8879 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405084 || ET CNC Shadowserver Reported CnC Server Port 8888 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405085 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405086 || ET CNC Shadowserver Reported CnC Server Port 9731 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405087 || ET CNC Shadowserver Reported CnC Server Port 9872 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405088 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405089 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405090 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405091 || ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405092 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405093 || ET CNC Shadowserver Reported CnC Server Port 21321 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405094 || ET CNC Shadowserver Reported CnC Server Port 21333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405095 || ET CNC Shadowserver Reported CnC Server Port 26745 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405096 || ET CNC Shadowserver Reported CnC Server Port 32164 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405097 || ET CNC Shadowserver Reported CnC Server Port 32768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405098 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405099 || ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405100 || ET CNC Shadowserver Reported CnC Server Port 47221 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405101 || ET CNC Shadowserver Reported CnC Server Port 51987 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405102 || ET CNC Shadowserver Reported CnC Server Port 54321 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405103 || ET CNC Shadowserver Reported CnC Server Port 65267 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2500076 || ET COMPROMISED Known Compromised or Hostile Host Traffic TCP group 39 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2500077 || ET COMPROMISED Known Compromised or Hostile Host Traffic UDP group 39 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2804467 || ETPRO MALWARE Win-Adware/KorAdware.389120 Checkin || md5,0fddd0cbc4044d7a0c8d85bd76cabd2a 2804606 || ETPRO MALWARE Win32/Adware.Kraddare.AI Checkin || md5,2a9364937c78206c91ca349fdad739b0 2805644 || ETPRO MALWARE Variant.Adware.SMSHoax.72 Checkin || md5,9b982045ca26f5d73128889e7cb691c9 2807394 || ETPRO MALWARE Adware-NS.dldr Checkin || md5,623225c38218738f84c5e59df4f1ec42 || md5,0e0b84b3aa4987e1ef241482263a72a0 2809804 || ETPRO MALWARE FakeAdwareCleaner.A Checkin || md5,248aadd395ffa7ffb1670392a9398454 2811015 || ETPRO MALWARE Adware.SMSHoax Install || md5,4f8d45844419519e125e9cd2d44d898c 2813045 || ETPRO MALWARE Adware.Ymeta CnC Checkin || md5,f0d3ec831bbf6784a75dbf6f1ce0a961 2814203 || ETPRO MALWARE Adware.Win32/Bayads Activity || md5,04a4f3796a8387a48cd2a0a8e099ea9c 2819949 || ETPRO MALWARE Win32/Adware.Offtoup.A Checkin || md5,1a57ea194256fbbfed94c0246fd65848 2821750 || ETPRO MALWARE Win32/Adware.FileTour.BPL Checkin || md5,bfdcd15136ee00e1c35f32ee0e543b4e 2822035 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) || md5,49b907c4c350c40f60325374e1784d15 2823673 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) 2823952 || ETPRO MALWARE MSIL/PUP.Linkury Toolbar Adware || md5,1cef9e3c72e990ec1ba1a8ac91d35377 2825000 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) 2827395 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL) || md5,379a0288ef731eca89839462fe1d4630 2827757 || ETPRO TROJAN Win32.Denes CnC Beacon || md5,58d2907361f6414742dcc5071ca20980 2827807 || ETPRO TROJAN W32/DOTHETUK CNC Checkin || md5,5a3675ebb6a560a25c6583cae847a41e 2827814 || ETPRO TROJAN Win32/Banload variant CnC || md5,eeca7cf19d0a7a4d333476fab8e32cb0 2827858 || ETPRO TROJAN VB:Trojan.Valyria Downloader DNS Query (kekeoffer . com) || md5,2d197bdaaf95cb648f0572dbafa370ca 2827955 || ETPRO DELETED Malicious Domain in SNI (Meterpreter) || md5,25b7b735e01790a404201b3ab50fb6d5 2828021 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 217 || md5,5cd9c51f99f05a7c13bd26ac1913c77d 2828022 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 218 || md5,9d89af6e32bed0eb86988aca605bd2fc 2828023 || ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 219 || md5,e0a36d76903170443a05dbfdcb2fa34e 2828024 || ETPRO MOBILE_MALWARE Trojan-Dropper.AndroidOS.Rootnik.ab App List Exfil || md5,597e15df2f9e4f07f1946b39ada529fa [---] Removed non-rule lines: [---] -> Removed from sid-msg.map (222): 2008752 || ET TROJAN AdWare.Win32.Yokbar User-Agent Detected (YOK Agent) || url,doc.emergingthreats.net/2008752 2009526 || ET TROJAN Downloader Checkin - Downloads Rogue Adware || url,doc.emergingthreats.net/2009526 2011492 || ET TROJAN Adware.Kraddare Checkin 2013017 || ET TROJAN Known Malicious User-Agent (x) Win32/Tracur.A or OneStep Adware Related || url,doc.emergingthreats.net/2009987 || url,www.symantec.com/security_response/writeup.jsp?docid=2008-112613-5052-99&tabid=2 2013556 || ET TROJAN UBar Trojan/Adware Checkin 1 || url,www.threatexpert.com/report.aspx?md5=81a119f7f47663c03053e76146f54fe9 2013557 || ET TROJAN UBar Trojan/Adware Checkin 2 2013558 || ET TROJAN UBar Trojan/Adware Checkin 3 2013956 || ET TROJAN W32/SmartPops Adware Outbound Off-Port MSSQL Communication 2014583 || ET TROJAN Adware/FakeAV.Kraddare Checkin UA || url,www.scumware.org/report/update.best-pc.co.kr 2024722 || ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024723 || ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024724 || ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024725 || ET TROJAN Malicious Chrome Ext. DNS Query For Adware CnC (opurie) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024726 || ET TROJAN Malicious Adware Chrome Extension Detected (1) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2024727 || ET TROJAN Malicious Adware Chrome Extension Detected (2) || url,blog.0day.rocks/malicious-chrome-extension-meddling-with-your-searches-581aa56ddc9c 2404000 || ET CNC Shadowserver Reported CnC Server TCP group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404001 || ET CNC Shadowserver Reported CnC Server UDP group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404002 || ET CNC Shadowserver Reported CnC Server TCP group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404003 || ET CNC Shadowserver Reported CnC Server UDP group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404004 || ET CNC Shadowserver Reported CnC Server TCP group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404005 || ET CNC Shadowserver Reported CnC Server UDP group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404006 || ET CNC Shadowserver Reported CnC Server TCP group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404007 || ET CNC Shadowserver Reported CnC Server UDP group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404008 || ET CNC Shadowserver Reported CnC Server TCP group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404009 || ET CNC Shadowserver Reported CnC Server UDP group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404010 || ET CNC Shadowserver Reported CnC Server TCP group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404011 || ET CNC Shadowserver Reported CnC Server UDP group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404012 || ET CNC Shadowserver Reported CnC Server TCP group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404013 || ET CNC Shadowserver Reported CnC Server UDP group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404014 || ET CNC Shadowserver Reported CnC Server TCP group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404015 || ET CNC Shadowserver Reported CnC Server UDP group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404016 || ET CNC Shadowserver Reported CnC Server TCP group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404017 || ET CNC Shadowserver Reported CnC Server UDP group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404018 || ET CNC Shadowserver Reported CnC Server TCP group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404019 || ET CNC Shadowserver Reported CnC Server UDP group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404020 || ET CNC Shadowserver Reported CnC Server TCP group 11 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404021 || ET CNC Shadowserver Reported CnC Server UDP group 11 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404022 || ET CNC Shadowserver Reported CnC Server TCP group 12 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404023 || ET CNC Shadowserver Reported CnC Server UDP group 12 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404024 || ET CNC Shadowserver Reported CnC Server TCP group 13 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404025 || ET CNC Shadowserver Reported CnC Server UDP group 13 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404026 || ET CNC Shadowserver Reported CnC Server TCP group 14 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404027 || ET CNC Shadowserver Reported CnC Server UDP group 14 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404028 || ET CNC Shadowserver Reported CnC Server TCP group 15 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404029 || ET CNC Shadowserver Reported CnC Server UDP group 15 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404030 || ET CNC Shadowserver Reported CnC Server TCP group 16 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404031 || ET CNC Shadowserver Reported CnC Server UDP group 16 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404032 || ET CNC Shadowserver Reported CnC Server TCP group 17 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404033 || ET CNC Shadowserver Reported CnC Server UDP group 17 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404034 || ET CNC Shadowserver Reported CnC Server TCP group 18 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404035 || ET CNC Shadowserver Reported CnC Server UDP group 18 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404036 || ET CNC Shadowserver Reported CnC Server TCP group 19 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404037 || ET CNC Shadowserver Reported CnC Server UDP group 19 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404038 || ET CNC Shadowserver Reported CnC Server TCP group 20 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404039 || ET CNC Shadowserver Reported CnC Server UDP group 20 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404040 || ET CNC Shadowserver Reported CnC Server TCP group 21 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404041 || ET CNC Shadowserver Reported CnC Server UDP group 21 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404042 || ET CNC Shadowserver Reported CnC Server TCP group 22 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404043 || ET CNC Shadowserver Reported CnC Server UDP group 22 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404044 || ET CNC Shadowserver Reported CnC Server TCP group 23 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404045 || ET CNC Shadowserver Reported CnC Server UDP group 23 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404046 || ET CNC Shadowserver Reported CnC Server TCP group 24 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404047 || ET CNC Shadowserver Reported CnC Server UDP group 24 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404048 || ET CNC Shadowserver Reported CnC Server TCP group 25 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404049 || ET CNC Shadowserver Reported CnC Server UDP group 25 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404050 || ET CNC Shadowserver Reported CnC Server TCP group 26 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404051 || ET CNC Shadowserver Reported CnC Server UDP group 26 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404052 || ET CNC Shadowserver Reported CnC Server TCP group 27 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404053 || ET CNC Shadowserver Reported CnC Server UDP group 27 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404054 || ET CNC Shadowserver Reported CnC Server TCP group 28 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404055 || ET CNC Shadowserver Reported CnC Server UDP group 28 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404056 || ET CNC Shadowserver Reported CnC Server TCP group 29 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404057 || ET CNC Shadowserver Reported CnC Server UDP group 29 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404058 || ET CNC Shadowserver Reported CnC Server TCP group 30 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404059 || ET CNC Shadowserver Reported CnC Server UDP group 30 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404060 || ET CNC Shadowserver Reported CnC Server TCP group 31 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404061 || ET CNC Shadowserver Reported CnC Server UDP group 31 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404062 || ET CNC Shadowserver Reported CnC Server TCP group 32 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404063 || ET CNC Shadowserver Reported CnC Server UDP group 32 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404064 || ET CNC Shadowserver Reported CnC Server TCP group 33 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404065 || ET CNC Shadowserver Reported CnC Server UDP group 33 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404066 || ET CNC Shadowserver Reported CnC Server TCP group 34 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404067 || ET CNC Shadowserver Reported CnC Server UDP group 34 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404068 || ET CNC Shadowserver Reported CnC Server TCP group 35 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404069 || ET CNC Shadowserver Reported CnC Server UDP group 35 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404070 || ET CNC Shadowserver Reported CnC Server TCP group 36 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404071 || ET CNC Shadowserver Reported CnC Server UDP group 36 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404072 || ET CNC Shadowserver Reported CnC Server TCP group 37 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404073 || ET CNC Shadowserver Reported CnC Server UDP group 37 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404074 || ET CNC Shadowserver Reported CnC Server TCP group 38 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404075 || ET CNC Shadowserver Reported CnC Server UDP group 38 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404076 || ET CNC Shadowserver Reported CnC Server TCP group 39 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404077 || ET CNC Shadowserver Reported CnC Server UDP group 39 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404078 || ET CNC Shadowserver Reported CnC Server TCP group 40 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404079 || ET CNC Shadowserver Reported CnC Server UDP group 40 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404080 || ET CNC Shadowserver Reported CnC Server TCP group 41 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404081 || ET CNC Shadowserver Reported CnC Server UDP group 41 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404082 || ET CNC Shadowserver Reported CnC Server TCP group 42 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404083 || ET CNC Shadowserver Reported CnC Server UDP group 42 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404084 || ET CNC Shadowserver Reported CnC Server TCP group 43 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404085 || ET CNC Shadowserver Reported CnC Server UDP group 43 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404086 || ET CNC Shadowserver Reported CnC Server TCP group 44 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404087 || ET CNC Shadowserver Reported CnC Server UDP group 44 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404088 || ET CNC Shadowserver Reported CnC Server TCP group 45 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404089 || ET CNC Shadowserver Reported CnC Server UDP group 45 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404090 || ET CNC Shadowserver Reported CnC Server TCP group 46 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404091 || ET CNC Shadowserver Reported CnC Server UDP group 46 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404092 || ET CNC Shadowserver Reported CnC Server TCP group 47 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404093 || ET CNC Shadowserver Reported CnC Server UDP group 47 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404094 || ET CNC Shadowserver Reported CnC Server TCP group 48 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2404095 || ET CNC Shadowserver Reported CnC Server UDP group 48 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405013 || ET CNC Shadowserver Reported CnC Server Port 1888 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405014 || ET CNC Shadowserver Reported CnC Server Port 1889 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405015 || ET CNC Shadowserver Reported CnC Server Port 1921 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405016 || ET CNC Shadowserver Reported CnC Server Port 1935 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405017 || ET CNC Shadowserver Reported CnC Server Port 2009 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405018 || ET CNC Shadowserver Reported CnC Server Port 2087 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405019 || ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405020 || ET CNC Shadowserver Reported CnC Server Port 2345 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405021 || ET CNC Shadowserver Reported CnC Server Port 2525 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405022 || ET CNC Shadowserver Reported CnC Server Port 2828 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405023 || ET CNC Shadowserver Reported CnC Server Port 3060 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405024 || ET CNC Shadowserver Reported CnC Server Port 3179 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405025 || ET CNC Shadowserver Reported CnC Server Port 3211 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405026 || ET CNC Shadowserver Reported CnC Server Port 3303 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405027 || ET CNC Shadowserver Reported CnC Server Port 3306 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405028 || ET CNC Shadowserver Reported CnC Server Port 3435 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405029 || ET CNC Shadowserver Reported CnC Server Port 3737 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405030 || ET CNC Shadowserver Reported CnC Server Port 4040 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405031 || ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405032 || ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405033 || ET CNC Shadowserver Reported CnC Server Port 4318 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405034 || ET CNC Shadowserver Reported CnC Server Port 4466 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405035 || ET CNC Shadowserver Reported CnC Server Port 4510 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405036 || ET CNC Shadowserver Reported CnC Server Port 4646 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405037 || ET CNC Shadowserver Reported CnC Server Port 4676 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405038 || ET CNC Shadowserver Reported CnC Server Port 4723 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405039 || ET CNC Shadowserver Reported CnC Server Port 4949 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405040 || ET CNC Shadowserver Reported CnC Server Port 5050 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405041 || ET CNC Shadowserver Reported CnC Server Port 5487 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405042 || ET CNC Shadowserver Reported CnC Server Port 5500 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405043 || ET CNC Shadowserver Reported CnC Server Port 5900 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405044 || ET CNC Shadowserver Reported CnC Server Port 6532 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405045 || ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405046 || ET CNC Shadowserver Reported CnC Server Port 6567 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405047 || ET CNC Shadowserver Reported CnC Server Port 6660 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405048 || ET CNC Shadowserver Reported CnC Server Port 6662 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405049 || ET CNC Shadowserver Reported CnC Server Port 6663 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405050 || ET CNC Shadowserver Reported CnC Server Port 6664 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405051 || ET CNC Shadowserver Reported CnC Server Port 6665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405052 || ET CNC Shadowserver Reported CnC Server Port 6666 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405053 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405054 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 2 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405055 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 3 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405056 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 4 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405057 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 5 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405058 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 6 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405059 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 7 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405060 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 8 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405061 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 9 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405062 || ET CNC Shadowserver Reported CnC Server Port 6667 Group 10 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405063 || ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405064 || ET CNC Shadowserver Reported CnC Server Port 6669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405065 || ET CNC Shadowserver Reported CnC Server Port 6678 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405066 || ET CNC Shadowserver Reported CnC Server Port 6764 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405067 || ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405068 || ET CNC Shadowserver Reported CnC Server Port 6900 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405069 || ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405070 || ET CNC Shadowserver Reported CnC Server Port 7100 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405071 || ET CNC Shadowserver Reported CnC Server Port 7193 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405072 || ET CNC Shadowserver Reported CnC Server Port 7665 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405073 || ET CNC Shadowserver Reported CnC Server Port 7770 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405074 || ET CNC Shadowserver Reported CnC Server Port 7777 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405075 || ET CNC Shadowserver Reported CnC Server Port 8000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405076 || ET CNC Shadowserver Reported CnC Server Port 8059 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405077 || ET CNC Shadowserver Reported CnC Server Port 8080 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405078 || ET CNC Shadowserver Reported CnC Server Port 8089 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405079 || ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405080 || ET CNC Shadowserver Reported CnC Server Port 8718 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405081 || ET CNC Shadowserver Reported CnC Server Port 8765 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405082 || ET CNC Shadowserver Reported CnC Server Port 8888 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405083 || ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405084 || ET CNC Shadowserver Reported CnC Server Port 9731 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405085 || ET CNC Shadowserver Reported CnC Server Port 9872 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405086 || ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405087 || ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405088 || ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405089 || ET CNC Shadowserver Reported CnC Server Port 15000 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405090 || ET CNC Shadowserver Reported CnC Server Port 19899 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405091 || ET CNC Shadowserver Reported CnC Server Port 21321 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405092 || ET CNC Shadowserver Reported CnC Server Port 21333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405093 || ET CNC Shadowserver Reported CnC Server Port 26745 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405094 || ET CNC Shadowserver Reported CnC Server Port 32164 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405095 || ET CNC Shadowserver Reported CnC Server Port 32768 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405096 || ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405097 || ET CNC Shadowserver Reported CnC Server Port 40669 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405098 || ET CNC Shadowserver Reported CnC Server Port 47221 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405099 || ET CNC Shadowserver Reported CnC Server Port 51987 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405100 || ET CNC Shadowserver Reported CnC Server Port 54321 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2405101 || ET CNC Shadowserver Reported CnC Server Port 65267 Group 1 || url,www.shadowserver.org || url,doc.emergingthreats.net/bin/view/Main/BotCC 2520144 || ET TOR Known Tor Exit Node TCP Traffic group 73 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2520145 || ET TOR Known Tor Exit Node UDP Traffic group 73 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2804467 || ETPRO TROJAN Win-Adware/KorAdware.389120 Checkin || md5,0fddd0cbc4044d7a0c8d85bd76cabd2a 2804606 || ETPRO TROJAN Win32/Adware.Kraddare.AI Checkin || md5,2a9364937c78206c91ca349fdad739b0 2805644 || ETPRO TROJAN Variant.Adware.SMSHoax.72 Checkin || md5,9b982045ca26f5d73128889e7cb691c9 2807394 || ETPRO TROJAN Adware-NS.dldr Checkin || md5,623225c38218738f84c5e59df4f1ec42 || md5,0e0b84b3aa4987e1ef241482263a72a0 2809804 || ETPRO TROJAN FakeAdwareCleaner.A Checkin || md5,248aadd395ffa7ffb1670392a9398454 2811015 || ETPRO TROJAN Adware.SMSHoax Install || md5,4f8d45844419519e125e9cd2d44d898c 2813045 || ETPRO TROJAN Adware.Ymeta CnC Checkin || md5,f0d3ec831bbf6784a75dbf6f1ce0a961 2814203 || ETPRO TROJAN Adware.Win32/Bayads Activity || md5,04a4f3796a8387a48cd2a0a8e099ea9c 2819949 || ETPRO TROJAN Win32/Adware.Offtoup.A Checkin || md5,1a57ea194256fbbfed94c0246fd65848 2821750 || ETPRO TROJAN Win32/Adware.FileTour.BPL Checkin || md5,bfdcd15136ee00e1c35f32ee0e543b4e 2822035 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (Maldoc Downloader) || md5,49b907c4c350c40f60325374e1784d15 2823673 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Downloader) 2823952 || ETPRO TROJAN MSIL/PUP.Linkury Toolbar Adware || md5,1cef9e3c72e990ec1ba1a8ac91d35377 2825000 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc Download) 2827395 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2017-08-03) || md5,379a0288ef731eca89839462fe1d4630 2827757 || ETPRO TROJAN Win32/Unknown CnC Beacon || md5,58d2907361f6414742dcc5071ca20980 2827807 || ETPRO TROJAN Backdoor Unknown Checkin || md5,5a3675ebb6a560a25c6583cae847a41e 2827814 || ETPRO TROJAN Win32/Unknown CnC Checkin || md5,eeca7cf19d0a7a4d333476fab8e32cb0 2827858 || ETPRO TROJAN Unknown Downloader DNS Query (kekeoffer . com) || md5,2d197bdaaf95cb648f0572dbafa370ca 2827955 || ETPRO TROJAN Malicious Domain in SNI (Meterpreter) || md5,25b7b735e01790a404201b3ab50fb6d5