*********************** snort-edge etpro ***********************

[***] Results from Oinkmaster started Thu Feb  7 21:11:34 2019 [***]

[+++]          Added rules:          [+++]

 2026892 - ET POLICY External IP Address Lookup via iplocation.com (policy.rules)
 2834775 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt (CVE-2018-20062) M1 (exploit.rules)
 2834776 - ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt (CVE-2018-20062) M2 (exploit.rules)
 2834777 - ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules)
 2834778 - ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-02-07 Domain (amigosforever .net in TLS SNI) (current_events.rules)
 2834779 - ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-02-07) (current_events.rules)
 2834780 - ETPRO TROJAN N40 MalDoc Requesting Additional VBScript Payload (trojan.rules)
 2834781 - ETPRO CURRENT_EVENTS Successful Devspam Phish 2019-02-07 (current_events.rules)
 2834782 - ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-02-07 (current_events.rules)
 2834783 - ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-02-07 (current_events.rules)
 2834784 - ETPRO CURRENT_EVENTS Successful Zimbra Phish 2019-02-07 (current_events.rules)
 2834785 - ETPRO CURRENT_EVENTS Successful Banco de la Nacion Phish 2019-02-07 (current_events.rules)
 2834786 - ETPRO CURRENT_EVENTS Successful Sparkasse Credit Card Information Phish 2019-02-07 (current_events.rules)
 2834787 - ETPRO CURRENT_EVENTS Successful ICS Phish 2019-02-07 (current_events.rules)
 2834788 - ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-02-07 (current_events.rules)
 2834789 - ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-02-07 (current_events.rules)
 2834790 - ETPRO TROJAN Win32/Unk.Downloader Requesting Payload (trojan.rules)
 2834792 - ETPRO TROJAN Inbound JScript with Heavy CharCode Concat and WMIC Usage (trojan.rules)
 2834793 - ETPRO TROJAN Inbound JScript Executing Obfuscated Bitsadmin Job (trojan.rules)


[///]     Modified active rules:     [///]

 2026876 - ET USER_AGENTS Cayosin Botnet User-Agent Observed M1 (user_agents.rules)
 2026877 - ET USER_AGENTS Cayosin Botnet User-Agent Observed M2 (user_agents.rules)
 2821122 - ETPRO TROJAN PowerShell/TrojanDownloader.Agent.Q Retrieving Payload (trojan.rules)


[+++]      Added non-rule lines:     [+++]

     -> Added to sid-msg.map (21):
        2026876 || ET USER_AGENTS Cayosin Botnet User-Agent Observed M1
        2026877 || ET USER_AGENTS Cayosin Botnet User-Agent Observed M2
        2026892 || ET POLICY External IP Address Lookup via iplocation.com
        2834775 || ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt (CVE-2018-20062) M1 || url,github.com/nangge/noneCms/issues/21 || cve,2018-20062
        2834776 || ETPRO EXPLOIT Observed NoneCMS Code Execution Attempt (CVE-2018-20062) M2 || url,github.com/nangge/noneCms/issues/21 || cve,2018-20062
        2834777 || ETPRO TROJAN Observed Malicious SSL Cert (Ursnif CnC) || md5,022ff881dd393ac453d1466258d15b48
        2834778 || ETPRO CURRENT_EVENTS Observed MalDoc DL 2019-02-07 Domain (amigosforever .net in TLS SNI) || md5,a50e761090374186764116f7d93d3579
        2834779 || ETPRO CURRENT_EVENTS Observed Malicious SSL Cert (MalDoc DL 2019-02-07) || md5,83fa749c2453740b3221d520a836b280
        2834780 || ETPRO TROJAN N40 MalDoc Requesting Additional VBScript Payload || md5,38740b70d588bf138c484ae6ab6cc7c9
        2834781 || ETPRO CURRENT_EVENTS Successful Devspam Phish 2019-02-07
        2834782 || ETPRO CURRENT_EVENTS Successful Microsoft Phish 2019-02-07
        2834783 || ETPRO CURRENT_EVENTS Successful Netease 163 Phish 2019-02-07
        2834784 || ETPRO CURRENT_EVENTS Successful Zimbra Phish 2019-02-07
        2834785 || ETPRO CURRENT_EVENTS Successful Banco de la Nacion Phish 2019-02-07
        2834786 || ETPRO CURRENT_EVENTS Successful Sparkasse Credit Card Information Phish 2019-02-07
        2834787 || ETPRO CURRENT_EVENTS Successful ICS Phish 2019-02-07
        2834788 || ETPRO CURRENT_EVENTS Successful Microsoft Account Phish 2019-02-07
        2834789 || ETPRO CURRENT_EVENTS Successful Adobe Phish 2019-02-07
        2834790 || ETPRO TROJAN Win32/Unk.Downloader Requesting Payload || md5,6e1af20bdd1c2a084561884b2adc588d
        2834792 || ETPRO TROJAN Inbound JScript with Heavy CharCode Concat and WMIC Usage
        2834793 || ETPRO TROJAN Inbound JScript Executing Obfuscated Bitsadmin Job

[---]     Removed non-rule lines:    [---]

     -> Removed from sid-msg.map (2):
        2026876 || ET USER_AGENTS Cayosin Botnet User-Agent Observed
        2026877 || ET USER_AGENTS Cayosin Botnet User-Agent Observed