*********************** suricata-2.0-enhanced etpro *********************** [***] Results from Oinkmaster started Thu Nov 21 19:55:16 2019 [***] [+++] Added rules: [+++] 2029015 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029016 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029017 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029018 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029019 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029020 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029021 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029022 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029023 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029024 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029025 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029026 - ET TROJAN Mirai Variant User-Agent (Inbound) (trojan.rules) 2029027 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029028 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029029 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029030 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029031 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029032 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029033 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029034 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029035 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029036 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029037 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029038 - ET TROJAN Mirai Variant User-Agent (Outbound) (trojan.rules) 2029039 - ET TROJAN MuddyWater Payload - CnC Checkin (trojan.rules) 2029040 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1 (trojan.rules) 2029041 - ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2 (trojan.rules) 2029042 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 1 (trojan.rules) 2029043 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 2 (trojan.rules) 2029044 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 3 (trojan.rules) 2029045 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 4 (trojan.rules) 2029046 - ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 5 (trojan.rules) 2029047 - ET TROJAN Observed Malicious SSL Cert (Ursnif CnC) (trojan.rules) 2029048 - ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC) (trojan.rules) 2029049 - ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC) (trojan.rules) 2029050 - ET TROJAN Observed Malicious SSL Cert (Possible Godlua CnC) (trojan.rules) 2029051 - ET POLICY Observed SSL Cert (DoH Service) (policy.rules) 2839332 - ETPRO POLICY iolo Download Manager User-Agent Observed (policy.rules) 2839539 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 1) (trojan.rules) 2839540 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 2) (trojan.rules) 2839541 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 3) (trojan.rules) 2839542 - ETPRO CURRENT_EVENTS Successful SMBC Phish 2019-11-21 (current_events.rules) 2839543 - ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-11-21 (current_events.rules) 2839544 - ETPRO CURRENT_EVENTS Successful Binance Phish 2019-11-21 (current_events.rules) 2839545 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 (current_events.rules) 2839546 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 (current_events.rules) 2839547 - ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 (current_events.rules) 2839548 - ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2019-11-21 (current_events.rules) 2839549 - ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (aef4f) (current_events.rules) 2839550 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) (trojan.rules) 2839551 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) (trojan.rules) 2839552 - ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) (trojan.rules) 2839553 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules) 2839554 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules) 2839555 - ETPRO POLICY Observed SSL Cert (VPN Related) (policy.rules) 2839556 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules) 2839557 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules) 2839558 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules) 2839559 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules) 2839560 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules) 2839561 - ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) (trojan.rules) 2839562 - ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC) (trojan.rules) 2839563 - ETPRO TROJAN Win32/AD.CoinLoader CnC Checkin (trojan.rules) 2839564 - ETPRO MALWARE Win32/ZetaGames.A Checkin (malware.rules) 2839571 - ETPRO TROJAN Win32/Remcos RAT Checkin 256 (trojan.rules) [///] Modified active rules: [///] 2011588 - ET TROJAN Zeus Bot Connectivity Check (trojan.rules) 2017938 - ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 13 (trojan.rules) 2027120 - ET TROJAN ELF/Mirai Variant UA Inbound (Rift) (trojan.rules) 2027122 - ET TROJAN ELF/Mirai Variant UA Inbound (Tsunami) (trojan.rules) 2027124 - ET TROJAN ELF/Mirai Variant UA Inbound (Yowai) (trojan.rules) 2027126 - ET TROJAN ELF/Mirai Variant UA Inbound (Yakuza) (trojan.rules) 2027128 - ET TROJAN ELF/Mirai Variant UA Inbound (Hentai) (trojan.rules) 2027130 - ET TROJAN ELF/Mirai Variant UA Inbound (lessie) (trojan.rules) 2027132 - ET TROJAN ELF/Mirai Variant UA Inbound (Cakle) (trojan.rules) 2027134 - ET TROJAN ELF/Mirai Variant UA Inbound (Damien) (trojan.rules) 2027136 - ET TROJAN ELF/Mirai Variant UA Inbound (Solar) (trojan.rules) 2027138 - ET TROJAN ELF/Mirai Variant UA Inbound (muhstik) (trojan.rules) 2027140 - ET TROJAN ELF/Mirai Variant UA Inbound (Shaolin) (trojan.rules) 2028989 - ET TROJAN ELF/Mirai Variant UA Outbound (ph0ne) (trojan.rules) 2028990 - ET TROJAN ELF/Mirai Variant UA Outbound (Ouija_x.86) (trojan.rules) 2029013 - ET TROJAN Lemon_Duck Powershell - Install Tracking (trojan.rules) 2402000 - ET DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ET CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ET CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ET CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ET CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ET CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ET CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ET CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ET CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ET CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ET CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ET CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ET CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ET CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ET CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ET CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ET CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ET CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ET CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ET CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ET CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ET CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ET CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ET CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ET CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ET CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ET CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ET CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ET CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ET CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ET CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ET CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ET CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ET CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ET CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ET CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ET CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ET CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ET CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ET CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ET CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ET CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ET CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ET CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ET CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ET CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ET CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ET CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ET CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ET CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ET CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ET CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ET CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ET CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ET CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ET CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ET CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ET CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ET CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ET CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ET CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ET CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ET CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ET CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ET CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ET CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ET CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ET CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ET CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ET CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ET CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ET CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ET CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ET CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ET CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ET CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ET CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ET CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ET CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ET CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ET CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ET CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ET CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ET CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ET CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ET CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ET CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ET CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ET CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ET CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ET CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ET CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ET CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ET CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ET CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ET CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ET CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ET CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ET CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ET CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ET CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405000 - ET CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405001 - ET CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405002 - ET CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405003 - ET CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405004 - ET CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405005 - ET CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405006 - ET CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405007 - ET CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405008 - ET CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405009 - ET CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405010 - ET CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405011 - ET CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405012 - ET CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405013 - ET CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405014 - ET CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405015 - ET CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405016 - ET CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405017 - ET CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2807685 - ETPRO TROJAN Win32/Meredrop CnC (OUTBOUND) (trojan.rules) 2839239 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Inbound) (trojan.rules) 2839240 - ETPRO TROJAN ELF/Mirai User-Agent Observed (Outbound) (trojan.rules) 2839468 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (ph0ne) (trojan.rules) 2839469 - ETPRO TROJAN Observed ELF/Mirai Variant UA Inbound (Ouija_x.86) (trojan.rules) 2839514 - ETPRO TROJAN W32/Kanatara CnC Activity (trojan.rules) [///] Modified inactive rules: [///] 2804953 - ETPRO TROJAN Hupigon.68562 Checkin (trojan.rules) [---] Disabled rules: [---] 2007917 - ET TROJAN Dropper-497 (Yumato) Initial Checkin (trojan.rules) [---] Removed rules: [---] 2839332 - ETPRO MALWARE iolo Download Manager User-Agent Observed (malware.rules) [+++] Added non-rule lines: [+++] -> Added to sid-msg.map (68): 2029015 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029016 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029017 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029018 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029019 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029020 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029021 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029022 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029023 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029024 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029025 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029026 || ET TROJAN Mirai Variant User-Agent (Inbound) 2029027 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029028 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029029 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029030 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029031 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029032 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029033 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029034 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029035 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029036 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029037 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029038 || ET TROJAN Mirai Variant User-Agent (Outbound) 2029039 || ET TROJAN MuddyWater Payload - CnC Checkin 2029040 || ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M1 || url,blog.netlab.360.com/the-awaiting-roboto-botnet-en/ 2029041 || ET TROJAN ELF/Roboto - Possible Encrypted Roboto P2P Payload Requested M2 || url,blog.netlab.360.com/the-awaiting-roboto-botnet-en/ 2029042 || ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 1 || url,blog.netlab.360.com/the-awaiting-roboto-botnet-en/ 2029043 || ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 2 || url,blog.netlab.360.com/the-awaiting-roboto-botnet-en/ 2029044 || ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 3 || url,blog.netlab.360.com/the-awaiting-roboto-botnet-en/ 2029045 || ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 4 || url,blog.netlab.360.com/the-awaiting-roboto-botnet-en/ 2029046 || ET TROJAN ELF/Roboto - Communicating with Hardcoded Peer 5 || url,blog.netlab.360.com/the-awaiting-roboto-botnet-en/ 2029047 || ET TROJAN Observed Malicious SSL Cert (Ursnif CnC) 2029048 || ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC) || url,www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/ 2029049 || ET TROJAN Observed Malicious SSL Cert (ACBackdoor CnC) || url,www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/ 2029050 || ET TROJAN Observed Malicious SSL Cert (Possible Godlua CnC) 2029051 || ET POLICY Observed SSL Cert (DoH Service) 2522686 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 687 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522687 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 688 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2522688 || ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 689 || url,doc.emergingthreats.net/bin/view/Main/TorRules 2839332 || ETPRO POLICY iolo Download Manager User-Agent Observed 2839539 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 1) || md5,c147d46f54b3e5a5b0a2cc058c722c41 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2839540 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 2) || md5,a2ca7cc390e3dc35b1bb5225f9a63caa || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2839541 || ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-11-20 3) || md5,cb148c7d77617f5f076973d4ea3410f8 || url,mining.bitcoin.cz/stratum-mining || url,www.btcguild.com/new_protocol.php || url,research.zscaler.com/2013/12/bitcoin-mining-operation-seen-across.html 2839542 || ETPRO CURRENT_EVENTS Successful SMBC Phish 2019-11-21 2839543 || ETPRO CURRENT_EVENTS Successful Office 365 Phish 2019-11-21 2839544 || ETPRO CURRENT_EVENTS Successful Binance Phish 2019-11-21 2839545 || ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 2839546 || ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 2839547 || ETPRO CURRENT_EVENTS Successful Caixa Bank Phish 2019-11-21 2839548 || ETPRO CURRENT_EVENTS Successful Adobe PDF Cloud Phish 2019-11-21 2839549 || ETPRO CURRENT_EVENTS Evil Keitaro Set-Cookie Inbound (aef4f) 2839550 || ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) 2839551 || ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) 2839552 || ETPRO TROJAN Observed Malicious SSL Cert (Dreambot CnC) 2839553 || ETPRO POLICY Observed SSL Cert (VPN Related) || md5,61b54258cb53d65bfa43ab639475acc6 2839554 || ETPRO POLICY Observed SSL Cert (VPN Related) || md5,61b54258cb53d65bfa43ab639475acc6 2839555 || ETPRO POLICY Observed SSL Cert (VPN Related) || md5,61b54258cb53d65bfa43ab639475acc6 2839556 || ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) || md5,4b365b385c3ab1a0e74da5ca58965b18 2839557 || ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) || md5,4b365b385c3ab1a0e74da5ca58965b18 2839558 || ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) || md5,4b365b385c3ab1a0e74da5ca58965b18 2839559 || ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) || md5,5c7023af36caf38091e1e0b007ca8b9c 2839560 || ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) || md5,5c7023af36caf38091e1e0b007ca8b9c 2839561 || ETPRO TROJAN Observed Malicious SSL Cert (ServHelper CnC) || md5,5c7023af36caf38091e1e0b007ca8b9c 2839562 || ETPRO TROJAN Observed Malicious SSL Cert (SmokeLoader CnC) 2839563 || ETPRO TROJAN Win32/AD.CoinLoader CnC Checkin || md5,2aef0034270a4bf45ee1589bc60b3ef9 2839564 || ETPRO MALWARE Win32/ZetaGames.A Checkin || md5,bd9c52d2a89600a9ac68720c6fe4933b 2839571 || ETPRO TROJAN Win32/Remcos RAT Checkin 256 [---] Removed non-rule lines: [---] -> Removed from sid-msg.map (2): 2500028 || ET COMPROMISED Known Compromised or Hostile Host Traffic group 15 || url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts 2839332 || ETPRO MALWARE iolo Download Manager User-Agent Observed