Notícias - Powered by Kayako https://suporte.freebsdbrasil.com.br:443/index.php? Help Desk Software

Live Chat Software by Kayako

Notícias

Jun 24	ProApps Security IDS Rules Changelog 2016-06-24 Postado por Rafael Honorato on 24/Jun 09:18
[*] Summary 2016-06-24 [] Total added rules: 232 Total modified rules: 1063 Total removed rules: 11 [] ProApps Security IDS Rules Changelog started Thu Jun 23 19:04:37 2016 [] [+++] Added rules: 24 [+++] 2022913 - ProApps INFO WinHttp AutoProxy Request wpad.dat Possible BadTunnel (info.rules) 2022914 - ProApps INFO NBNS Name Query Response Possible WPAD Spoof BadTunnel (info.rules) 2403406 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 107 (ciarmy.rules) 2403407 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 108 (ciarmy.rules) 2403408 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 109 (ciarmy.rules) 2403409 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 110 (ciarmy.rules) 2403410 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 111 (ciarmy.rules) 2403411 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 112 (ciarmy.rules) 2403412 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 113 (ciarmy.rules) 2403413 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 114 (ciarmy.rules) 2403414 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 115 (ciarmy.rules) 2820836 - ProApps TROJAN W32/Unknown Stealer Sending Passwords (trojan.rules) 2820837 - ProApps TROJAN W32/Wbmoney Checkin (trojan.rules) 2820838 - ProApps MOBILE_MALWARE ANDROIDOS_ROOTNIK.CBTCT / Godless Checkin (mobile_malware.rules) 2820839 - ProApps TROJAN CoinMiner Known Malicious Stratum Authline (2016-06-22 1) (trojan.rules) 2820840 - ProApps CURRENT_EVENTS SunDown EK Flash Exploit M2 June 20 2016 (current_events.rules) 2820841 - ProApps CURRENT_EVENTS SunDown EK Landing June 21 2016 M1 (current_events.rules) 2820842 - ProApps INFO HTML-Encoder HTML Obfuscation (info.rules) 2820843 - ProApps CURRENT_EVENTS Shipping Document Phishing Landing Jun 23 (current_events.rules) 2820844 - ProApps CURRENT_EVENTS Successful AT&T Webmail Phish Jun 23 (current_events.rules) 2820845 - ProApps CURRENT_EVENTS Successful Microsoft Encrypted Email Phish Jun 23 M2 (current_events.rules) 2820846 - ProApps CURRENT_EVENTS Microsoft Encrypted Email Phishing Landing Jun 23 (current_events.rules) 2820847 - ProApps CURRENT_EVENTS Successful Standard Bank Phish Jun 23 (current_events.rules) 2820848 - ProApps TROJAN Win32/TrojanDownloader.IndigoRose.R Downloading EXE (trojan.rules) [+++] Modify rules: 153 [+++] 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2403400 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 101 (ciarmy.rules) 2403401 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 102 (ciarmy.rules) 2403402 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 103 (ciarmy.rules) 2403403 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 104 (ciarmy.rules) 2403404 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 105 (ciarmy.rules) 2403405 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 106 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1881 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2808948 - ProApps TROJAN Trojan/Woool.c Checkin (trojan.rules) 2814126 - ProApps CURRENT_EVENTS Successful Vmware/Zimbra Phish Sept 28 (current_events.rules) 2815244 - ProApps CURRENT_EVENTS Successful Wildblue/CenturyLink Phish Dec 8 (current_events.rules) 2820756 - ProApps CURRENT_EVENTS SunDown EK Payload June 20 2016 M2 (current_events.rules) [+++] Removed rules: 2 [+++] 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Wed Jun 22 18:43:50 2016 [] [+++] Added rules: 50 [+++] 2018617 - ProApps MALWARE Downloader.NSIS.OutBrowse.b Checkin (malware.rules) 2022909 - ProApps CURRENT_EVENTS Evil Redirect Leading to EK Jun 22 2016 M1 (current_events.rules) 2022910 - ProApps CURRENT_EVENTS Evil Redirect Leading to EK Jun 22 2016 M2 (current_events.rules) 2022911 - ProApps MALWARE LoadMoney User-Agent (malware.rules) 2022912 - ProApps WEB_SERVER Apache Continuum Arbitrary Command Execution (web_server.rules) 2403402 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 103 (ciarmy.rules) 2403403 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 104 (ciarmy.rules) 2403404 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 105 (ciarmy.rules) 2403405 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 106 (ciarmy.rules) 2820795 - ProApps TROJAN Backdoor.Win32.Androm.jufj .onion Proxy Domain (trojan.rules) 2820796 - ProApps TROJAN APT28 Likely EK DNS Lookup (trojan.rules) 2820797 - ProApps TROJAN APT28 Likely EK DNS Lookup (trojan.rules) 2820798 - ProApps TROJAN APT28 Likely EK DNS Lookup (trojan.rules) 2820799 - ProApps TROJAN APT28 Likely EK DNS Lookup (trojan.rules) 2820800 - ProApps TROJAN APT28 Likely EK DNS Lookup (trojan.rules) 2820801 - ProApps CURRENT_EVENTS Possible barclays.co.uk Phishing Domain Jun 22 (current_events.rules) 2820802 - ProApps CURRENT_EVENTS Successful Singtel Phish Jun 22 (current_events.rules) 2820803 - ProApps CURRENT_EVENTS Possible Successful Generic Phish Jun 22 (current_events.rules) 2820804 - ProApps CURRENT_EVENTS Phishing Landing via Weebly.com June 21 (current_events.rules) 2820805 - ProApps CURRENT_EVENTS Email Termination Phishing Landing Jun 22 (current_events.rules) 2820806 - ProApps CURRENT_EVENTS Successful Email Termination Phish Jun 22 (current_events.rules) 2820807 - ProApps CURRENT_EVENTS H&M Revenue Phishing Landing Jun 22 (current_events.rules) 2820808 - ProApps CURRENT_EVENTS Successful H&M Revenue Phish Jun 22 M1 (current_events.rules) 2820809 - ProApps CURRENT_EVENTS Successful H&M Revenue Phish Jun 22 M2 (current_events.rules) 2820810 - ProApps CURRENT_EVENTS Phishing Landing via my-free.website (set) Jun 21 (current_events.rules) 2820811 - ProApps CURRENT_EVENTS Phishing Landing via my-free.website Jun 21 M1 (current_events.rules) 2820812 - ProApps CURRENT_EVENTS Phishing Landing via my-free.website Jun 21 M2 (current_events.rules) 2820813 - ProApps CURRENT_EVENTS Phishing Landing via my-free.website Jun 21 M3 (current_events.rules) 2820814 - ProApps CURRENT_EVENTS Phishing Landing via my-free.website Jun 21 M4 (current_events.rules) 2820815 - ProApps CURRENT_EVENTS Phishing Landing via my-free.website Jun 21 M5 (current_events.rules) 2820816 - ProApps INFO Data Submitted to my-free.website - Possible Phishing (info.rules) 2820817 - ProApps TROJAN Malicious SSL certificate detected (Ursnif Injects) (trojan.rules) 2820818 - ProApps POLICY DNS Query to .onion proxy Domain (dkrti5.win) (policy.rules) 2820819 - ProApps POLICY DNS Query to .onion proxy Domain (vmfu48.win) (policy.rules) 2820820 - ProApps POLICY DNS Query to .onion proxy Domain (gkfit9.win) (policy.rules) 2820821 - ProApps POLICY DNS Query to .onion proxy Domain (cneo59.win) (policy.rules) 2820822 - ProApps POLICY DNS Query to .onion proxy Domain (onion.rip) (policy.rules) 2820823 - ProApps POLICY DNS Query to .onion proxy Domain (xmfir0.win) (policy.rules) 2820824 - ProApps TROJAN Win32/Neshta.A CnC Checkin M1 (set) (trojan.rules) 2820825 - ProApps TROJAN Win32/Neshta.A CnC Checkin M1 (trojan.rules) 2820826 - ProApps TROJAN Win32/Neshta.A CnC Checkin M2 (set) (trojan.rules) 2820827 - ProApps TROJAN Win32/Neshta.A CnC Checkin M2 (trojan.rules) 2820828 - ProApps TROJAN Bladabindi/njRAT Variant CnC Checkin (trojan.rules) 2820829 - ProApps MALWARE MSIL/PUP.Wizzcaster Adware Checkin (malware.rules) 2820830 - ProApps TROJAN W32/Banload Variant Connectivity Check (trojan.rules) 2820831 - ProApps CURRENT_EVENTS Successful Webmail Phish Jun 22 M1 (current_events.rules) 2820832 - ProApps CURRENT_EVENTS Webmail Phishing Landing Jun 22 (current_events.rules) 2820833 - ProApps CURRENT_EVENTS Successful Webmail Phish Jun 22 M2 (current_events.rules) 2820834 - ProApps CURRENT_EVENTS Successful Webmail Phish Jun 22 M3 (current_events.rules) 2820835 - ProApps INFO Suspicious Redirect to Recursive PHP - Possible Phishing (info.rules) [+++] Modify rules: 148 [+++] 2011341 - ProApps TROJAN Suspicious POST to WINDOWS Folder Possible Malware Infection (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2403400 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 101 (ciarmy.rules) 2403401 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 102 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 1881 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 2 [+++] 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Tue Jun 21 18:38:43 2016 [] [+++] Added rules: 45 [+++] 2022907 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole) (trojan.rules) 2022908 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL Certificate Detected (Sinkhole) (trojan.rules) 2403399 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2403400 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 101 (ciarmy.rules) 2403401 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 102 (ciarmy.rules) 2820755 - ProApps CURRENT_EVENTS Sundown EK Payload June 20 2016 M1 (current_events.rules) 2820756 - ProApps CURRENT_EVENTS SunDown EK Payload June 20 2016 M2 (current_events.rules) 2820757 - ProApps TROJAN APT SWC PluginDetect/Evercookie DNS Lookup (trojan.rules) 2820758 - ProApps TROJAN APT SWC PluginDetect/Evercookie DNS Lookup (trojan.rules) 2820759 - ProApps TROJAN APT SWC PluginDetect/Evercookie DNS Lookup (trojan.rules) 2820760 - ProApps TROJAN APT SWC PluginDetect/Evercookie DNS Lookup (trojan.rules) 2820761 - ProApps TROJAN RumbleCrypt Ransomware .onion Proxy Domain (trojan.rules) 2820762 - ProApps CURRENT_EVENTS Possible Amazon Phishing Domain Jun 20 (current_events.rules) 2820763 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820764 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820765 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820766 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820767 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820768 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820769 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820770 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820771 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820772 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820773 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820774 - ProApps TROJAN Known Malicious Ethereum Traffic (trojan.rules) 2820775 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Jun 21 2016 T1 (current_events.rules) 2820776 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK Keitaro Jun 21 2016 T2 (current_events.rules) 2820777 - ProApps TROJAN W32/Trojan.Offend Checkin (trojan.rules) 2820778 - ProApps TROJAN PoisonIvy Keepalive to CnC 426 (trojan.rules) 2820779 - ProApps TROJAN APT SWC Redirected Request June 21 2016 (trojan.rules) 2820780 - ProApps TROJAN APT SWC Redirected Request June 21 2016 (trojan.rules) 2820781 - ProApps TROJAN Possible APT SWC Redirecting to PluginDetect/Evercookie Landing June 21 2016 (trojan.rules) 2820782 - ProApps CURRENT_EVENTS APT SWC Redirected PluginDetect/Evercookie Landing June 21 2016 (current_events.rules) 2820783 - ProApps TROJAN RumbleCrypt Ransomware Domain in SNI (trojan.rules) 2820784 - ProApps TROJAN RumbleCrypt SSL Cert (trojan.rules) 2820785 - ProApps TROJAN Syscan Tool Results Upload (trojan.rules) 2820786 - ProApps TROJAN DiamondFox HTTP POST CnC Beacon 5 (trojan.rules) 2820787 - ProApps TROJAN DiamondFox HTTP POST CnC Response (trojan.rules) 2820788 - ProApps MOBILE_MALWARE Android.Riskware.SmsPay.MG Checkin (mobile_malware.rules) 2820789 - ProApps TROJAN Malicious SSL certificate detected (Ursnif Injects) (trojan.rules) 2820790 - ProApps TROJAN Malicious SSL certificate detected (Gootkit Injects) (trojan.rules) 2820791 - ProApps TROJAN Ursnif Injects Domain in SNI (trojan.rules) 2820792 - ProApps TROJAN Ursnif Injects Domain in SNI (trojan.rules) 2820793 - ProApps TROJAN Ursnif Injects Domain in SNI (trojan.rules) 2820794 - ProApps TROJAN Ursnif Injects Domain in SNI (trojan.rules) [+++] Modify rules: 152 [+++] 2012892 - ProApps TROJAN JKDDOS Bot CnC Phone Home Message (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 1881 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2811723 - ProApps CURRENT_EVENTS APT SWC Redirected Request June 29 2015 (current_events.rules) 2811724 - ProApps CURRENT_EVENTS APT SWC Redirected PluginDetect Landing June 29 2015 (current_events.rules) 2820126 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1041) (web_client.rules) 2820153 - ProApps WEB_CLIENT Possible Adobe Acrobat Reader (CVE-2016-1086) (web_client.rules) 2820175 - ProApps TROJAN Possible Ruckguv Module Download (trojan.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Mon Jun 20 20:25:23 2016 [] [+++] Added rules: 20 [+++] 2022906 - ProApps TROJAN Unknown Ransomware Landing Page (trojan.rules) 2403398 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2820736 - ProApps TROJAN W32/Farfli RAT Variant Checkin (trojan.rules) 2820737 - ProApps TROJAN Omaneat .onion Proxy Domain (trojan.rules) 2820738 - ProApps TROJAN Malicious SSL certificate detected (Ursnif Injects) (trojan.rules) 2820739 - ProApps TROJAN Malicious SSL certificate detected (Ursnif Injects) (trojan.rules) 2820740 - ProApps TROJAN PoisonIvy Keepalive to CnC 423 (trojan.rules) 2820741 - ProApps TROJAN PoisonIvy Keepalive to CnC 424 (trojan.rules) 2820742 - ProApps TROJAN PoisonIvy Keepalive to CnC 425 (trojan.rules) 2820743 - ProApps TROJAN Unknown Ransomware Ransom Image Download (trojan.rules) 2820744 - ProApps MOBILE_MALWARE Android/Agent.WI Checkin (mobile_malware.rules) 2820745 - ProApps MOBILE_MALWARE Monitor.AndroidOS.Toreoc.a Checkin (mobile_malware.rules) 2820747 - ProApps MOBILE_MALWARE Android/TrojanDropper.Agent.SC Checkin (mobile_malware.rules) 2820748 - ProApps TROJAN Agent_Tesla Exfil via FTP (trojan.rules) 2820749 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kb Checkin (mobile_malware.rules) 2820750 - ProApps TROJAN Possible Gootkit CnC Domain in SNI (trojan.rules) 2820751 - ProApps TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules) 2820752 - ProApps TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules) 2820753 - ProApps MOBILE_MALWARE Trojan-SMS.AndroidOS.FakeInst.fz Checkin (mobile_malware.rules) 2820754 - ProApps CURRENT_EVENTS Magnitude EK Landing Jun 20 2016 (current_events.rules) [+++] Modify rules: 178 [+++] 2400000 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2400031 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 1881 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2814068 - ProApps TROJAN XCodeGhost Beacon (trojan.rules) [+++] Removed rules: 2 [+++] 2816611 - ProApps CURRENT_EVENTS American Express Phishing Landing Mar 10 (current_events.rules) 2820606 - ProApps EXPLOIT Win32k Privilege Elevation Vuln (CVE-2016-3221 1) (exploit.rules) [] ProApps Security IDS Rules Changelog started Fri Jun 17 17:46:40 2016 [] [+++] Added rules: 32 [+++] 2022905 - ProApps CURRENT_EVENTS Suspicious Hidden Javascript Redirect - Possible Phishing Jun 17 (current_events.rules) 2820705 - ProApps TROJAN W32/Bayrob Attempted Checkin 3 (trojan.rules) 2820706 - ProApps MOBILE_MALWARE Android/TrojanDropper.Shedun.V Checkin 2 (mobile_malware.rules) 2820707 - ProApps MALWARE Adwind .onion Proxy Domain (malware.rules) 2820708 - ProApps TROJAN Ryzerlo .onion Proxy Domain (trojan.rules) 2820709 - ProApps MALWARE Win32/FlyStudio Variant CnC Beacon (malware.rules) 2820710 - ProApps CURRENT_EVENTS Neutrino EK Payload June 11 2016 M3 (current_events.rules) 2820711 - ProApps TROJAN Win32/Bagsu Check-in (trojan.rules) 2820712 - ProApps TROJAN Win32/SpyBot IRC Join (trojan.rules) 2820713 - ProApps TROJAN Operation Daybreak ScarCruft APT Landing Page (trojan.rules) 2820714 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Guerrilla.c Checkin (mobile_malware.rules) 2820715 - ProApps TROJAN Jenxcus .onion Proxy Domain (trojan.rules) 2820716 - ProApps POLICY DNS Query to .onion proxy Domain (lfotp5.win) (policy.rules) 2820717 - ProApps POLICY DNS Query to .onion proxy Domain (6oifgr.win) (policy.rules) 2820718 - ProApps POLICY DNS Query to .onion proxy Domain (zx34jk.win) (policy.rules) 2820719 - ProApps POLICY DNS Query to .onion proxy Domain (torminimals.li) (policy.rules) 2820720 - ProApps POLICY DNS Query to .onion proxy Domain (xo59ok.win) (policy.rules) 2820721 - ProApps POLICY DNS Query to .onion proxy Domain (rt4e34.win) (policy.rules) 2820722 - ProApps POLICY DNS Query to .onion proxy Domain (as13fd.win) (policy.rules) 2820723 - ProApps POLICY DNS Query to .onion proxy Domain (xlfp45.win) (policy.rules) 2820724 - ProApps POLICY DNS Query to .onion proxy Domain (xltnet.win) (policy.rules) 2820725 - ProApps POLICY DNS Query to .onion proxy Domain (ret5kr.win) (policy.rules) 2820726 - ProApps POLICY DNS Query to .onion proxy Domain (xmfhr6.win) (policy.rules) 2820727 - ProApps POLICY DNS Query to .onion proxy Domain (tordrims.li) (policy.rules) 2820728 - ProApps POLICY DNS Query to .onion proxy Domain (bibliopayoption.com) (policy.rules) 2820729 - ProApps POLICY DNS Query to .onion proxy Domain (slr849.win) (policy.rules) 2820730 - ProApps POLICY DNS Query to .onion proxy Domain (zgf48j.win) (policy.rules) 2820731 - ProApps TROJAN TorrentLocker DNS query to Domain .clotherdor.net (trojan.rules) 2820732 - ProApps CURRENT_EVENTS Successful Christian Mingle Phish Jun 17 (current_events.rules) 2820733 - ProApps CURRENT_EVENTS Dropbox Shared Document Phishing Landing Jun 17 (current_events.rules) 2820734 - ProApps CURRENT_EVENTS Successful Maybank2u Phish Jun 17 (current_events.rules) 2820735 - ProApps CURRENT_EVENTS Successful Xfinity/Comcast Phish Jun 17 (current_events.rules) [+++] Modify rules: 147 [+++] 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2816650 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Hqwar.m Checkin (mobile_malware.rules) 2820322 - ProApps MOBILE_MALWARE Android.Trojan.HiddenApp.KB Checkin (mobile_malware.rules) [+++] Removed rules: 4 [+++] 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [*] ProApps Security IDS Rules Changelog started Thu Jun 16 18:06:58 2016 [] [+++] Added rules: 23 [+++] 2022904 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK Jun 15 2016 (current_events.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820688 - ProApps TROJAN MSIL/UnknownStealer Exfil via FTP (trojan.rules) 2820689 - ProApps MOBILE_MALWARE Android/TrojanSMS.Agent.YW Checkin (mobile_malware.rules) 2820690 - ProApps TROJAN PoisonIvy Keepalive to CnC 421 (trojan.rules) 2820691 - ProApps TROJAN PoisonIvy Keepalive to CnC 422 (trojan.rules) 2820692 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Acecard.l .Onion Proxy (mobile_malware.rules) 2820693 - ProApps CURRENT_EVENTS Successful Navy Federal Phish Jun 16 (current_events.rules) 2820694 - ProApps CURRENT_EVENTS Successful Earthlink Phish Jun 16 (current_events.rules) 2820695 - ProApps CURRENT_EVENTS Terse POST to Wordpress Folder - Probable Successful Phishing M2 (current_events.rules) 2820696 - ProApps CURRENT_EVENTS Terse POST to Wordpress Folder - Probable Successful Phishing M3 (current_events.rules) 2820697 - ProApps TROJAN TorrentLocker DNS query to Domain .firsttoysworld.com (trojan.rules) 2820698 - ProApps TROJAN TorrentLocker DNS query to Domain .drinkwiskey.net (trojan.rules) 2820699 - ProApps TROJAN TorrentLocker DNS query to Domain .coaltrak.net (trojan.rules) 2820700 - ProApps TROJAN TorrentLocker DNS query to Domain .bigdigitals.com (trojan.rules) 2820701 - ProApps TROJAN TorrentLocker DNS query to Domain .billagefact.org (trojan.rules) 2820702 - ProApps TROJAN PhotoMiner Connectivity Check 2 (trojan.rules) 2820703 - ProApps MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules) 2820704 - ProApps TROJAN NanoCore RAT CnC 10 (trojan.rules) [+++] Modify rules: 148 [+++] 2014726 - ProApps POLICY Outdated Windows Flash Version IE (policy.rules) 2022894 - ProApps CURRENT_EVENTS SUSPICIOUS Firesale gTLD IE Flash request to set non-standard filename (some overlap with 2021752) (current_events.rules) 2022900 - ProApps TROJAN FOX-SRT ShimRat check-in (Data) (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4747 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5900 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7493 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2815469 - ProApps CURRENT_EVENTS Terse POST to Wordpress Folder - Probable Successful Phishing (current_events.rules) [+++] Removed rules: 0 [+++] [*] ProApps Security IDS Rules Changelog started Wed Jun 15 20:00:08 2016 [] [+++] Added rules: 38 [+++] 2022897 - ProApps TROJAN Win32.Crypren/Zcrypt Ransomware Checkin (trojan.rules) 2022898 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK Jun 14 2016 (current_events.rules) 2022899 - ProApps TROJAN JS/RAA Ransomware check-in (trojan.rules) 2022900 - ProApps TROJAN FOX-SRT ShimRat check-in (Data) (trojan.rules) 2022901 - ProApps TROJAN FOX-SRT ShimRat check-in (php) (trojan.rules) 2022902 - ProApps TROJAN FOX-SRT ShimRat check-in (Yuok) (trojan.rules) 2022903 - ProApps TROJAN FOX-SRT ShimRatReporter check-in (trojan.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820665 - ProApps MALWARE PUA.BrowSecX Downloading Modules (malware.rules) 2820666 - ProApps CURRENT_EVENTS Successful Yahoo Phish Jun 15 M1 (current_events.rules) 2820667 - ProApps CURRENT_EVENTS Successful Yahoo Phish Jun 15 M2 (current_events.rules) 2820668 - ProApps CURRENT_EVENTS Successful BNP Paribas Bank Phish Jun 15 (current_events.rules) 2820669 - ProApps CURRENT_EVENTS Successful Square Phish Jun 15 (current_events.rules) 2820670 - ProApps MOBILE_MALWARE Android/Spy.AndroRAT.T Checkin (mobile_malware.rules) 2820671 - ProApps TROJAN TorrentLocker DNS query to Domain .vesttessy.net (trojan.rules) 2820672 - ProApps TROJAN TorrentLocker DNS query to Domain *.goldvredy.org (trojan.rules) 2820673 - ProApps MALWARE W32/Adload/Eorezo Variant Checkin (malware.rules) 2820674 - ProApps TROJAN PoisonIvy Keepalive to CnC 420 (trojan.rules) 2820675 - ProApps TROJAN Unknown Ransomware User Agent (trojan.rules) 2820676 - ProApps TROJAN Unknown Ransomware Checkin (trojan.rules) 2820677 - ProApps MOBILE_MALWARE Android.Trojan.InfoStealer.FQ Checkin via FTP (mobile_malware.rules) 2820678 - ProApps TROJAN Unknown Banker Getting Injects (trojan.rules) 2820679 - ProApps TROJAN Unknown Banker Checkin (trojan.rules) 2820680 - ProApps TROJAN W32/Bayrob Attempted Checkin 2 (trojan.rules) 2820681 - ProApps TROJAN W32/XPCSpyPro/RemoteManipulator RAT Checkin (trojan.rules) 2820682 - ProApps MOBILE_MALWARE Trojan.Android.SmsSend.dzhtny Checkin (mobile_malware.rules) 2820683 - ProApps CURRENT_EVENTS Successful Chase Phish Jun 15 (current_events.rules) 2820684 - ProApps CURRENT_EVENTS Successful Apple Phish Jun 15 (current_events.rules) 2820685 - ProApps CURRENT_EVENTS Successful USAA Phish Jun 15 (current_events.rules) 2820686 - ProApps CURRENT_EVENTS Successful Paypal Phish Jun 15 (current_events.rules) 2820687 - ProApps MOBILE_MALWARE Android Unknown Trojan SMS Exfiltration (mobile_malware.rules) [+++] Modify rules: 137 [+++] 2008038 - ProApps MALWARE User-Agent (Mozilla/4.0 (compatible ICS)) (malware.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 1 [+++] 2820318 - ProApps TROJAN Win32.Crypren/Zcrypt Ransomware Checkin (trojan.rules) Read more »

Jun 15	ProApps Security IDS Rules Changelog 2016-06-15 Postado por Rafael Honorato on 15/Jun 10:21
[*] Summary 2016-06-15 [] Total added rules: 146 Total modified rules: 890 Total removed rules: 39 [] ProApps Security IDS Rules Changelog started Tue Jun 14 19:40:19 2016 [] [+++] Added rules: 44 [+++] 2820621 - ProApps EXPLOIT Symantec System Center Alert Management System (xfr.exe) Arbitrary Command Execution CVE (CVE-2009-1429) (exploit.rules) 2820622 - ProApps WEB_CLIENT Microsoft Visual Studio Mdmask32.ocx ActiveX Buffer Overflow (CVE-2008-3704) (web_client.rules) 2820623 - ProApps EXPLOIT IBM Lotus Domino Sametime STMux.exe Stack Buffer Overflow (CVE-2008-2499) (exploit.rules) 2820624 - ProApps EXPLOIT HP OpenView Network Node Manager HTTP handling buffer overflow (CVE-2008-1697) (exploit.rules) 2820625 - ProApps EXPLOIT SAP SAPLPD 6.28 Buffer Overflow (CVE-2008-0621) (exploit.rules) 2820626 - ProApps WEB_SERVER HP OpenView Network Node Manager Toolbar.exe HTTP Request Buffer Overflow (web_server.rules) 2820627 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820628 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820629 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820630 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820631 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820632 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820633 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820634 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820635 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820636 - ProApps WEB_CLIENT Microsoft DirectShow (msvidctl.dll) MPEG-2 Memory Corruption (CVE-2008-0015) (web_client.rules) 2820637 - ProApps WEB_SERVER SAP DB Web Server Stack Overflow (CVE-2007-3614) (web_server.rules) 2820638 - ProApps EXPLOIT Asterisk Multiple Buffer Overflows Allows Remote Code Execution via Parameters in an SIP Message M1 (CVE-2007-2293) (exploit.rules) 2820639 - ProApps EXPLOIT Asterisk Multiple Buffer Overflows Allows Remote Code Execution via Parameters in an SIP Message M2 (CVE-2007-2293) (exploit.rules) 2820640 - ProApps EXPLOIT CA BrightStor ARCserve Backup mediasvr RPC Buffer Overflow Vuln M1 (CVE-2007-1785) (exploit.rules) 2820641 - ProApps EXPLOIT IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 buffer overflow (CVE-2007-1675) (set) (exploit.rules) 2820642 - ProApps EXPLOIT IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 buffer overflow (CVE-2007-1675) (set) (exploit.rules) 2820643 - ProApps EXPLOIT IBM Lotus Domino IMAP Server (nimap.exe) CRAM-MD5 buffer overflow (CVE-2007-1675) (exploit.rules) 2820644 - ProApps EXPLOIT OpenLDAP SASL authcid Name BIND Request (CVE-2006-5779) (exploit.rules) 2820645 - ProApps EXPLOIT Novell eDirectory NDS Server Host Header Overflow (CVE-2006-5478) (exploit.rules) 2820646 - ProApps NETBIOS Tree Connect AndX Request IPC$ Unicode (netbios.rules) 2820647 - ProApps NETBIOS SMB NT Create AndX Request \srvsvc (netbios.rules) 2820648 - ProApps NETBIOS DCERPC Microsoft Workstation Service NetpManageIPCConnect Overflow (CVE-2006-4691) (netbios.rules) 2820649 - ProApps NETBIOS SMB NT Create AndX Request \ntsvcs (netbios.rules) 2820650 - ProApps NETBIOS DCERPC Microsoft Windows Client Service for NetWare Memory Corruption (CVE-2006-4688) (netbios.rules) 2820651 - ProApps EXPLOIT IMail 2006 and 8.x SMTP Stack Overflow (CVE-2006-4379) (exploit.rules) 2820652 - ProApps EXPLOIT IMail 2006 and 8.x SMTP Stack Overflow (CVE-2006-4305) (exploit.rules) 2820653 - ProApps EXPLOIT PHP File Upload GLOBAL Variable Overwrite Vulnerability (exploit.rules) 2820654 - ProApps EXPLOIT Veritas Netbackup bpjava-msvc Format String Attack (CVE-2004-2715) (exploit.rules) 2820655 - ProApps EXPLOIT MS05-048 Collaboration Data Objects BO (CVE-2004-1987) (exploit.rules) 2820656 - ProApps EXPLOIT ASN.1 Buffer Overflow Attempt (exploit.rules) 2820657 - ProApps EXPLOIT CA BrightStor Discovery Service Stack Buffer Overflow (exploit.rules) 2820658 - ProApps EXPLOIT IE 6 HTML Elements Vulnerability (FRAME or IFRAME) (CVE-2004-1050) (exploit.rules) 2820659 - ProApps EXPLOIT IE 6 HTML Elements Vulnerability (EMBED) (CVE-2004-1050) (exploit.rules) 2820660 - ProApps EXPLOIT Possible SVN Date Parsing Buffer Overflow (exploit.rules) 2820661 - ProApps EXPLOIT Possible SVN Date Parsing Buffer Overflow (exploit.rules) 2820662 - ProApps WEB_SERVER WhatsUpGold Instancename Overflow Attempt (web_server.rules) 2820663 - ProApps EXPLOIT Possible IIS ISAPI IDQ Extension Buffer Overflow (exploit.rules) 2820664 - ProApps EXPLOIT Possible IIS ISAPI IDA Extension Buffer Overflow (exploit.rules) [+++] Modify rules: 2 [+++] 2807970 - ProApps TROJAN Win32/Neurevt.A/Betabot Checkin 3 (trojan.rules) 2816403 - ProApps TROJAN Win32/Evotob.B Variant Checkin Response (trojan.rules) [+++] Removed rules: 1 [+++] 2811164 - ProApps CURRENT_EVENTS Angler EK Landing T1 April 29 2015 M5 (current_events.rules) [] ProApps Security IDS Rules Changelog started Tue Jun 14 16:29:56 2016 [] [+++] Added rules: 31 [+++] 2022896 - ProApps CURRENT_EVENTS SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 (current_events.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2820593 - ProApps TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules) 2820594 - ProApps TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules) 2820595 - ProApps WEB_CLIENT Possible Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199) (web_client.rules) 2820596 - ProApps WEB_CLIENT Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200) (web_client.rules) 2820597 - ProApps WEB_CLIENT Possible Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199) (web_client.rules) 2820598 - ProApps WEB_CLIENT Possible Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205) (web_client.rules) 2820599 - ProApps WEB_CLIENT Possible Internet Explorer Memory Corruption Vulnerability (CVE-2016-3206) (web_client.rules) 2820600 - ProApps WEB_CLIENT Possible Internet Explorer Memory Corruption Vulnerability (CVE-2016-3210) (web_client.rules) 2820601 - ProApps EXPLOIT Internet Explorer Memory Corruption Vulnerability (CVE-2016-3211) (exploit.rules) 2820602 - ProApps EXPLOIT Internet Explorer Memory Corruption Vulnerability (CVE-2016-3211) (exploit.rules) 2820603 - ProApps EXPLOIT Possible CVE-2016-3218 Executable Inbound (exploit.rules) 2820604 - ProApps EXPLOIT Possible CVE-2016-3219 Executable Inbound (exploit.rules) 2820605 - ProApps EXPLOIT ATMFD.DLL Privilege Elevation Vuln (CVE-2016-3220) (exploit.rules) 2820606 - ProApps EXPLOIT Win32k Privilege Elevation Vuln (CVE-2016-3221 1) (exploit.rules) 2820607 - ProApps EXPLOIT Win32k Privilege Elevation Vuln (CVE-2016-3221 2) (exploit.rules) 2820608 - ProApps WEB_CLIENT Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222) (web_client.rules) 2820609 - ProApps EXPLOIT Windows Diagnostics Hub Privilege Elevation Vuln Inbound (CVE-2016-3231) 1 (exploit.rules) 2820610 - ProApps EXPLOIT Windows Diagnostics Hub Privilege Elevation Vuln Inbound (CVE-2016-3231) 2 (exploit.rules) 2820611 - ProApps WEB_CLIENT Microsoft Rich Text File Download With Vulnerable MailMerge OOB (CVE-2016-3234) (web_client.rules) 2820612 - ProApps CURRENT_EVENTS Successful Webmail Credential Phish Jun 14 M1 (current_events.rules) 2820613 - ProApps CURRENT_EVENTS Successful Webmail Credential Phish Jun 14 M2 (current_events.rules) 2820614 - ProApps CURRENT_EVENTS Possible Apple Phishing Domain Jun 14 (current_events.rules) 2820615 - ProApps CURRENT_EVENTS Suspicious Domain - Possible Apple Phishing Jun 14 (current_events.rules) 2820616 - ProApps MOBILE_MALWARE Android/Hiddad.J Checkin (mobile_malware.rules) 2820617 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Blouns.d Checkin (mobile_malware.rules) 2820618 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Blouns.d Checkin 2 (mobile_malware.rules) 2820619 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Blouns.d Checkin 3 (mobile_malware.rules) 2820620 - ProApps CURRENT_EVENTS Successful Ebay Phish Jun 14 (current_events.rules) [+++] Modify rules: 97 [+++] 2002065 - ProApps EXPLOIT Veritas backupexec_agent exploit (exploit.rules) 2016950 - ProApps TROJAN Possible Win32/Hupigon ip.txt with a Non-Mozilla UA (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2800623 - ProApps EXPLOIT Novell eDirectory Server iMonitor Buffer Overflow (exploit.rules) 2816164 - ProApps TROJAN Ursnif Variant Retrieving DGA Seed (trojan.rules) 2820263 - ProApps TROJAN Gozi ISFB CnC Checkin (trojan.rules) 2820490 - ProApps MOBILE_MALWARE Android/TrojanSMS.Agent.BMT Checkin 3 (mobile_malware.rules) [+++] Removed rules: 3 [+++] 2819897 - ProApps CURRENT_EVENTS Successful Scotia Bank Phish Apr 21 (current_events.rules) 2820578 - ProApps TROJAN TorrentLocker DNS query to Domain .varstent.net (trojan.rules) 2820584 - ProApps TROJAN Ursnif DNS Query (trojan.rules) [*] ProApps Security IDS Rules Changelog started Tue Jun 14 00:25:44 2016 [] [+++] Added rules: 4 [+++] 2022894 - ProApps CURRENT_EVENTS SUSPICIOUS Firesale gTLD IE Flash request to set non-standard filename (some overlap with 2021752) (current_events.rules) 2022895 - ProApps CURRENT_EVENTS Xbagger Macro Encrypted DL Jun 13 2016 (current_events.rules) 2820591 - ProApps CURRENT_EVENTS Magnitude EK Landing Jun 13 2016 (current_events.rules) 2820592 - ProApps CURRENT_EVENTS Firesale gTLD and QHEX Likely Magintude EK URI struct June 13 2016 (current_events.rules) [+++] Modify rules: 43 [+++] 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 4 [+++] 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Mon Jun 13 17:45:56 2016 [] [+++] Added rules: 24 [+++] 2022890 - ProApps WEB_CLIENT Google Chrome Pdfium JPEG2000 Heap Overflow (web_client.rules) 2022891 - ProApps TROJAN Unknown Botnet Checkin (trojan.rules) 2022892 - ProApps POLICY External IP Lookup ip-score.com (policy.rules) 2022893 - ProApps MALWARE MSIL/Adload.AT Beacon (malware.rules) 2820571 - ProApps TROJAN PoisonIvy Keepalive to CnC 418 (trojan.rules) 2820572 - ProApps TROJAN PoisonIvy Keepalive to CnC 419 (trojan.rules) 2820573 - ProApps TROJAN TorrentLocker DNS query to Domain .varstent.net (trojan.rules) 2820574 - ProApps TROJAN TorrentLocker DNS query to Domain .vilosten.biz (trojan.rules) 2820575 - ProApps TROJAN TorrentLocker DNS query to Domain .businesnews.net (trojan.rules) 2820576 - ProApps TROJAN MSIL/PWS.Agent.OMJ Inbound Beacon (trojan.rules) 2820577 - ProApps TROJAN TorrentLocker DNS query to Domain .mybariton.com (trojan.rules) 2820578 - ProApps TROJAN TorrentLocker DNS query to Domain .varstent.net (trojan.rules) 2820579 - ProApps TROJAN iSpy Keylogger Exfil via FTP (trojan.rules) 2820580 - ProApps TROJAN Inexsmar/Darkhotel/Dubnium Stage 1 CnC Beacon (trojan.rules) 2820581 - ProApps TROJAN Inexsmar/Darkhotel/Dubnium CnC POST (trojan.rules) 2820582 - ProApps MOBILE_MALWARE Trojan-Dropper.AndroidOS.Leech.d Checkin (mobile_malware.rules) 2820583 - ProApps TROJAN TorrentLocker DNS query to Domain pahrently.biz (trojan.rules) 2820584 - ProApps TROJAN Ursnif DNS Query (trojan.rules) 2820585 - ProApps TROJAN Ursnif DNS Query (trojan.rules) 2820586 - ProApps TROJAN Win32/TrojanDownloader.IndigoRose.R Checkin (trojan.rules) 2820587 - ProApps MOBILE_MALWARE Android/TrojanSMS.FakeInst.ID Checkin (mobile_malware.rules) 2820588 - ProApps TROJAN Win32/Agent.RWB .onion Proxy Domain (trojan.rules) 2820589 - ProApps CURRENT_EVENTS Mailbox Update HTTPS Phishing Domain Jun 13 (current_events.rules) 2820590 - ProApps MOBILE_MALWARE Trojan-Dropper.AndroidOS.Triada.j Checkin (mobile_malware.rules) [+++] Modify rules: 142 [+++] 2022550 - ProApps CURRENT_EVENTS Possible Malicious Macro DL EXE Feb 2016 (current_events.rules) 2022811 - ProApps TROJAN MSIL/Spy.Banker.DH Checkin (trojan.rules) 2022885 - ProApps TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 106 (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2814022 - ProApps MOBILE_MALWARE Trojan-Downloader.AndroidOS.Leech.a Checkin (mobile_malware.rules) [+++] Removed rules: 12 [+++] 2021521 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dyre CnC) (trojan.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2811495 - ProApps MALWARE PUA.BrowSecX Checkin (malware.rules) 2815357 - ProApps TROJAN Spy.Banker.DH CnC Checkin (trojan.rules) 2816088 - ProApps MALWARE MSIL/Adload.AT Beacon (malware.rules) 2820110 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0171) (exploit.rules) 2820111 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0172) (exploit.rules) 2820114 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0176) (exploit.rules) 2820121 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0196) (exploit.rules) [*] ProApps Security IDS Rules Changelog started Sun Jun 12 13:10:29 2016 [] [+++] Added rules: 2 [+++] 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820570 - ProApps CURRENT_EVENTS Job314/Neutrino Reboot EK Landing June 11 2016 M2 (current_events.rules) [+++] Modify rules: 173 [+++] 2400000 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2400031 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Sat Jun 11 14:49:50 2016 [] [+++] Added rules: 2 [+++] 2820568 - ProApps CURRENT_EVENTS Neutrino EK Payload June 11 2016 M2 (current_events.rules) 2820569 - ProApps CURRENT_EVENTS Job314/Neutrino Reboot EK Landing June 11 2016 (current_events.rules) [+++] Modify rules: 141 [+++] 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1863 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 2 [+++] 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Fri Jun 10 18:20:10 2016 [] [+++] Added rules: 10 [+++] 2022888 - ProApps TROJAN Malicious SSL Certificate Detected (Bolek C2) (trojan.rules) 2022889 - ProApps TROJAN Bolek HTTP Checkin (trojan.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820562 - ProApps CURRENT_EVENTS Possible Evil Redirector Leading to EK EITest Jun 10 2016 (current_events.rules) 2820563 - ProApps CURRENT_EVENTS Magnitude EK Landing Jun 10 2016 (current_events.rules) 2820564 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK EITest Jun 10 2016 (No Flash) (current_events.rules) 2820565 - ProApps TROJAN Win32/Zeprox.B Checkin Response (trojan.rules) 2820566 - ProApps TROJAN DustySky SSL Certificate Detected (trojan.rules) 2820567 - ProApps TROJAN DustySky SSL Certificate Detected (trojan.rules) [+++] Modify rules: 150 [+++] 2017371 - ProApps TROJAN Win32/Neurevt.A/Betabot checkin (trojan.rules) 2018784 - ProApps TROJAN Win32/Neurevt.A/Betabot Check-in 4 (trojan.rules) 2020203 - ProApps TROJAN Win32/Zeprox.B Checkin (trojan.rules) 2022836 - ProApps TROJAN PowerShell/Agent.A DNS Checkin (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2807428 - ProApps TROJAN Win32/Neurevt.A/Betabot Checkin 2 (trojan.rules) 2807970 - ProApps TROJAN Win32/Neurevt.A/Betabot Checkin 3 (trojan.rules) 2809670 - ProApps TROJAN Win32/Neurevt.B/Betabot Trojan Checkin via HTTP POST (trojan.rules) 2814690 - ProApps TROJAN Win32/Neurevt/Betabot Upload (trojan.rules) 2815524 - ProApps TROJAN DUBNIUM/DarkHotel Backdoor CnC (trojan.rules) [+++] Removed rules: 1 [+++] 2014830 - ProApps CURRENT_EVENTS Redkit Java Exploit request to .class file (current_events.rules) [] ProApps Security IDS Rules Changelog started Thu Jun 9 17:04:18 2016 [] [+++] Added rules: 29 [+++] 2022884 - ProApps CURRENT_EVENTS SUSPICIOUS EXE Download from specific file share site (used in recent maldoc campaign) (current_events.rules) 2022885 - ProApps TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 106 (trojan.rules) 2022886 - ProApps POLICY BitCoinMiner Cpuminer Login (policy.rules) 2820536 - ProApps TROJAN Tordal/Hancitor/Chanitor Module Download Links (trojan.rules) 2820537 - ProApps TROJAN Win32/Neutrino HTTP Structure (trojan.rules) 2820538 - ProApps TROJAN TorrentLocker DNS query to Domain .gefryhard.org (trojan.rules) 2820539 - ProApps POLICY External IP Lookup whereisip.net (policy.rules) 2820540 - ProApps TROJAN APT28 SEDNIT DNS Lookup (trojan.rules) 2820541 - ProApps TROJAN Likely APT28 Win32/Agent.XVD SSL Cert (trojan.rules) 2820542 - ProApps TROJAN APT28 SEDNIT DNS Lookup (trojan.rules) 2820543 - ProApps TROJAN APT28 SEDNIT Variant CnC Beacon 1 (trojan.rules) 2820544 - ProApps TROJAN APT28 SEDNIT Variant CnC Beacon 2 (trojan.rules) 2820545 - ProApps TROJAN APT28 SEDNIT Variant CnC Beacon 3 (trojan.rules) 2820546 - ProApps TROJAN APT28 SEDNIT Variant CnC Beacon 4 (trojan.rules) 2820547 - ProApps TROJAN Malicious SSL certificate detected (Ursnif Injects) (trojan.rules) 2820548 - ProApps TROJAN Malicious SSL certificate detected (Ursnif Injects) (trojan.rules) 2820549 - ProApps TROJAN Likely APT28 Win32/Agent.RMG SSL Cert (trojan.rules) 2820550 - ProApps TROJAN APT28 XAgent User-Agent (trojan.rules) 2820551 - ProApps TROJAN APT28 XAgent DNS Lookup (trojan.rules) 2820552 - ProApps TROJAN APT28 XAgent DNS Lookup (trojan.rules) 2820553 - ProApps TROJAN Bladabindi/njRAT variant Activity (trojan.rules) 2820554 - ProApps CURRENT_EVENTS CVE-2015-0016 As Observed in Magnitude EK Jun 09 2016 (current_events.rules) 2820555 - ProApps TROJAN URLzone/Bebloh/Shiotob Injects SSL Certificate Detected (trojan.rules) 2820556 - ProApps TROJAN TorrentLocker DNS query to Domain .felteron.com (trojan.rules) 2820557 - ProApps CURRENT_EVENTS Suspicious Compound Refresh - Possible Phishing Redirect Jun 9 (current_events.rules) 2820558 - ProApps CURRENT_EVENTS Successful US Bank Phish Jun 9 M1 (current_events.rules) 2820559 - ProApps CURRENT_EVENTS Successful US Bank Phish Jun 9 M2 (current_events.rules) 2820560 - ProApps TROJAN TorrentLocker DNS query to Domain .pinterpoint.biz (trojan.rules) 2820561 - ProApps TROJAN TorrentLocker DNS query to Domain *.capturen.net (trojan.rules) [+++] Modify rules: 142 [+++] 2021506 - ProApps TROJAN Sednit Connectivity Check 0 Byte POST (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 16 [+++] 2020995 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M0 (current_events.rules) 2020996 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M1 (current_events.rules) 2020997 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M2 (current_events.rules) 2021000 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M5 (current_events.rules) 2021001 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M6 (current_events.rules) 2021002 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M7 (current_events.rules) 2021003 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M8 (current_events.rules) 2021004 - ProApps CURRENT_EVENTS Fiesta Payload/Exploit URI Struct M9 (current_events.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2808391 - ProApps TROJAN Trojan.Injector.AWX checkin (trojan.rules) Read more »

Jun 9	ProApps Security IDS Rules Changelog 2016-06-09 Postado por Rafael Honorato on 09/Jun 15:30
[*] Summary 2016-06-09 [] Total added rules: 190 Total modified rules: 657 Total removed rules: 55 [] ProApps Security IDS Rules Changelog started Wed Jun 8 17:41:13 2016 [] [+++] Added rules: 25 [+++] 2022874 - ProApps INFO Windows Executable Sent When Remote Host Claims to Send a RAR Archive (info.rules) 2022875 - ProApps TROJAN BandarChor/CryptON Ransomware Checkin (trojan.rules) 2022876 - ProApps INFO DYNAMIC_DNS Query to a Suspicious dynapoint.pw Domain (info.rules) 2022877 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gozi MITM) (trojan.rules) 2022878 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Shifu CnC) (trojan.rules) 2022879 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC) (trojan.rules) 2022880 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Gootkit CnC) (trojan.rules) 2022881 - ProApps TROJAN Qarallax RAT Downloading Modules (trojan.rules) 2022882 - ProApps TROJAN Qarallax RAT Keepalive C2 (set) (trojan.rules) 2022883 - ProApps TROJAN Qarallax RAT Keepalive C2 (trojan.rules) 2820521 - ProApps TROJAN PoisonIvy Keepalive to CnC 413 (trojan.rules) 2820522 - ProApps TROJAN PoisonIvy Keepalive to CnC 414 (trojan.rules) 2820523 - ProApps TROJAN PoisonIvy Keepalive to CnC 415 (trojan.rules) 2820524 - ProApps TROJAN PoisonIvy Keepalive to CnC 416 (trojan.rules) 2820525 - ProApps TROJAN PoisonIvy Keepalive to CnC 417 (trojan.rules) 2820526 - ProApps TROJAN Trojan-Ransom.Win32.Crypmod.xvg .onion Proxy Domain (trojan.rules) 2820527 - ProApps TROJAN Win32/Remote Keylogger Asset Download Request (trojan.rules) 2820528 - ProApps TROJAN Targeted Redirect to Flash Exploit Likely CVE-2015-0313 (trojan.rules) 2820529 - ProApps CURRENT_EVENTS Paypal Phishing Landing Redirect Jun 8 (current_events.rules) 2820530 - ProApps CURRENT_EVENTS DrSpam Phishing Landing Jun 8 (current_events.rules) 2820531 - ProApps CURRENT_EVENTS DrSpam Phishing Landing CSS Jun 8 (current_events.rules) 2820532 - ProApps CURRENT_EVENTS Successful DrSpam Phish Jun 8 M1 (current_events.rules) 2820533 - ProApps CURRENT_EVENTS Successful DrSpam Phish Jun 8 M2 (current_events.rules) 2820534 - ProApps CURRENT_EVENTS Possible HMRC Phishing Domain Jun 8 (current_events.rules) 2820535 - ProApps CURRENT_EVENTS Possible Successful Generic Phish (set) Jun 8 (current_events.rules) [+++] Modify rules: 152 [+++] 2005320 - ProApps TROJAN Suspicious User-Agent (MyAgent) (trojan.rules) 2022859 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK Jun 03, 2016 (current_events.rules) 2022868 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1453 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820488 - ProApps CURRENT_EVENTS Successful Docshares Phish Jun 6 (current_events.rules) [+++] Removed rules: 6 [+++] 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2403398 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405050 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2405051 - ProApps CNC Shadowserver Reported CnC Server Port 51987 Group 1 (botcc.portgrouped.rules) 2820448 - ProApps TROJAN BandarChor/CryptON Ransomware Checkin (trojan.rules) [] ProApps Security IDS Rules Changelog started Tue Jun 7 17:42:09 2016 [] [+++] Added rules: 34 [+++] 2022871 - ProApps TROJAN FastPOS Sending Keystrokes (trojan.rules) 2022872 - ProApps TROJAN FastPOS RAM Scraper Sending Details (trojan.rules) 2022873 - ProApps TROJAN Win32/DMA Locker CnC Checkin (trojan.rules) 2403398 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 99 (ciarmy.rules) 2403399 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 100 (ciarmy.rules) 2405050 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2405051 - ProApps CNC Shadowserver Reported CnC Server Port 51987 Group 1 (botcc.portgrouped.rules) 2820494 - ProApps TROJAN MSIL/Unknown Backdoor CnC Beacon (trojan.rules) 2820495 - ProApps MOBILE_MALWARE Android/UpdtKiller.M Checkin (mobile_malware.rules) 2820496 - ProApps POLICY DNS Query to .onion proxy Domain (azwsxe.win) (policy.rules) 2820497 - ProApps POLICY DNS Query to .onion proxy Domain (xzcfr4.win) (policy.rules) 2820498 - ProApps POLICY DNS Query to .onion proxy Domain (asd3r3.win) (policy.rules) 2820499 - ProApps POLICY DNS Query to .onion proxy Domain (fgfid6.win) (policy.rules) 2820500 - ProApps POLICY DNS Query to .onion proxy Domain (werti4.win) (policy.rules) 2820501 - ProApps POLICY DNS Query to .onion proxy Domain (azlto5.win) (policy.rules) 2820502 - ProApps POLICY DNS Query to .onion proxy Domain (sdfiso.win) (policy.rules) 2820503 - ProApps POLICY DNS Query to .onion proxy Domain (ad34ft.win) (policy.rules) 2820504 - ProApps POLICY DNS Query to .onion proxy Domain (asxce4.win) (policy.rules) 2820505 - ProApps POLICY DNS Query to .onion proxy Domain (sims6n.win) (policy.rules) 2820506 - ProApps POLICY DNS Query to .onion proxy Domain (torking.li) (policy.rules) 2820507 - ProApps POLICY DNS Query to .onion proxy Domain (45kgok.win) (policy.rules) 2820508 - ProApps POLICY DNS Query to .onion proxy Domain (torbrouke.li) (policy.rules) 2820509 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.SmForw.fo Checkin (mobile_malware.rules) 2820510 - ProApps TROJAN CoinMiner Known Malicious Stratum Authline (2016-06-06 1) (trojan.rules) 2820511 - ProApps TROJAN Dridex Injects SSL Cert (trojan.rules) 2820512 - ProApps TROJAN MSIL/ProjectBot/Censer Plugin DL (trojan.rules) 2820513 - ProApps TROJAN TorrentLocker DNS query to Domain .prolongedroads (trojan.rules) 2820514 - ProApps TROJAN Suspicious Terse Request to hastebin.com - Possible Download (trojan.rules) 2820515 - ProApps TROJAN Fleercivet Clickfraud Activity (set) (trojan.rules) 2820516 - ProApps TROJAN Fleercivet Clickfraud Activity (trojan.rules) 2820517 - ProApps TROJAN Win32/ExtenBro.ACE Activity (trojan.rules) 2820518 - ProApps TROJAN PoisonIvy Keepalive to CnC 412 (trojan.rules) 2820519 - ProApps TROJAN TorrentLocker DNS query to Domain .fixplanet.org (trojan.rules) 2820520 - ProApps TROJAN TorrentLocker DNS query to Domain .manybigtoys.com (trojan.rules) [+++] Modify rules: 153 [+++] 2008542 - ProApps SCADA CitectSCADA ODBC Overflow Attempt (scada.rules) 2022845 - ProApps TROJAN Criptobit/Mobef Ransomware Checkin (trojan.rules) 2022868 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 6900 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2819826 - ProApps TROJAN MSIL/BrLock Screenlocker Activity (trojan.rules) [+++] Removed rules: 2 [+++] 2815998 - ProApps TROJAN Worm.VBS/Jenxcus.gen!C Checkin (trojan.rules) 2820260 - ProApps TROJAN Win32/DMA Locker CnC Checkin (trojan.rules) [*] ProApps Security IDS Rules Changelog started Mon Jun 6 16:55:04 2016 [] [+++] Added rules: 32 [+++] 2022861 - ProApps TROJAN Win32.Kovter Client CnC Traffic (trojan.rules) 2022862 - ProApps TROJAN FastPOS Initial Checkin (trojan.rules) 2022863 - ProApps TROJAN FastPOS Version Checkin (trojan.rules) 2022864 - ProApps TROJAN FastPOS Sending Status Logs (trojan.rules) 2022865 - ProApps TROJAN FastPOS Software Update Request (trojan.rules) 2022866 - ProApps TROJAN FastPOS Reporting Error Code (trojan.rules) 2022867 - ProApps TROJAN FastPOS Successful Software Update Request (trojan.rules) 2022868 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (trojan.rules) 2022869 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK Jun 06 2016 (current_events.rules) 2022870 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (Locky C2) (trojan.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2403393 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 94 (ciarmy.rules) 2403394 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 95 (ciarmy.rules) 2403395 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 96 (ciarmy.rules) 2403396 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 97 (ciarmy.rules) 2403397 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 98 (ciarmy.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820482 - ProApps TROJAN Malicious SSL Certificate Detected (Gootkit C2) (trojan.rules) 2820483 - ProApps TROJAN TorrentLocker DNS query to Domain .bigfloristics.com (trojan.rules) 2820484 - ProApps TROJAN Malicious SSL Certificate Detected (Zeus C2) (trojan.rules) 2820485 - ProApps TROJAN TorrentLocker DNS query to Domain .billmassanger.com (trojan.rules) 2820486 - ProApps TROJAN DNS query to Win32/Kitkiot.A Domain (trojan.rules) 2820487 - ProApps TROJAN Win32/Gamarue.AU SSL Cert (trojan.rules) 2820488 - ProApps CURRENT_EVENTS Successful Docshares Phish Jun 6 (current_events.rules) 2820489 - ProApps MOBILE_MALWARE Trojan-Ransom.AndroidOS.Svpeng.m Checkin (mobile_malware.rules) 2820490 - ProApps MOBILE_MALWARE Android/TrojanSMS.Agent.BMT Checkin 3 (mobile_malware.rules) 2820491 - ProApps CURRENT_EVENTS Northwell Health Phishing Landing Jun 6 (current_events.rules) 2820492 - ProApps TROJAN PoisonIvy Keepalive to CnC 410 (trojan.rules) 2820493 - ProApps TROJAN PoisonIvy Keepalive to CnC 411 (trojan.rules) [+++] Modify rules: 174 [+++] 2022845 - ProApps TROJAN Criptobit/Mobef Ransomware Checkin (trojan.rules) 2400000 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2400031 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2810481 - ProApps TROJAN Possible zipped Windows executable sent when remote host claims to send an image (trojan.rules) 2820171 - ProApps TROJAN Hawkeye/HawkSpy Email Report (trojan.rules) [+++] Removed rules: 1 [+++] 2812184 - ProApps TROJAN ZIP file embedded in JPG containing EXE (trojan.rules) [] ProApps Security IDS Rules Changelog started Fri Jun 3 18:03:35 2016 [] [+++] Added rules: 65 [+++] 2022853 - ProApps CURRENT_EVENTS Tech Support Phone Scam Landing M4 Jun 3 (current_events.rules) 2022854 - ProApps CURRENT_EVENTS Tech Support Phone Scam Landing M5 Jun 3 (current_events.rules) 2022855 - ProApps CURRENT_EVENTS Tech Support Phone Scam Landing M3 Jun 3 (current_events.rules) 2022856 - ProApps CURRENT_EVENTS Tech Support Phone Scam Landing M1 Jun 3 (current_events.rules) 2022857 - ProApps CURRENT_EVENTS Tech Support Phone Scam Landing M2 Jun 3 (current_events.rules) 2022858 - ProApps CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign (current_events.rules) 2022859 - ProApps CURRENT_EVENTS Evil Redirector Leading to EK Jun 03, 2016 (current_events.rules) 2022860 - ProApps WEB_SERVER Aribitrary File Upload Vulnerability in WP Mobile Detector (web_server.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820476 - ProApps TROJAN Targeted Win32/Ispen CnC Beacon (trojan.rules) 2820477 - ProApps TROJAN Targeted Win32/Ispen Fake User-Agent (trojan.rules) 2820478 - ProApps TROJAN TorrentLocker DNS query to Domain .lingeringhands.org (trojan.rules) 2820479 - ProApps TROJAN TorrentLocker DNS query to Domain .copypastes.net (trojan.rules) 2820480 - ProApps TROJAN PoisonIvy Keepalive to CnC 408 (trojan.rules) 2820481 - ProApps TROJAN PoisonIvy Keepalive to CnC 409 (trojan.rules) [+++] Modify rules: 90 [+++] 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2809782 - ProApps MOBILE_MALWARE Android/AdDisplay.Kuguo.F Checkin (mobile_malware.rules) 2814965 - ProApps MOBILE_MALWARE Android GhostPush Checkin 7 (mobile_malware.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Thu Jun 2 18:03:11 2016 [*] [+++] Added rules: 34 [+++] 2022850 - ProApps MALWARE Win32/Hadsruda!bit Adware/PUA Installation Activity (malware.rules) 2022851 - ProApps TROJAN Luminosity RAT Possible Module Download M1 (trojan.rules) 2022852 - ProApps TROJAN Luminosity RAT Possible Module Download M2 (trojan.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2820450 - ProApps CURRENT_EVENTS Avast Phishing Landing Jun 2 (current_events.rules) 2820451 - ProApps POLICY External IP Lookup freehostedscripts.net (policy.rules) 2820452 - ProApps CURRENT_EVENTS Versobank Phishing Landing Jun 2 (current_events.rules) 2820453 - ProApps CURRENT_EVENTS Adobe Cloud Phishing Landing Jun 2 (current_events.rules) 2820454 - ProApps TROJAN Android/Spy.Agent.UN .onion Proxy Domain (trojan.rules) 2820455 - ProApps TROJAN Win32/Unknown Backdoor CnC Checkin (trojan.rules) 2820456 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Wroba.ag Checkin (mobile_malware.rules) 2820457 - ProApps TROJAN W32/Klez.A Sending EXE via SMTP (trojan.rules) 2820458 - ProApps TROJAN Possible PowerShell Shellcode Payload Received Over HTTP M1 (trojan.rules) 2820459 - ProApps TROJAN Possible PowerShell Shellcode Payload Received Over HTTP M2 (trojan.rules) 2820460 - ProApps TROJAN Possible PowerShell Shellcode Payload Received Over HTTP M3 (trojan.rules) 2820461 - ProApps TROJAN Likely Targeted Maldoc Redirector - set (trojan.rules) 2820462 - ProApps TROJAN Likely Targeted Maldoc Redirector (trojan.rules) 2820463 - ProApps CURRENT_EVENTS Email Login Phishing Landing Jun 2 (current_events.rules) 2820464 - ProApps CURRENT_EVENTS Successful Email Login Phish Jun 2 (current_events.rules) 2820465 - ProApps CURRENT_EVENTS Successful Excel Shared Document Phish Jun 2 (current_events.rules) 2820466 - ProApps CURRENT_EVENTS Generic Email Login Phishing Landing Jun 2 (current_events.rules) 2820467 - ProApps TROJAN PoisonIvy Keepalive to CnC 405 (trojan.rules) 2820468 - ProApps TROJAN PoisonIvy Keepalive to CnC 406 (trojan.rules) 2820469 - ProApps TROJAN PoisonIvy Keepalive to CnC 407 (trojan.rules) 2820470 - ProApps TROJAN Targeted AutoIt FileStealer/Downloader CnC Beacon 1 (trojan.rules) 2820471 - ProApps TROJAN Targeted AutoIt FileStealer/Downloader CnC Beacon 2 (trojan.rules) 2820472 - ProApps TROJAN Targeted AutoIt FileStealer/Downloader CnC Beacon 3 (trojan.rules) 2820473 - ProApps TROJAN Targeted AutoIt FileStealer/Downloader CnC Beacon 4 (trojan.rules) 2820474 - ProApps TROJAN Targeted AutoIt FileStealer/Downloader Exfiltrating File (trojan.rules) 2820475 - ProApps EXPLOIT Possible HP.SSF.WebService Exploit Attempt (exploit.rules) [+++] Modify rules: 88 [+++] 2021178 - ProApps ATTACK_RESPONSE Metasploit Meterpreter Reverse HTTPS certificate (attack_response.rules) 2022834 - ProApps CURRENT_EVENTS Possible Malicious Macro DL BIN May 2016 (No UA) (current_events.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2814961 - ProApps CURRENT_EVENTS Possible Dyre SSL Cert Nov 17 2015 (current_events.rules) 2816649 - ProApps TROJAN Win32.TravNet.C HTTP Checkin (trojan.rules) 2820448 - ProApps TROJAN BandarChor/CryptON Ransomware Checkin (trojan.rules) [+++] Removed rules: 46 [+++] 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) Read more »

Jun 2	ProApps Security IDS Rules Changelog 2016-06-02 Postado por Rafael Honorato on 02/Jun 15:56
[*] Summary 2016-06-02 [] Total added rules: 120 Total modified rules: 364 Total removed rules: 17 [] ProApps Security IDS Rules Changelog started Wed Jun 1 17:39:21 2016 [] [+++] Added rules: 24 [+++] 2022846 - ProApps WEB_SERVER Possible CVE-2016-5118 Exploit SVG attempt M1 (web_server.rules) 2022847 - ProApps WEB_SERVER Possible CVE-2016-5118 Exploit SVG attempt M2 (web_server.rules) 2022848 - ProApps WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M1 (web_server.rules) 2022849 - ProApps WEB_SERVER Possible CVE-2016-5118 Exploit MVG attempt M2 (web_server.rules) 2820430 - ProApps TROJAN Win32/Kryptik.EYDL DNS Query (trojan.rules) 2820431 - ProApps TROJAN Redirector.Paco SSL Certificate Detected (searchly.org) (trojan.rules) 2820432 - ProApps TROJAN Redirector.Paco SSL Certificate Detected (trojan.rules) 2820433 - ProApps TROJAN Redirector.Paco PAC Download (trojan.rules) 2820434 - ProApps TROJAN Redirector.Paco DNS Name (1.mtmyoq.se) (trojan.rules) 2820435 - ProApps TROJAN Redirector.Paco DNS Name (2.mtmyoq.se) (trojan.rules) 2820436 - ProApps TROJAN Redirector.Paco DNS Name (3.mtmyoq.se) (trojan.rules) 2820437 - ProApps TROJAN Redirector.Paco DNS Name (4.mtmyoq.se) (trojan.rules) 2820438 - ProApps TROJAN Redirector.Paco DNS Name (5.mtmyoq.se) (trojan.rules) 2820439 - ProApps TROJAN Redirector.Paco DNS Name (6.mtmyoq.se) (trojan.rules) 2820440 - ProApps TROJAN Redirector.Paco DNS Name (7.mtmyoq.se) (trojan.rules) 2820441 - ProApps TROJAN Redirector.Paco DNS Name (8.mtmyoq.se) (trojan.rules) 2820442 - ProApps TROJAN Redirector.Paco DNS Name (9.mtmyoq.se) (trojan.rules) 2820443 - ProApps TROJAN PoisonIvy Keepalive to CnC 400 (trojan.rules) 2820444 - ProApps TROJAN PoisonIvy Keepalive to CnC 401 (trojan.rules) 2820445 - ProApps TROJAN PoisonIvy Keepalive to CnC 402 (trojan.rules) 2820446 - ProApps TROJAN PoisonIvy Keepalive to CnC 403 (trojan.rules) 2820447 - ProApps TROJAN PoisonIvy Keepalive to CnC 404 (trojan.rules) 2820448 - ProApps TROJAN CryptON Ransomware Checkin (trojan.rules) 2820449 - ProApps TROJAN CoinMiner Known Malicious Stratum Authline (2016-06-01 1) (trojan.rules) [+++] Modify rules: 83 [+++] 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Tue May 31 18:06:08 2016 [] [+++] Added rules: 0 [+++] [+++] Modify rules: 142 [+++] 2400000 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2400031 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 12 [+++] 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Tue May 31 16:40:35 2016 [] [+++] Added rules: 50 [+++] 2022842 - ProApps TROJAN HTTPBrowser/Pisloader Covert DNS CnC Channel TXT Lookup (trojan.rules) 2022843 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (Locky C2) (trojan.rules) 2022844 - ProApps TROJAN Ransomware Locky CnC Beacon 4 21 May (trojan.rules) 2022845 - ProApps TROJAN Criptobit/Mobef Ransomware Checkin (trojan.rules) 2820384 - ProApps TROJAN APT.Fimlis CnC Beacon Response (trojan.rules) 2820385 - ProApps TROJAN APT.Fimlis CnC Beacon (trojan.rules) 2820386 - ProApps TROJAN PoisonIvy Keepalive to CnC 391 (trojan.rules) 2820387 - ProApps TROJAN PoisonIvy Keepalive to CnC 392 (trojan.rules) 2820388 - ProApps TROJAN PoisonIvy Keepalive to CnC 393 (trojan.rules) 2820389 - ProApps TROJAN PoisonIvy Keepalive to CnC 394 (trojan.rules) 2820390 - ProApps TROJAN PoisonIvy Keepalive to CnC 395 (trojan.rules) 2820391 - ProApps TROJAN PoisonIvy Keepalive to CnC 396 (trojan.rules) 2820392 - ProApps TROJAN PoisonIvy Keepalive to CnC 397 (trojan.rules) 2820393 - ProApps POLICY Remote Access User-Agent (RMS) (policy.rules) 2820394 - ProApps MALWARE Win32/iTorrent.A PUA Json POST (malware.rules) 2820395 - ProApps MALWARE Win32/iTorrent.A PUA Data POST (malware.rules) 2820396 - ProApps TROJAN Helminth Checkin (trojan.rules) 2820397 - ProApps TROJAN APT.Enfal SSL Cert - Downloaded by Cmstar (trojan.rules) 2820398 - ProApps TROJAN Win32/Nystprac.A CnC Domain DNS Request (trojan.rules) 2820399 - ProApps TROJAN Win32/Fibot.A CnC Checkin (trojan.rules) 2820400 - ProApps CURRENT_EVENTS Job314/Neutrino Reboot EK Landing May 31 2016 (current_events.rules) 2820401 - ProApps TROJAN Ransomware Locky CnC Beacon 21 May (trojan.rules) 2820402 - ProApps TROJAN Ransomware/Cerber Onion Checkin (trojan.rules) 2820403 - ProApps EXPLOIT Oracle ATS Arbitrary File Upload (CVE-2016-0491) (exploit.rules) 2820404 - ProApps CURRENT_EVENTS Possible KaiXin EK Common Flash Exploit URI Constructn May 31 2016 (current_events.rules) 2820405 - ProApps MOBILE_MALWARE Android.Trojan.InfoStealer.HL Checkin (mobile_malware.rules) 2820406 - ProApps TROJAN PoisonIvy Keepalive to CnC 398 (trojan.rules) 2820407 - ProApps TROJAN PoisonIvy Keepalive to CnC 399 (trojan.rules) 2820408 - ProApps POLICY DNS Query to .onion proxy Domain (tewoaq.win) (policy.rules) 2820409 - ProApps POLICY DNS Query to .onion proxy Domain (red4is.win) (policy.rules) 2820410 - ProApps POLICY DNS Query to .onion proxy Domain (li4loi.win) (policy.rules) 2820411 - ProApps POLICY DNS Query to .onion proxy Domain (to6maq.win) (policy.rules) 2820412 - ProApps POLICY DNS Query to .onion proxy Domain (maqwe5.win) (policy.rules) 2820413 - ProApps POLICY DNS Query to .onion proxy Domain (wewiso.win) (policy.rules) 2820414 - ProApps POLICY DNS Query to .onion proxy Domain (nerti5.win) (policy.rules) 2820415 - ProApps POLICY DNS Query to .onion proxy Domain (raress.win) (policy.rules) 2820416 - ProApps POLICY DNS Query to .onion proxy Domain (workju.win) (policy.rules) 2820417 - ProApps POLICY DNS Query to .onion proxy Domain (wet4io.win) (policy.rules) 2820418 - ProApps POLICY DNS Query to .onion proxy Domain (mix3hi.win) (policy.rules) 2820419 - ProApps POLICY DNS Query to .onion proxy Domain (oneswi.win) (policy.rules) 2820420 - ProApps POLICY DNS Query to .onion proxy Domain (lib2vi.win) (policy.rules) 2820421 - ProApps POLICY DNS Query to .onion proxy Domain (tigifc.win) (policy.rules) 2820422 - ProApps POLICY DNS Query to .onion proxy Domain (ti4wic.win) (policy.rules) 2820423 - ProApps POLICY DNS Query to .onion proxy Domain (amdeu5.win) (policy.rules) 2820424 - ProApps POLICY DNS Query to .onion proxy Domain (moneu5.win) (policy.rules) 2820425 - ProApps POLICY DNS Query to .onion proxy Domain (m5gid4.win) (policy.rules) 2820426 - ProApps POLICY DNS Query to .onion proxy Domain (m5fgoi.win) (policy.rules) 2820427 - ProApps POLICY DNS Query to .onion proxy Domain (wins4n.win) (policy.rules) 2820428 - ProApps POLICY DNS Query to .onion proxy Domain (m5gips.win) (policy.rules) 2820429 - ProApps POLICY DNS Query to .onion proxy Domain (watchdogpayment.com) (policy.rules) [+++] Modify rules: 55 [+++] 2022627 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2816403 - ProApps TROJAN Win32/Evotob.B Variant Checkin Response (trojan.rules) 2816589 - ProApps TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M1 (trojan.rules) 2816590 - ProApps TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M2 (trojan.rules) 2816591 - ProApps TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M3 b64 1 (trojan.rules) 2816592 - ProApps TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M3 b64 2 (trojan.rules) 2816593 - ProApps TROJAN Stealth Falcon PowerShell Stage 1 CnC Beacon M3 b64 3 (trojan.rules) 2816594 - ProApps TROJAN Stealth Falcon PowerShell Stage 2 SSL Cert 1 (trojan.rules) 2816595 - ProApps TROJAN Stealth Falcon PowerShell Stage 2 SSL Cert 2 (trojan.rules) [+++] Removed rules: 2 [+++] 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2812036 - ProApps TROJAN HTTPBrowser Covert DNS CnC Channel TXT Lookup (trojan.rules) [] ProApps Security IDS Rules Changelog started Fri May 27 17:20:34 2016 [] [+++] Added rules: 12 [+++] 2022841 - ProApps CURRENT_EVENTS Possible ReactorBot .bin Download (current_events.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820374 - ProApps TROJAN PoisonIvy Keepalive to CnC 388 (trojan.rules) 2820375 - ProApps TROJAN PoisonIvy Keepalive to CnC 389 (trojan.rules) 2820376 - ProApps TROJAN PoisonIvy Keepalive to CnC 390 (trojan.rules) 2820377 - ProApps TROJAN Unknown Loader (dropped by RIG EK) Checkin (trojan.rules) 2820378 - ProApps CURRENT_EVENTS Evil Redirector to EK May 27 2016 (current_events.rules) 2820379 - ProApps MOBILE_MALWARE Trojan-Dropper.AndroidOS.Guerrilla.g Checkin (mobile_malware.rules) 2820380 - ProApps TROJAN APT/ByeByeShell CnC Checkin (trojan.rules) 2820381 - ProApps TROJAN Hawkeye Keylogger SMTP Checkin M1 (trojan.rules) 2820382 - ProApps TROJAN Hawkeye Keylogger SMTP Checkin M2 (trojan.rules) 2820383 - ProApps TROJAN Hawkeye Keylogger SMTP Stolen Credentials (trojan.rules) [+++] Modify rules: 48 [+++] 2021730 - ProApps TROJAN Joanap CnC Checkin (trojan.rules) 2022627 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 993 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2820328 - ProApps TROJAN PowerShell/Agent.A HTTP CnC Beacon (trojan.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Thu May 26 18:16:43 2016 [] [+++] Added rules: 18 [+++] 2820179 - ProApps TROJAN CryptXXX Possible Payment Page (trojan.rules) 2820357 - ProApps MOBILE_MALWARE Trojan-Dropper.AndroidOS.Triada.g Checkin (mobile_malware.rules) 2820358 - ProApps TROJAN PoisonIvy Keepalive to CnC 384 (trojan.rules) 2820359 - ProApps TROJAN PoisonIvy Keepalive to CnC 385 (trojan.rules) 2820360 - ProApps TROJAN PoisonIvy Keepalive to CnC 386 (trojan.rules) 2820361 - ProApps TROJAN PoisonIvy Keepalive to CnC 387 (trojan.rules) 2820362 - ProApps POLICY External IP Address Check - (useragent.cc) (policy.rules) 2820363 - ProApps POLICY External IP Address Check - (ddnss.de) (policy.rules) 2820364 - ProApps CURRENT_EVENTS Possible Successful Generic Phish May 26 (current_events.rules) 2820365 - ProApps MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.bl Checkin (mobile_malware.rules) 2820366 - ProApps TROJAN MSIL/Banker.M Requesting Binary from SQL 2 (trojan.rules) 2820367 - ProApps TROJAN Win32/Agiala Checkin (trojan.rules) 2820368 - ProApps TROJAN TorrentLocker DNS query to Domain .blasters.biz (trojan.rules) 2820369 - ProApps CURRENT_EVENTS Successful Phish via Wix.com May 26 (current_events.rules) 2820370 - ProApps CURRENT_EVENTS Successful Petro Canada Phish May 26 (current_events.rules) 2820371 - ProApps CURRENT_EVENTS Successful Wells Fargo Phish May 26 (current_events.rules) 2820372 - ProApps CURRENT_EVENTS Suspicious Domain - Possible Phishing Redirect May 26 (current_events.rules) 2820373 - ProApps CURRENT_EVENTS Successful Paypal Phish May 26 (current_events.rules) [+++] Modify rules: 17 [+++] 2021871 - ProApps TROJAN Hawkeye Keylogger SMTP Beacon (trojan.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2809782 - ProApps MOBILE_MALWARE Android/AdDisplay.Kuguo.F Checkin (mobile_malware.rules) 2815781 - ProApps CURRENT_EVENTS Possible Successful Generic Phish Jan 14 (current_events.rules) 2820159 - ProApps MOBILE_MALWARE Trojan-Ransom.AndroidOS.Agent.r Checkin (mobile_malware.rules) [+++] Removed rules: 1 [+++] 2820097 - ProApps TROJAN CryptXXX 2.06 Checkin (trojan.rules) [*] ProApps Security IDS Rules Changelog started Wed May 25 17:39:03 2016 [*] [+++] Added rules: 16 [+++] 2022838 - ProApps TROJAN Possible CryptXXX Ransomware Renaming Encrypted File SMB v1 Unicode (trojan.rules) 2022839 - ProApps TROJAN Possible CryptXXX Ransomware Renaming Encrypted File SMB v1 ASCII (trojan.rules) 2022840 - ProApps TROJAN Possible CryptXXX Ransomware Renaming Encrypted File SMB v2 (trojan.rules) 2820344 - ProApps TROJAN PowerShell/Agent.B Checkin to Tor Domain (trojan.rules) 2820345 - ProApps TROJAN PowerShell/Agent.B .onion Domain (4nzchpngrtdhn27u) (trojan.rules) 2820346 - ProApps TROJAN PowerShell/Agent.B .onion Domain (jj6yu3vr5chfxnyc) (trojan.rules) 2820347 - ProApps TROJAN PowerShell/Agent.B .onion Domain (27vmq54zu46vmiel) (trojan.rules) 2820348 - ProApps TROJAN PowerShell/Agent.B .onion Domain (6h5junbsz6gfssha) (trojan.rules) 2820349 - ProApps TROJAN APT.Danti Variant CnC Beacon (trojan.rules) 2820350 - ProApps CURRENT_EVENTS Suspicious Redirect - Possible Phishing May 25 (current_events.rules) 2820351 - ProApps CURRENT_EVENTS Phishing Fake Mailbox Quota Increase Messages May 25 (current_events.rules) 2820352 - ProApps CURRENT_EVENTS Excel Phishing Landing Page May 25 (current_events.rules) 2820353 - ProApps CURRENT_EVENTS Successful Excel Online Phish May 25 (current_events.rules) 2820354 - ProApps CURRENT_EVENTS Suspicious File Download Post-Phishing May 25 (current_events.rules) 2820355 - ProApps CURRENT_EVENTS Phishing Fake Document Loading Messages May 25 (current_events.rules) 2820356 - ProApps TROJAN PoisonIvy Keepalive to CnC 383 (trojan.rules) [+++] Modify rules: 19 [+++] 2003927 - ProApps TROJAN Suspicious User-Agent (HTTPTEST) - Seen used by downloaders (trojan.rules) 2014103 - ProApps WEB_SERVER Unusually Fast HTTP Requests With Referer Url Matching DoS Tool (web_server.rules) 2022834 - ProApps CURRENT_EVENTS Possible Malicious Macro DL BIN May 2016 (No UA) (current_events.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2816562 - ProApps TROJAN Danti Variant CnC Beacon (trojan.rules) 2819805 - ProApps TROJAN CryptXXX CnC Beacon (trojan.rules) 2820198 - ProApps TROJAN APT.SVCMONDR CnC Checkin (trojan.rules) [+++] Removed rules: 2 [+++] 2816542 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct Mar 08 2016 (current_events.rules) 2820179 - ProApps TROJAN CryptXXX Possible Payment Page (trojan.rules) Read more »

May 25	ProApps Security IDS Rules Changelog 2016-05-25 Postado por Rafael Honorato on 25/May 11:15
[*] Summary 2016-05-25 [] Total added rules: 264 Total modified rules: 1006 Total removed rules: 19 [] ProApps Security IDS Rules Changelog started Tue May 24 17:34:57 2016 [] [+++] Added rules: 27 [+++] 2022834 - ProApps CURRENT_EVENTS Possible Malicious Macro DL BIN May 2016 (No UA) (current_events.rules) 2022835 - ProApps TROJAN PowerShell/Agent.A DNS Lookup (go0gIe.com) (trojan.rules) 2022836 - ProApps TROJAN PowerShell/Agent.A DNS Checkin (trojan.rules) 2022837 - ProApps TROJAN PowerShell/Agent.A DNS File Transfer CnC Beacon (trojan.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820322 - ProApps MOBILE_MALWARE Android.Trojan.HiddenApp.KB Checkin (mobile_malware.rules) 2820323 - ProApps TROJAN MSIL/SilentShade Ransomware CnC Checkin (trojan.rules) 2820324 - ProApps TROJAN MSIL/SilentShade Ransomware CnC Checkin 2 (trojan.rules) 2820325 - ProApps MALWARE Mindspark Adware/PUA User Agent (malware.rules) 2820326 - ProApps TROJAN Zyklon Ransomware Checkin (trojan.rules) 2820327 - ProApps TROJAN Panda Banker Malicious SSL Certificate Detected (trojan.rules) 2820328 - ProApps TROJAN PowerShell/Agent.A HTTP CnC Beacon (trojan.rules) 2820329 - ProApps CURRENT_EVENTS Successful Citizenbank Phish May 24 M1 (current_events.rules) 2820330 - ProApps CURRENT_EVENTS Successful Citizenbank Phish May 24 M2 (current_events.rules) 2820331 - ProApps TROJAN Win32/Solcno.A Retrieving Payload (trojan.rules) 2820332 - ProApps CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing Landing Page May 24 M1 (current_events.rules) 2820333 - ProApps CURRENT_EVENTS Tripod/Lycos Spanish Webmail Phishing Landing Page May 24 M2 (current_events.rules) 2820334 - ProApps POLICY Tripod/Lycos Form Submission - Possible Successful Phish (policy.rules) 2820335 - ProApps MALWARE MSIL/Adware.JoeDown.A Requesting Download (malware.rules) 2820336 - ProApps TROJAN PoisonIvy Keepalive to CnC 377 (trojan.rules) 2820337 - ProApps TROJAN PoisonIvy Keepalive to CnC 378 (trojan.rules) 2820338 - ProApps TROJAN PoisonIvy Keepalive to CnC 379 (trojan.rules) 2820339 - ProApps TROJAN PoisonIvy Keepalive to CnC 380 (trojan.rules) 2820340 - ProApps TROJAN PoisonIvy Keepalive to CnC 381 (trojan.rules) 2820341 - ProApps TROJAN PoisonIvy Keepalive to CnC 382 (trojan.rules) 2820342 - ProApps TROJAN Win32/Banker Checkin 1 (trojan.rules) 2820343 - ProApps TROJAN Win32/Banker Checkin 2 (trojan.rules) [+++] Modify rules: 27 [+++] 2019780 - ProApps MALWARE Win32/CloudScout Checkin (malware.rules) 2020978 - ProApps TROJAN DDoS.Win32.Agent.bay Variant Covert Channel (VERSONEX) (trojan.rules) 2022594 - ProApps TROJAN Possible Godzilla Loader Base64 Filename (trojan.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8090 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2820260 - ProApps TROJAN Win32/DMA Locker CnC Checkin (trojan.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Mon May 23 17:26:57 2016 [] [+++] Added rules: 15 [+++] 2820307 - ProApps WEB_CLIENT Microsoft Rich Text File download with Possible Exploit (CVE-2015-1770) (web_client.rules) 2820308 - ProApps CURRENT_EVENTS Neutrino EK Payload May 23 2016 (current_events.rules) 2820309 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.kx Checkin (mobile_malware.rules) 2820310 - ProApps TROJAN PoisonIvy Keepalive to CnC 374 (trojan.rules) 2820311 - ProApps TROJAN PoisonIvy Keepalive to CnC 375 (trojan.rules) 2820312 - ProApps TROJAN PoisonIvy Keepalive to CnC 376 (trojan.rules) 2820313 - ProApps TROJAN Cript 1.0 Ransomware Installed (trojan.rules) 2820314 - ProApps TROJAN Cript 1.0 Ransomware Disk Checkin (trojan.rules) 2820315 - ProApps TROJAN Cript 1.0 Ransomware File Checkin (trojan.rules) 2820316 - ProApps TROJAN MSIL/SNSLocker Ransomware Checkin 1 (trojan.rules) 2820317 - ProApps TROJAN MSIL/SNSLocker Ransomware Checkin 2 (trojan.rules) 2820318 - ProApps TROJAN Win32.Crypren/Zcrypt Ransomware Checkin (trojan.rules) 2820319 - ProApps TROJAN Win32/Bafruz.L Activity (trojan.rules) 2820320 - ProApps TROJAN Win32/Nitedrem.E CnC 2 (trojan.rules) 2820321 - ProApps TROJAN Cript 1.0 Ransomware Encrypt Job Complete (trojan.rules) [+++] Modify rules: 18 [+++] 2007695 - ProApps POLICY Windows 98 User-Agent Detected - Possible Malware or Non-Updated System (policy.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2815254 - ProApps CURRENT_EVENTS Possible Nuclear EK Payload Dec 06 2015 M2 (current_events.rules) 2816218 - ProApps TROJAN Loxes CnC Beacon (trojan.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Fri May 20 16:02:45 2016 [] [+++] Added rules: 22 [+++] 2022833 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (ZeuS CnC) (trojan.rules) 2820286 - ProApps WEB_CLIENT Adobe Flash Uncompressed Possible (CVE-2016-4117) (web_client.rules) 2820287 - ProApps MALWARE Win32/Adware.OpenCandy PUP Activity (malware.rules) 2820288 - ProApps TROJAN Bolek/Kbot CnC Checkin (trojan.rules) 2820289 - ProApps TROJAN Win32/Spy.Banker.ACTW Checkin (trojan.rules) 2820290 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (android-securityupdate.com) (trojan.rules) 2820291 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (cibc-clients.com) (trojan.rules) 2820292 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (cibc-security.com) (trojan.rules) 2820293 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (knutesecos.com) (trojan.rules) 2820294 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (mensabuxus.net) (trojan.rules) 2820295 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (ogrthuvfewfdcfri5euwg.com) (trojan.rules) 2820296 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (ogrthuvwfdcfri5euwg.com) (trojan.rules) 2820297 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (rogers-ca.com) (trojan.rules) 2820298 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (rogers-clients.com) (trojan.rules) 2820299 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (signin-rogers.com) (trojan.rules) 2820300 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (signin-tangerine.com) (trojan.rules) 2820301 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-ca.com) (trojan.rules) 2820302 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-can.com) (trojan.rules) 2820303 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-security.com) (trojan.rules) 2820304 - ProApps TROJAN Bolek/Kbot CnC DNS Lookup (tangerine-zone.com) (trojan.rules) 2820305 - ProApps TROJAN PoisonIvy Keepalive to CnC 373 (trojan.rules) 2820306 - ProApps CURRENT_EVENTS Sundown/Xer EK Ladning May 20 2016 (current_events.rules) [+++] Modify rules: 61 [+++] 2022627 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2810083 - ProApps MOBILE_MALWARE PUP Android/Igexin.C Checkin (mobile_malware.rules) 2816226 - ProApps CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M1 (current_events.rules) 2816227 - ProApps CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M2 (current_events.rules) 2816228 - ProApps CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M3 (current_events.rules) 2816229 - ProApps CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M4 (current_events.rules) 2816230 - ProApps CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M5 (current_events.rules) 2816231 - ProApps CURRENT_EVENTS SunDown EK Landing Feb 13 2016 M6 (current_events.rules) 2820083 - ProApps CURRENT_EVENTS CVE-2013-2551 M1 (b641) Observed in Sundown/Xer EK (current_events.rules) 2820084 - ProApps CURRENT_EVENTS CVE-2013-2551 M1 (b642) Observed in Sundown/Xer EK (current_events.rules) 2820085 - ProApps CURRENT_EVENTS CVE-2013-2551 M1 (b643) Observed in Sundown/Xer EK (current_events.rules) 2820086 - ProApps CURRENT_EVENTS CVE-2015-2419 M1 (b641) Observed in Sundown/Xer EK (current_events.rules) 2820087 - ProApps CURRENT_EVENTS CVE-2015-2419 M1 (b642) Observed in Sundown/Xer EK (current_events.rules) 2820088 - ProApps CURRENT_EVENTS CVE-2015-2419 M1 (b643) Observed in Sundown/Xer EK (current_events.rules) 2820089 - ProApps CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 (b641) (current_events.rules) 2820090 - ProApps CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 (b642) (current_events.rules) 2820091 - ProApps CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 (b642) (current_events.rules) 2820093 - ProApps CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 M2 (b641) (current_events.rules) 2820094 - ProApps CURRENT_EVENTS Sundown/Xer EK Landing May 05 2016 M2 (b642) (current_events.rules) 2820249 - ProApps TROJAN Observed Malvertising Domain SSL Cert (trojan.rules) [+++] Removed rules: 2 [+++] 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Thu May 19 16:33:24 2016 [] [+++] Added rules: 19 [+++] 2022829 - ProApps MALWARE TopTools PUP Install Activity (malware.rules) 2022830 - ProApps CURRENT_EVENTS Possible Malicious Macro DL EXE May 2016 (Mozilla compatible) (current_events.rules) 2022831 - ProApps TROJAN Hidden-Tear Ransomware Variant (.bloccato) DNS Request to CnC Domain (trojan.rules) 2022832 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820207 - ProApps POLICY Android ADAD Client Checkin (policy.rules) 2820273 - ProApps TROJAN W32/Bayrob Attempted Checkin (trojan.rules) 2820274 - ProApps TROJAN Ixeshe SSL Cert (trojan.rules) 2820275 - ProApps TROJAN PoisonIvy Keepalive to CnC 370 (trojan.rules) 2820276 - ProApps TROJAN PoisonIvy Keepalive to CnC 371 (trojan.rules) 2820277 - ProApps TROJAN PoisonIvy Keepalive to CnC 372 (trojan.rules) 2820278 - ProApps POLICY DNS Query to .onion proxy Domain (onion.net) (policy.rules) 2820279 - ProApps POLICY DNS Query to .onion proxy Domain (onion.org) (policy.rules) 2820280 - ProApps POLICY DNS Query to .onion proxy Domain (torspaces.li) (policy.rules) 2820281 - ProApps POLICY DNS Query to .onion proxy Domain (torclever.li) (policy.rules) 2820282 - ProApps POLICY DNS Query to .onion proxy Domain (torspeed.li) (policy.rules) 2820283 - ProApps TROJAN CoinMiner Known Malicious Stratum Authline (2016-05-19) (trojan.rules) 2820284 - ProApps POLICY DNS Query to .onion proxy Domain (easypaybtc.com) (policy.rules) 2820285 - ProApps MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.az Checkin 3 (mobile_malware.rules) [+++] Modify rules: 31 [+++] 2022789 - ProApps WEB_SERVER ImageMagick CVE-2016-3714 Inbound (mvg) (web_server.rules) 2022790 - ProApps WEB_SERVER ImageMagick CVE-2016-3714 Inbound (svg) (web_server.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3443 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2820059 - ProApps MOBILE_MALWARE Trojan-SMS.AndroidOS.Tiny.az Checkin 2 (mobile_malware.rules) [+++] Removed rules: 6 [+++] 2815135 - ProApps MALWARE TopTools PUP Install Activity (malware.rules) 2815164 - ProApps TROJAN W32/Bayrob Attempted Checkin 1 (trojan.rules) 2815165 - ProApps TROJAN W32/Bayrob Attempted Checkin 2 (trojan.rules) 2815166 - ProApps TROJAN W32/Bayrob Attempted Checkin 3 (trojan.rules) 2815167 - ProApps TROJAN W32/Bayrob Attempted Checkin 4 (trojan.rules) 2820207 - ProApps MOBILE_MALWARE Android Adware ADAD Client sending phone info (mobile_malware.rules) [] ProApps Security IDS Rules Changelog started Wed May 18 16:37:39 2016 [] [+++] Added rules: 1 [+++] 2022817 - ProApps TROJAN Ransomware Locky .onion Payment Domain (eqrvbczir5ua2emd) (trojan.rules) [+++] Modify rules: 43 [+++] 2022736 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Qadars CnC) (trojan.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1863 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5900 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2820257 - ProApps MOBILE_MALWARE TTrojan-FakeAV.AndroidOS.Balsec.a Downloading APK (mobile_malware.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Tue May 17 17:07:19 2016 [] [+++] Added rules: 18 [+++] 2022811 - ProApps TROJAN NOVO_G0LP3 Checkin (trojan.rules) 2022812 - ProApps MALWARE Successful QuizScope Installation (malware.rules) 2022813 - ProApps MALWARE SearchProtect PUA User-Agent Observed (malware.rules) 2022814 - ProApps MALWARE Conduit Trovi Adware/PUA (malware.rules) 2022815 - ProApps POLICY Possible SQLi Attempt in User Agent (Outbound) (policy.rules) 2022816 - ProApps WEB_SERVER Possible SQLi Attempt in User Agent (Inbound) (web_server.rules) 2820249 - ProApps TROJAN Observed Domain SSL Cert (trojan.rules) 2820250 - ProApps TROJAN Unknown Checkin (via requestb.in) (trojan.rules) 2820251 - ProApps MOBILE_MALWARE RiskTool.AndroidOS.Altcha.a Checkin (mobile_malware.rules) 2820252 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.bh Checkin (mobile_malware.rules) 2820253 - ProApps TROJAN Unknown Python RAT Checkin (trojan.rules) 2820254 - ProApps TROJAN Unknown Python RAT Keepalive (trojan.rules) 2820255 - ProApps TROJAN PoisonIvy Keepalive to CnC 367 (trojan.rules) 2820256 - ProApps TROJAN Win32.Troj.Cidox Checkin 2 (trojan.rules) 2820257 - ProApps MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Balsec.a Downloading Config (mobile_malware.rules) 2820258 - ProApps MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Balsec.a Downloading Config (mobile_malware.rules) 2820259 - ProApps TROJAN Ursnif Inject CnC Request 4 (trojan.rules) 2820260 - ProApps TROJAN Win32/DMA Locker CnC Checkin (trojan.rules) [+++] Modify rules: 141 [+++] 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2806258 - ProApps TROJAN Backdoor/Winnti.l CnC traffic (trojan.rules) 2820207 - ProApps MOBILE_MALWARE Android Adware ADAD Client sending phone info (mobile_malware.rules) [+++] Removed rules: 2 [+++] 2019077 - ProApps CURRENT_EVENTS Possible Upatre SSL Cert venturesonsite.com (current_events.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) [] ProApps Security IDS Rules Changelog started Mon May 16 18:54:47 2016 [] [+++] Added rules: 59 [+++] 2022806 - ProApps TROJAN Ransomware Locky .onion Payment Domain (hw5qrh6fxv2tnaqn) (trojan.rules) 2022807 - ProApps MALWARE Win32/InstallCore Initial Install Activity 1 (malware.rules) 2022808 - ProApps MALWARE Taplika Browser Hijacker Status Messages (malware.rules) 2022809 - ProApps MALWARE Taplika Browser Hijacker Checkin M1 (malware.rules) 2022810 - ProApps MALWARE Taplika Browser Hijacker Checkin M2 (malware.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) 2403384 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 85 (ciarmy.rules) 2403385 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 86 (ciarmy.rules) 2403386 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 87 (ciarmy.rules) 2403387 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 88 (ciarmy.rules) 2403388 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 89 (ciarmy.rules) 2403389 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 90 (ciarmy.rules) 2403390 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 91 (ciarmy.rules) 2403391 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 92 (ciarmy.rules) 2403392 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 93 (ciarmy.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2820208 - ProApps TROJAN Possible Metasploit Payload (AB Template PDB) (trojan.rules) 2820209 - ProApps CURRENT_EVENTS Hunter EK SilverLight Exploit Construct May 14 2016 (current_events.rules) 2820210 - ProApps CURRENT_EVENTS Hunter EK URI Struct May 14 2016 (current_events.rules) 2820211 - ProApps CURRENT_EVENTS Hunter EK Landing May 14 2016 (current_events.rules) 2820212 - ProApps CURRENT_EVENTS Hunter EK URI Struct May 14 2016 M2 (current_events.rules) 2820213 - ProApps CURRENT_EVENTS Hunter EK Flash Exploit URI Struct (current_events.rules) 2820214 - ProApps TROJAN W32/Banload.BDN Variant Checkin (trojan.rules) 2820215 - ProApps TROJAN PoisonIvy Keepalive to CnC 351 (trojan.rules) 2820216 - ProApps TROJAN PoisonIvy Keepalive to CnC 352 (trojan.rules) 2820217 - ProApps TROJAN PoisonIvy Keepalive to CnC 353 (trojan.rules) 2820218 - ProApps TROJAN PoisonIvy Keepalive to CnC 354 (trojan.rules) 2820219 - ProApps TROJAN PoisonIvy Keepalive to CnC 355 (trojan.rules) 2820220 - ProApps TROJAN PoisonIvy Keepalive to CnC 356 (trojan.rules) 2820221 - ProApps TROJAN PoisonIvy Keepalive to CnC 357 (trojan.rules) 2820222 - ProApps TROJAN PoisonIvy Keepalive to CnC 358 (trojan.rules) 2820223 - ProApps TROJAN PoisonIvy Keepalive to CnC 359 (trojan.rules) 2820224 - ProApps TROJAN PoisonIvy Keepalive to CnC 360 (trojan.rules) 2820225 - ProApps TROJAN PoisonIvy Keepalive to CnC 361 (trojan.rules) 2820226 - ProApps TROJAN PoisonIvy Keepalive to CnC 362 (trojan.rules) 2820227 - ProApps TROJAN PoisonIvy Keepalive to CnC 363 (trojan.rules) 2820228 - ProApps TROJAN PoisonIvy Keepalive to CnC 364 (trojan.rules) 2820229 - ProApps TROJAN PoisonIvy Keepalive to CnC 365 (trojan.rules) 2820230 - ProApps TROJAN PoisonIvy Keepalive to CnC 366 (trojan.rules) 2820231 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Blouns.b Checkin (mobile_malware.rules) 2820232 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Blouns.b Checkin 2 (mobile_malware.rules) 2820233 - ProApps POLICY DNS Query to .onion proxy Domain (toradmin.li) (policy.rules) 2820234 - ProApps POLICY DNS Query to .onion proxy Domain (torbook.li) (policy.rules) 2820235 - ProApps TROJAN Trojan.Adkor Checkin (trojan.rules) 2820236 - ProApps CURRENT_EVENTS Successful Mailbox Update Weebly Phish May 16 (current_events.rules) 2820237 - ProApps CURRENT_EVENTS Successful Dropbox Phish May 16 (current_events.rules) 2820238 - ProApps CURRENT_EVENTS Successful DHL Phish May 16 (current_events.rules) 2820239 - ProApps CURRENT_EVENTS Mailbox Update Phishing Landing M1 May 16 (current_events.rules) 2820240 - ProApps CURRENT_EVENTS Mailbox Update Phishing Landing M2 May 16 (current_events.rules) 2820241 - ProApps CURRENT_EVENTS Successful Mailbox Shutdown Phish May 16 M1 (current_events.rules) 2820242 - ProApps CURRENT_EVENTS Successful Mailbox Shutdown Phish May 16 M2 (current_events.rules) 2820243 - ProApps CURRENT_EVENTS Successful Mailbox Shutdown Phish May 16 M3 (current_events.rules) 2820244 - ProApps TROJAN Possible Metasploit Payload Common Construct Bind_API (from server) (trojan.rules) 2820245 - ProApps TROJAN Possible Metasploit Payload Common Construct Bind_API (from server) (trojan.rules) 2820246 - ProApps TROJAN CoinMiner Known Malicious Stratum Authline (2016-05-16 1) (trojan.rules) 2820247 - ProApps CURRENT_EVENTS Netwire Dropper Checkin May 16 (current_events.rules) 2820248 - ProApps CURRENT_EVENTS Adobe Document Base64 Phishing Landing May 16 (current_events.rules) [+++] Modify rules: 159 [+++] 2400000 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2400031 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 1 [+++] 2820187 - ProApps MALWARE Win32/InstallCore Initial Install Activity 1 (malware.rules) [] ProApps Security IDS Rules Changelog started Fri May 13 17:30:57 2016 [] [+++] Added rules: 19 [+++] 2022804 - ProApps TROJAN Win32.Sality-GR Checkin 2 (trojan.rules) 2022805 - ProApps CURRENT_EVENTS Evil Redirect Leading to EK May 13 2016 (current_events.rules) 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2820192 - ProApps TROJAN Win32/Spy.Autoit.CK .onion Proxy Domain (trojan.rules) 2820193 - ProApps TROJAN Drixed .onion Proxy Domain (trojan.rules) 2820194 - ProApps EXPLOIT Novell ServiceDesk Authenticated File Upload (CVE-2016-1593) (exploit.rules) 2820195 - ProApps EXPLOIT Novell ServiceDesk Authenticated Remote Code Execution (CVE-2016-1593) (exploit.rules) 2820196 - ProApps TROJAN Unknown Likely APT CnC Beacon M1 (trojan.rules) 2820197 - ProApps TROJAN Unknown Likely APT CnC Beacon M2 (trojan.rules) 2820198 - ProApps TROJAN Win32/Unknown CnC Checkin (trojan.rules) 2820199 - ProApps TROJAN PoisonIvy Keepalive to CnC 346 (trojan.rules) 2820200 - ProApps TROJAN PoisonIvy Keepalive to CnC 347 (trojan.rules) 2820201 - ProApps TROJAN PoisonIvy Keepalive to CnC 348 (trojan.rules) 2820202 - ProApps TROJAN PoisonIvy Keepalive to CnC 349 (trojan.rules) 2820203 - ProApps TROJAN PoisonIvy Keepalive to CnC 350 (trojan.rules) 2820204 - ProApps TROJAN W32/Saber Conn Check (trojan.rules) 2820205 - ProApps TROJAN W32/Saber Checkin (trojan.rules) 2820206 - ProApps TROJAN W32/Saber Server Response (trojan.rules) 2820207 - ProApps MOBILE_MALWARE Trojan-FakeAV.AndroidOS.Balsec.a Checkin (mobile_malware.rules) [+++] Modify rules: 130 [+++] 2016539 - ProApps CURRENT_EVENTS Java Download non Jar file (current_events.rules) 2021079 - ProApps TROJAN Enfal CnC POST (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2812914 - ProApps WEB_CLIENT Possible Windows Media Center Remote Code Execution (CVE-2015-2509) 1 (web_client.rules) 2812915 - ProApps WEB_CLIENT Possible Windows Media Center Remote Code Execution (CVE-2015-2509) 2 (web_client.rules) [+++] Removed rules: 1 [+++] 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Thu May 12 17:13:14 2016 [] [+++] Added rules: 9 [+++] 2000349 - ProApps POLICY IRC DCC file transfer request on non-std port (policy.rules) 2820184 - ProApps ATTACK_RESPONSE IndoXploit Shell Uploader Inbound (attack_response.rules) 2820185 - ProApps WEB_SERVER Apache Struts Dynamic Method Invocation Remote Code Execution (2016-3081) (web_server.rules) 2820186 - ProApps MOBILE_MALWARE Android Unknown Trojan Checkin (mobile_malware.rules) 2820187 - ProApps MALWARE Win32/InstallCore Initial Install Activity 1 (malware.rules) 2820188 - ProApps MALWARE Win32/InstallCore Initial Install Activity 2 (malware.rules) 2820189 - ProApps TROJAN PoisonIvy Keepalive to CnC 343 (trojan.rules) 2820190 - ProApps TROJAN PoisonIvy Keepalive to CnC 344 (trojan.rules) 2820191 - ProApps TROJAN PoisonIvy Keepalive to CnC 345 (trojan.rules) [+++] Modify rules: 132 [+++] 2014726 - ProApps POLICY Outdated Windows Flash Version IE (policy.rules) 2022627 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2806934 - ProApps TROJAN Worm.Win32/Mimail.E@mm CnC (ICMP) (trojan.rules) 2815107 - ProApps MOBILE_MALWARE Android.Trojan.SLocker.GL Checkin (mobile_malware.rules) 2815122 - ProApps CURRENT_EVENTS Malicious Redirect Leading to EK Nov 28 2015 (current_events.rules) [+++] Removed rules: 2 [+++] 2000349 - ProApps TROJAN IRC DCC file transfer request on non-std port (trojan.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 65267 Group 1 (botcc.portgrouped.rules) [] ProApps Security IDS Rules Changelog started Wed May 11 17:14:15 2016 [] [+++] Added rules: 14 [+++] 2022802 - ProApps CURRENT_EVENTS Microsoft Fake Support Phone Scam May 10 (current_events.rules) 2022803 - ProApps INFO Flowbit set for POST to Quicken Updater (info.rules) 2819940 - ProApps CURRENT_EVENTS Angler EK Landing Apr 26 2016 T2 M7 (current_events.rules) 2820172 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.jl Checkin (mobile_malware.rules) 2820173 - ProApps TROJAN Malicious SSL certificate detected (Gozi CnC) (trojan.rules) 2820174 - ProApps TROJAN Observed Malvertising Domain SSL Cert (trojan.rules) 2820175 - ProApps TROJAN Ruckguv Downloader Fetching Modules (trojan.rules) 2820176 - ProApps TROJAN Unknown Banker.BR Checkin (trojan.rules) 2820177 - ProApps TROJAN Unknown Locker C2 domain (trojan.rules) 2820178 - ProApps TROJAN Unknown Locker C2 domain (trojan.rules) 2820179 - ProApps TROJAN CryptXXX Possible Payment Page (trojan.rules) 2820180 - ProApps MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.by Checkin (mobile_malware.rules) 2820181 - ProApps MOBILE_MALWARE Trojan-Dropper.AndroidOS.Agent.by Checkin 2 (mobile_malware.rules) 2820182 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.ic Checkin (mobile_malware.rules) [+++] Modify rules: 133 [+++] 2008438 - ProApps MALWARE Possible Windows executable sent when remote host claims to send a Text File (malware.rules) 2020896 - ProApps CURRENT_EVENTS DRIVEBY Router DNS Changer Apr 07 2015 M2 (current_events.rules) 2022500 - ProApps CURRENT_EVENTS Xbagger Macro Encrypted DL (current_events.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 65267 Group 1 (botcc.portgrouped.rules) 2816510 - ProApps CURRENT_EVENTS Angler EK Landing Mar 02 2016 M2 T2 (current_events.rules) 2819978 - ProApps TROJAN Tordal/Hancitor/Chanitor (trojan.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Tue May 10 17:13:40 2016 [] [+++] Added rules: 16 [+++] 2022801 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules) 2820119 - ProApps WEB_CLIENT Possible Microsoft Internet Explorer Null Array Base (CVE-2016-0192) (web_client.rules) 2820154 - ProApps CURRENT_EVENTS Successful Gmail Account Update Phish May 10 (current_events.rules) 2820155 - ProApps CURRENT_EVENTS French Gmail Account Update Phishing Landing May 10 (current_events.rules) 2820156 - ProApps TROJAN Ransomware/Cerber Onion Domain Lookup (trojan.rules) 2820159 - ProApps MOBILE_MALWARE Trojan-Ransom.AndroidOS.Agent.r Checkin (mobile_malware.rules) 2820160 - ProApps MALWARE Win32/NEWSPOT Adware Config Request (malware.rules) 2820161 - ProApps MALWARE MSIL/Testing24 Adware Initial Request (malware.rules) 2820162 - ProApps TROJAN NanoCore RAT CnC 9 (trojan.rules) 2820165 - ProApps TROJAN PoisonIvy Keepalive to CnC 337 (trojan.rules) 2820166 - ProApps TROJAN PoisonIvy Keepalive to CnC 338 (trojan.rules) 2820167 - ProApps TROJAN PoisonIvy Keepalive to CnC 339 (trojan.rules) 2820168 - ProApps TROJAN PoisonIvy Keepalive to CnC 340 (trojan.rules) 2820169 - ProApps TROJAN PoisonIvy Keepalive to CnC 341 (trojan.rules) 2820170 - ProApps TROJAN PoisonIvy Keepalive to CnC 342 (trojan.rules) 2820171 - ProApps TROJAN Hawkeye/HawkSpy Email Report (trojan.rules) [+++] Modify rules: 1 [+++] 2816494 - ProApps MOBILE_MALWARE Android/Spy.Agent.SZ Checkin (mobile_malware.rules) [+++] Removed rules: 1 [+++] 2820119 - ProApps EXPLOIT Possible IE Null Array Base (CVE-2016-0192) (exploit.rules) [] ProApps Security IDS Rules Changelog started Tue May 10 13:36:25 2016 [*] [+++] Added rules: 45 [+++] 2820108 - ProApps MOBILE_MALWARE Android/TrojanSMS.FakeInst.FP Checkin (mobile_malware.rules) 2820110 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0171) (exploit.rules) 2820111 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0172) (exploit.rules) 2820112 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0173) (exploit.rules) 2820113 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0174) (exploit.rules) 2820114 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0176) (exploit.rules) 2820115 - ProApps EXPLOIT Possible EDGE UAF (CVE-2016-0184) (exploit.rules) 2820116 - ProApps EXPLOIT Windows Media Center RCE Inbound Payload (CVE-2016-0185) (exploit.rules) 2820117 - ProApps WEB_CLIENT Internet Explorer Memory Corruption Vulnerability (CVE-2016-0189) (web_client.rules) 2820118 - ProApps EXPLOIT EDGE Uninitalized Stack Pointer Use (CVE-2016-0191) (exploit.rules) 2820119 - ProApps EXPLOIT Possible IE Null Array Base (CVE-2016-0192) (exploit.rules) 2820120 - ProApps EXPLOIT Possible EDGE OOB Access (CVE-2016-0193) (exploit.rules) 2820121 - ProApps EXPLOIT Win32k Elevation of Privilege Vulnerability Inbound (CVE-2016-0196) (exploit.rules) 2820122 - ProApps WEB_CLIENT Adobe PDF Universal 3D file corrupted download (CVE-2016-1037) (web_client.rules) 2820123 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1038) (web_client.rules) 2820124 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1039) (web_client.rules) 2820125 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1040) (web_client.rules) 2820126 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1041) (web_client.rules) 2820127 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1042) (web_client.rules) 2820128 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1043) (web_client.rules) 2820129 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1044) (web_client.rules) 2820130 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1045) (web_client.rules) 2820131 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1050) (web_client.rules) 2820132 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1051) (web_client.rules) 2820133 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1052) (web_client.rules) 2820134 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1053) (web_client.rules) 2820135 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1054) (web_client.rules) 2820136 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1055) (web_client.rules) 2820137 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1061) (web_client.rules) 2820138 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1062) (web_client.rules) 2820139 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1064) (web_client.rules) 2820140 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1065) (web_client.rules) 2820141 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1067) (web_client.rules) 2820142 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1068) (web_client.rules) 2820143 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1069) (web_client.rules) 2820144 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1072) (web_client.rules) 2820145 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1073) (web_client.rules) 2820146 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1079) (web_client.rules) 2820147 - ProApps WEB_CLIENT Possible Adobe Reader (CVE-2016-1079) (web_client.rules) 2820148 - ProApps WEB_CLIENT Possible Adobe Acrobat Reader (CVE-2016-1081) (web_client.rules) 2820149 - ProApps WEB_CLIENT Possible Adobe Acrobat Reader (CVE-2016-1082) (web_client.rules) 2820150 - ProApps WEB_CLIENT Possible Adobe Acrobat Reader (CVE-2016-1083) (web_client.rules) 2820151 - ProApps WEB_CLIENT Possible Adobe Acrobat Reader (CVE-2016-1084) (web_client.rules) 2820152 - ProApps WEB_CLIENT Possible Adobe Acrobat Reader (CVE-2016-1085) (web_client.rules) 2820153 - ProApps WEB_CLIENT Possible Adobe Acrobat Reader (CVE-2016-1086) (web_client.rules) [+++] Modify rules: 130 [+++] 2022550 - ProApps CURRENT_EVENTS Possible Malicious Macro DL EXE Feb 2016 (current_events.rules) 2022566 - ProApps CURRENT_EVENTS Possible Malicious Macro EXE DL AlphaNumL (current_events.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2403367 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 68 (ciarmy.rules) 2403368 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 69 (ciarmy.rules) 2403369 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 70 (ciarmy.rules) 2403370 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 71 (ciarmy.rules) 2403371 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 72 (ciarmy.rules) 2403372 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 73 (ciarmy.rules) 2403373 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 74 (ciarmy.rules) 2403374 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 75 (ciarmy.rules) 2403375 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 76 (ciarmy.rules) 2403376 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 77 (ciarmy.rules) 2403377 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 78 (ciarmy.rules) 2403378 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 79 (ciarmy.rules) 2403379 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 80 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1863 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 4 [+++] 2403380 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 81 (ciarmy.rules) 2403381 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 82 (ciarmy.rules) 2403382 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 83 (ciarmy.rules) 2403383 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 84 (ciarmy.rules) Read more »

Apr 12	ProApps Security IDS Rules Changelog 2016-04-12 Postado por Rafael Honorato on 12/Apr 13:15
[*] Summary 2016-04-12 [] Total added rules: 55 Total modified rules: 346 Total removed rules: 15 [] ProApps Security IDS Rules Changelog started Fri Apr 8 21:08:07 2016 [] [+++] Added rules: 1 [+++] 2819659 - ProApps CURRENT_EVENTS Angler EK Landing Apr 08 2016 (current_events.rules) [+++] Modify rules: 1 [+++] 2816512 - ProApps CURRENT_EVENTS Angler EK Landing Mar 02 2016 M1 T3 (current_events.rules) [+++] Removed rules: 0 [+++] [] ProApps Security IDS Rules Changelog started Fri Apr 8 18:33:48 2016 [] [+++] Added rules: 21 [+++] 2022716 - ProApps MALWARE OSX/Adware.Pirrit CnC Checkin (malware.rules) 2022717 - ProApps MALWARE OSX/Adware.Pirrit CnC Activity 1 (malware.rules) 2022718 - ProApps MALWARE OSX/Adware.Pirrit CnC Activity 2 (malware.rules) 2022719 - ProApps MALWARE OSX/Adware.Pirrit Web Injects (malware.rules) 2022720 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules) 2022721 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2815218 - ProApps MALWARE Win32/Adware.Adposhel.A Checkin (malware.rules) 2819645 - ProApps MOBILE_MALWARE Android.Trojan.SmsSpy.CY Checkin (mobile_malware.rules) 2819646 - ProApps CURRENT_EVENTS Angler EK Payload Apr 08 2016 (current_events.rules) 2819647 - ProApps CURRENT_EVENTS Possible SunDown/Xer EK Payload Apr 08 M1 (current_events.rules) 2819648 - ProApps CURRENT_EVENTS SunDown/Xer Payload (URL Primer) (current_events.rules) 2819649 - ProApps CURRENT_EVENTS SunDown/Xer Payload M2 (current_events.rules) 2819650 - ProApps POLICY DNS Query to .onion proxy Domain (livecamshow.ch) (policy.rules) 2819651 - ProApps POLICY DNS Query to .onion proxy Domain (mainroom.ch) (policy.rules) 2819652 - ProApps POLICY DNS Query to .onion proxy Domain (torlink2.ru) (policy.rules) 2819653 - ProApps POLICY DNS Query to .onion proxy Domain (tormain.li) (policy.rules) 2819654 - ProApps POLICY DNS Query to .onion proxy Domain (tormaster.ch) (policy.rules) 2819655 - ProApps POLICY DNS Query to .onion proxy Domain (torstartup.ch) (policy.rules) 2819656 - ProApps POLICY DNS Query to .onion proxy Domain (truewargame.ch) (policy.rules) 2819658 - ProApps TROJAN CoinMiner Known malicious stratum authline (2016-04-08 1) (trojan.rules) [+++] Modify rules: 111 [+++] 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 23 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2888 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6677 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7771 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 32000 Group 1 (botcc.portgrouped.rules) 2816807 - ProApps CURRENT_EVENTS RIG EK Silverlight Exploit Mar 29 2016 (current_events.rules) [+++] Removed rules: 1 [+++] 2815218 - ProApps TROJAN Unknown CnC Checkin (trojan.rules) [] ProApps Security IDS Rules Changelog started Thu Apr 7 16:55:57 2016 [] [+++] Added rules: 15 [+++] 2022713 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (trojan.rules) 2022714 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC) (trojan.rules) 2022715 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules) 2816933 - ProApps CURRENT_EVENTS Angler EK Apr 07 2016 (current_events.rules) 2816934 - ProApps TROJAN Win32/Rubload.A SSL Cert (trojan.rules) 2816935 - ProApps MOBILE_MALWARE Android/TrojanSMS.FakeInst.GY Checkin (mobile_malware.rules) 2816936 - ProApps MOBILE_MALWARE Android/GinMaster.AL Checkin (mobile_malware.rules) 2816937 - ProApps TROJAN Bladabindi/njRAT Variant (sonia) CnC Checkin (trojan.rules) 2816938 - ProApps TROJAN Bladabindi/njRAT Variant (sonia) Sending Screenshot (trojan.rules) 2816939 - ProApps TROJAN PoisonIvy Keepalive to CnC 311 (trojan.rules) 2816940 - ProApps CURRENT_EVENTS Angler EK Payload/Flash Exploit URI Struct Mar 31 (current_events.rules) 2816941 - ProApps CURRENT_EVENTS Angler EK Flash Exploit URI Struct Apr 07 IE (current_events.rules) 2816942 - ProApps TROJAN Possible Derusbi DNS Lookup (trojan.rules) 2816943 - ProApps TROJAN Possible Derusbi SSL Cert (trojan.rules) 2816944 - ProApps MOBILE_MALWARE Android.Smsreg.CS Checkin (mobile_malware.rules) [+++] Modify rules: 121 [+++] 2014726 - ProApps POLICY Outdated Windows Flash Version IE (policy.rules) 2017587 - ProApps MOBILE_MALWARE Android/Opfake.A GetTask CnC Beacon (mobile_malware.rules) 2017588 - ProApps MOBILE_MALWARE Android/Opfake.A Country CnC Beacon (mobile_malware.rules) 2022306 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (FindPOS CnC) (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 23 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2888 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7771 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 32000 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2814578 - ProApps DNS SkullSecurity Encrypted Shell Possible Tunnel 2 (dns.rules) 2816877 - ProApps POLICY MSIL/Sharik.il SSL Cert (policy.rules) 2816923 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M2 Apr 06 (current_events.rules) 2816924 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M3 Apr 06 (current_events.rules) 2816926 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M5 Apr 06 (current_events.rules) 2816929 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M8 Apr 06 (current_events.rules) 2816930 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M9 Apr 06 (current_events.rules) [+++] Removed rules: 4 [+++] 2022703 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2806129 - ProApps MOBILE_MALWARE Trojan-SMS.AndroidOS.Opfake.a Checkin 3 (mobile_malware.rules) 2816865 - ProApps TROJAN Win32/Razy Variant SSL Cert (trojan.rules) [] ProApps Security IDS Rules Changelog started Wed Apr 6 17:43:30 2016 [*] [+++] Added rules: 18 [+++] 2022712 - ProApps EXPLOIT Dameware DMRC Buffer Overflow Attempt (CVE-2016-2345) (exploit.rules) 2816916 - ProApps TROJAN Various IRC Bot NICK Pattern Observed (trojan.rules) 2816917 - ProApps TROJAN ATRAPS Sending Screenshot (trojan.rules) 2816918 - ProApps CURRENT_EVENTS Microsoft Antimalware Phishing Landing Apr 5 (current_events.rules) 2816919 - ProApps TROJAN Possible Win32/Atraps Receiving Config via Image File (steganography) (trojan.rules) 2816920 - ProApps TROJAN Java/Ratty Windows Checkin (trojan.rules) 2816921 - ProApps TROJAN Win32/Unknown PWS Data Exfil (trojan.rules) 2816922 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M1 Apr 06 (current_events.rules) 2816923 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M2 Apr 06 (current_events.rules) 2816924 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M3 Apr 06 (current_events.rules) 2816925 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M4 Apr 06 (current_events.rules) 2816926 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M5 Apr 06 (current_events.rules) 2816927 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M6 Apr 06 (current_events.rules) 2816928 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M7 Apr 06 (current_events.rules) 2816929 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M8 Apr 06 (current_events.rules) 2816930 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M9 Apr 06 (current_events.rules) 2816931 - ProApps CURRENT_EVENTS Possible Angler EK Landing URI Struct M10 Apr 06 (current_events.rules) 2816932 - ProApps CURRENT_EVENTS Angler EK Landing with URI Primer Apr 06 (current_events.rules) [+++] Modify rules: 113 [+++] 2022627 - ProApps TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) (trojan.rules) 2022703 - ProApps TROJAN ABUSE.CH Ransomware Domain Detected (TorrentLocker C2) (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2403300 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 1 (ciarmy.rules) 2403301 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 2 (ciarmy.rules) 2403302 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 3 (ciarmy.rules) 2403303 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 4 (ciarmy.rules) 2403304 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 5 (ciarmy.rules) 2403305 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 6 (ciarmy.rules) 2403306 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 7 (ciarmy.rules) 2403307 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 8 (ciarmy.rules) 2403308 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 9 (ciarmy.rules) 2403309 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 10 (ciarmy.rules) 2403310 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 11 (ciarmy.rules) 2403311 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 12 (ciarmy.rules) 2403312 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 13 (ciarmy.rules) 2403313 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 14 (ciarmy.rules) 2403314 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 15 (ciarmy.rules) 2403315 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 16 (ciarmy.rules) 2403316 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 17 (ciarmy.rules) 2403317 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 18 (ciarmy.rules) 2403318 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 19 (ciarmy.rules) 2403319 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 20 (ciarmy.rules) 2403320 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 21 (ciarmy.rules) 2403321 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 22 (ciarmy.rules) 2403322 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 23 (ciarmy.rules) 2403323 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 24 (ciarmy.rules) 2403324 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 25 (ciarmy.rules) 2403325 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 26 (ciarmy.rules) 2403326 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 27 (ciarmy.rules) 2403327 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 28 (ciarmy.rules) 2403328 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 29 (ciarmy.rules) 2403329 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 30 (ciarmy.rules) 2403330 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 31 (ciarmy.rules) 2403331 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 32 (ciarmy.rules) 2403332 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 33 (ciarmy.rules) 2403333 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 34 (ciarmy.rules) 2403334 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 35 (ciarmy.rules) 2403335 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 36 (ciarmy.rules) 2403336 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 37 (ciarmy.rules) 2403337 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 38 (ciarmy.rules) 2403338 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 39 (ciarmy.rules) 2403339 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 40 (ciarmy.rules) 2403340 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 41 (ciarmy.rules) 2403341 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 42 (ciarmy.rules) 2403342 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 43 (ciarmy.rules) 2403343 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 44 (ciarmy.rules) 2403344 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 45 (ciarmy.rules) 2403345 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 46 (ciarmy.rules) 2403346 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 47 (ciarmy.rules) 2403347 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 48 (ciarmy.rules) 2403348 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 49 (ciarmy.rules) 2403349 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 50 (ciarmy.rules) 2403350 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 51 (ciarmy.rules) 2403351 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 52 (ciarmy.rules) 2403352 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 53 (ciarmy.rules) 2403353 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 54 (ciarmy.rules) 2403354 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 55 (ciarmy.rules) 2403355 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 56 (ciarmy.rules) 2403356 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 57 (ciarmy.rules) 2403357 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 58 (ciarmy.rules) 2403358 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 59 (ciarmy.rules) 2403359 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 60 (ciarmy.rules) 2403360 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 61 (ciarmy.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 23 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2888 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3921 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4367 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7771 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 8070 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 17405 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 32000 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 10 [+++] 2017494 - ProApps CURRENT_EVENTS Possible JavaFX Click To Run Bypass 1 (current_events.rules) 2017495 - ProApps CURRENT_EVENTS Possible JavaFX Click To Run Bypass 2 (current_events.rules) 2017496 - ProApps CURRENT_EVENTS Possible JavaFX Click To Run Bypass 3 (current_events.rules) 2403361 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 62 (ciarmy.rules) 2403362 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 63 (ciarmy.rules) 2403363 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 64 (ciarmy.rules) 2403364 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 65 (ciarmy.rules) 2403365 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 66 (ciarmy.rules) 2403366 - ProApps CINS Active Threat Intelligence Poor Reputation IP group 67 (ciarmy.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) Read more »

« Posts mais velhos Newer Posts »

Help Desk Software by Kayako suporte.freebsdbrasil.com.br:443/index.php?