Live Chat Software by Kayako |
Notícias
|
Sep 1 |
ProApps Security IDS Rules Changelog 2016-09-01
Postado por Rafael Honorato on 01/Sep 09:43
|
[***] Summary 2016-09-01 [***] Total added rules: 195 Total modified rules: 360 Total removed rules: 10 [***] ProApps Security IDS Rules Changelog started Wed Aug 31 17:49:18 2016 [***] [+++] Added rules: 0 [+++] [+++] Modify rules: 0 [+++] [+++] Removed rules: 1 [+++] 2103462 - ProApps TROJAN AgentTesla PWS HTTP CnC Checkin (trojan.rules) [***] ProApps Security IDS Rules Changelog started Wed Aug 31 16:35:22 2016 [***] [+++] Added rules: 33 [+++] 2023142 - ProApps TROJAN TorrentLocker DNS Lookup (bigcrashcar.net) (trojan.rules) 2103462 - ProApps TROJAN AgentTesla PWS HTTP CnC Checkin (trojan.rules) 2821922 - ProApps TROJAN Ursnif Variant Connectivity Check to gnu.org (trojan.rules) 2821923 - ProApps POLICY DNS Query to .onion proxy Domain (onion.my) (policy.rules) 2821924 - ProApps POLICY DNS Query to .onion proxy Domain (onion.tech) (policy.rules) 2821925 - ProApps POLICY DNS Query to .onion proxy Domain (hiddenservice.net) (policy.rules) 2821926 - ProApps POLICY DNS Query to .onion proxy Domain (onion.cl) (policy.rules) 2821927 - ProApps POLICY DNS Query to .onion proxy Domain (onion.it) (policy.rules) 2821928 - ProApps POLICY DNS Query to .onion proxy Domain (onion.ink) (policy.rules) 2821929 - ProApps POLICY DNS Query to .onion proxy Domain (onion.live) (policy.rules) 2821930 - ProApps POLICY DNS Query to .onion proxy Domain (torlink.co) (policy.rules) 2821931 - ProApps POLICY DNS Query to .onion proxy Domain (tor2.club) (policy.rules) 2821932 - ProApps POLICY DNS Query to .onion proxy Domain (onion.co) (policy.rules) 2821933 - ProApps TROJAN ReverseShell Download .onion Proxy Domain (trojan.rules) 2821934 - ProApps TROJAN Meterpreter .onion Proxy Domain (trojan.rules) 2821935 - ProApps CURRENT_EVENTS Successful Paypal Phish Aug 31 2016 (current_events.rules) 2821936 - ProApps CURRENT_EVENTS Successful Facebook Phish Aug 31 2016 (current_events.rules) 2821937 - ProApps CURRENT_EVENTS Successful Bank of America Phish M1 Aug 31 2016 (current_events.rules) 2821938 - ProApps CURRENT_EVENTS Successful Bank of America Phish M2 Aug 31 2016 (current_events.rules) 2821939 - ProApps CURRENT_EVENTS Successful Westpac Bank Phish Aug 31 2016 (current_events.rules) 2821940 - ProApps CURRENT_EVENTS Successful Wells Fargo Phish Aug 31 2016 (current_events.rules) 2821941 - ProApps CURRENT_EVENTS Successful FR Paypal Phish Aug 31 2016 (current_events.rules) 2821942 - ProApps CURRENT_EVENTS Successful Outlook Phish Aug 31 2016 (current_events.rules) 2821943 - ProApps CURRENT_EVENTS DHL Phishing Landing Aug 31 2016 (current_events.rules) 2821944 - ProApps CURRENT_EVENTS Successful Dropbox Phish Aug 31 2016 (current_events.rules) 2821945 - ProApps TROJAN Unknown Likely APT Retrieving Payload Embedded In PNG (trojan.rules) 2821946 - ProApps TROJAN Unknown Likely APT SSL Cert (legitimate website) (trojan.rules) 2821947 - ProApps TROJAN Unknown Likely APT SSL Cert (legitimate website) (trojan.rules) 2821948 - ProApps TROJAN Trojan.MSIL.Ranos.A Bot USER Command (trojan.rules) 2821949 - ProApps MALWARE Win32/CN.PUPDropper Checkin (malware.rules) 2821950 - ProApps TROJAN PoisonIvy Keepalive to CnC 500 (trojan.rules) 2821951 - ProApps TROJAN Ransomware/Cerber Onion Domain Lookup (trojan.rules) 2821952 - ProApps CURRENT_EVENTS Evil Redirector to EK - Observed Malicious SSL Cert (current_events.rules) [+++] Modify rules: 57 [+++] 2021977 - ProApps TROJAN NetWire / Ozone / Darktrack Alien RAT - Server Hello (trojan.rules) 2021978 - ProApps TROJAN NetWire / Ozone / Darktrack Alien RAT - Client KeepAlive (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 5546 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2809943 - ProApps MALWARE Win32/Adware.iBryte.BX CnC Beacon (malware.rules) 2816063 - ProApps TROJAN W32/Galaxy Keylogger IP Check (trojan.rules) 2820237 - ProApps CURRENT_EVENTS Successful Dropbox Phish May 16 (current_events.rules) 2821881 - ProApps INFO Suspicious Dropbox Page - Possible Phishing Landing (info.rules) 2821882 - ProApps INFO Suspicious Yahoo Page - Possible Phishing Landing (info.rules) 2821883 - ProApps INFO Suspicious Google Docs Page - Possible Phishing Landing (info.rules) [+++] Removed rules: 2 [+++] 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2816570 - ProApps TROJAN AgentTesla PWS HTTP CnC Checkin (trojan.rules) [***] ProApps Security IDS Rules Changelog started Tue Aug 30 16:16:05 2016 [***] [+++] Added rules: 36 [+++] 2821886 - ProApps TROJAN Bunitu CnC Beacon (trojan.rules) 2821887 - ProApps CURRENT_EVENTS Successful Paypal Phish Aug 30 2016 (current_events.rules) 2821888 - ProApps CURRENT_EVENTS Successful USAA Phish Aug 30 2016 (current_events.rules) 2821889 - ProApps TROJAN CoinMiner Known Malicious Stratum Authline (2016-08-30 1) (trojan.rules) 2821890 - ProApps TROJAN Likely Evil IRC BOT NICK Command (trojan.rules) 2821891 - ProApps TROJAN MSIL/Unknown IRC Bot NICK Command (trojan.rules) 2821892 - ProApps TROJAN NanoCore RAT CnC 16 (trojan.rules) 2821893 - ProApps MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.dj Checkin (mobile_malware.rules) 2821894 - ProApps MOBILE_MALWARE Trojan-Downloader.AndroidOS.Agent.dj Checkin 2 (mobile_malware.rules) 2821895 - ProApps TROJAN PoisonIvy Keepalive to CnC 492 (trojan.rules) 2821896 - ProApps TROJAN PoisonIvy Keepalive to CnC 493 (trojan.rules) 2821897 - ProApps TROJAN PoisonIvy Keepalive to CnC 494 (trojan.rules) 2821898 - ProApps TROJAN PoisonIvy Keepalive to CnC 495 (trojan.rules) 2821899 - ProApps TROJAN PoisonIvy Keepalive to CnC 496 (trojan.rules) 2821900 - ProApps TROJAN PoisonIvy Keepalive to CnC 497 (trojan.rules) 2821901 - ProApps TROJAN PoisonIvy Keepalive to CnC 498 (trojan.rules) 2821902 - ProApps TROJAN PoisonIvy Keepalive to CnC 499 (trojan.rules) 2821903 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.kz CnC Beacon (mobile_malware.rules) 2821904 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.t Checkin (mobile_malware.rules) 2821905 - ProApps MOBILE_MALWARE Trojan.AndroidOS.Fakeapp.t Checkin 2 (mobile_malware.rules) 2821906 - ProApps MOBILE_MALWARE Trojan-Spy.AndroidOS.SmsThief.lf Checkin (mobile_malware.rules) 2821907 - ProApps TROJAN MSIL/Crimson CnC Client Command (supdat) (trojan.rules) 2821908 - ProApps TROJAN Sbidith CnC Beacon 1 (trojan.rules) 2821909 - ProApps TROJAN Sbidith CnC Beacon 2 (trojan.rules) 2821910 - ProApps TROJAN Sbidith CnC Beacon 3 (trojan.rules) 2821911 - ProApps TROJAN Sbidith CnC Beacon 4 (trojan.rules) 2821912 - ProApps CURRENT_EVENTS TeamIPwned/Hellion Phishing Landing Aug 30 2016 (current_events.rules) 2821913 - ProApps CURRENT_EVENTS Successful TeamIPwned Phish Aug 30 2016 (current_events.rules) 2821914 - ProApps CURRENT_EVENTS Successful Apple Store Transaction Cancellation Phish Aug 30 2016 (current_events.rules) 2821915 - ProApps CURRENT_EVENTS Successful CIBC Phish Aug 30 2016 (current_events.rules) 2821916 - ProApps CURRENT_EVENTS Successful Canada Revenue Agency Phish Aug 30 2016 (current_events.rules) 2821917 - ProApps CURRENT_EVENTS Successful Bank of America Phish M1 Aug 30 2016 (current_events.rules) 2821918 - ProApps CURRENT_EVENTS Successful Bank of America Phish M2 Aug 30 2016 (current_events.rules) 2821919 - ProApps CURRENT_EVENTS Successful Bank of America Phish M3 Aug 30 2016 (current_events.rules) 2821920 - ProApps CURRENT_EVENTS Successful DHL Phish Aug 30 2016 (current_events.rules) 2821921 - ProApps CURRENT_EVENTS Successful Square Enix Phish Aug 30 2016 (current_events.rules) [+++] Modify rules: 58 [+++] 2010794 - ProApps WEB_SERVER DFind w00tw00t GET-Requests (web_server.rules) 2019841 - ProApps TROJAN Win32/Swrort.A Checkin 2 (trojan.rules) 2022873 - ProApps TROJAN Win32/DMA Locker CnC Checkin (trojan.rules) 2023131 - ProApps TROJAN Possible Pegasus/Trident Related HTTP Beacon 1 (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2009 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2016 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 5546 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2808697 - ProApps MOBILE_MALWARE Android/AndroRAT.B Checkin (mobile_malware.rules) 2814965 - ProApps MOBILE_MALWARE Android GhostPush Checkin 7 (mobile_malware.rules) 2816096 - ProApps CURRENT_EVENTS Possible Websc Phishing Page Feb 5 (current_events.rules) 2821702 - ProApps CURRENT_EVENTS Successful Phish OWA Credentials Aug 16 2016 (current_events.rules) [+++] Removed rules: 3 [+++] 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405050 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405051 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [***] ProApps Security IDS Rules Changelog started Mon Aug 29 17:16:47 2016 [***] [+++] Added rules: 15 [+++] 2023140 - ProApps EXPLOIT Possible Challack Tool in use (exploit.rules) 2023141 - ProApps EXPLOIT RST Flood With Window (exploit.rules) 2405051 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2821874 - ProApps TROJAN NanoCore RAT CnC 15 (trojan.rules) 2821875 - ProApps TROJAN Win32/UnknownRAT Checkin (trojan.rules) 2821876 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o Checkin (mobile_malware.rules) 2821877 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.o Checkin 2 (mobile_malware.rules) 2821878 - ProApps TROJAN Zeus Panda Banker Malicious SSL Certificate Detected (trojan.rules) 2821879 - ProApps TROJAN MSIL/OmegaNET HTTP Bot CnC Checkin (trojan.rules) 2821880 - ProApps TROJAN MSIL/Unknown HTTP Bot/BTCminer CnC Checkin (trojan.rules) 2821881 - ProApps INFO Suspicious Dropbox Page - Possible Phishing Landing (info.rules) 2821882 - ProApps INFO Suspicious Yahoo Page - Possible Phishing Landing (info.rules) 2821883 - ProApps INFO Suspicious Google Docs Page - Possible Phishing Landing (info.rules) 2821884 - ProApps TROJAN Tardar Exfiltration CnC Beacon M1 (trojan.rules) 2821885 - ProApps TROJAN Tardar Exfiltration CnC Beacon M2 (trojan.rules) [+++] Modify rules: 87 [+++] 2023133 - ProApps TROJAN Possible Pegasus/Trident Related HTTP Beacon 3 (trojan.rules) 2400000 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 1 (drop.rules) 2400001 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 2 (drop.rules) 2400002 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 3 (drop.rules) 2400003 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 4 (drop.rules) 2400004 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 5 (drop.rules) 2400005 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 6 (drop.rules) 2400006 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 7 (drop.rules) 2400007 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 8 (drop.rules) 2400008 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 9 (drop.rules) 2400009 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 10 (drop.rules) 2400010 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 11 (drop.rules) 2400011 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 12 (drop.rules) 2400012 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 13 (drop.rules) 2400013 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 14 (drop.rules) 2400014 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 15 (drop.rules) 2400015 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 16 (drop.rules) 2400016 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 17 (drop.rules) 2400017 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 18 (drop.rules) 2400018 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 19 (drop.rules) 2400019 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 20 (drop.rules) 2400020 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 21 (drop.rules) 2400021 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 22 (drop.rules) 2400022 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 23 (drop.rules) 2400023 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 24 (drop.rules) 2400024 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 25 (drop.rules) 2400025 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 26 (drop.rules) 2400026 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 27 (drop.rules) 2400027 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 28 (drop.rules) 2400028 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 29 (drop.rules) 2400029 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 30 (drop.rules) 2400030 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 31 (drop.rules) 2400031 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 32 (drop.rules) 2400032 - ProApps DROP Spamhaus DROP Listed Traffic Inbound group 33 (drop.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 1587 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 1921 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 2009 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 2016 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6060 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405050 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2807968 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.a Checkin (mobile_malware.rules) [+++] Removed rules: 1 [+++] 2013222 - ProApps SHELLCODE Excessive Use of HeapLib Objects Likely Malicious Heap Spray Attempt (shellcode.rules) [***] ProApps Security IDS Rules Changelog started Fri Aug 26 17:14:48 2016 [***] [+++] Added rules: 25 [+++] 2023131 - ProApps TROJAN Possible Pegasus/Trident Related HTTP Beacon 1 (trojan.rules) 2023132 - ProApps TROJAN Possible Pegasus/Trident Related HTTP Beacon 2 (trojan.rules) 2023133 - ProApps TROJAN Possible Pegasus/Trident Related HTTP Beacon 3 (trojan.rules) 2023134 - ProApps TROJAN Possible Pegasus/Trident Related HTTP Beacon 4 (trojan.rules) 2023136 - ProApps TROJAN Possible Pegasus/Trident Related HTTP Beacon 5 (trojan.rules) 2023137 - ProApps INFO Suspicious POST to .tk domain with Password (info.rules) 2023138 - ProApps CURRENT_EVENTS Suspicious Proxifier DL (non-browser observed in maldoc campaigns) (current_events.rules) 2023139 - ProApps INFO Form Data Submitted to yolasite.com - Possible Phishing (info.rules) 2405049 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405050 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2821859 - ProApps TROJAN PoisonIvy Keepalive to CnC 489 (trojan.rules) 2821860 - ProApps TROJAN PoisonIvy Keepalive to CnC 490 (trojan.rules) 2821861 - ProApps TROJAN PoisonIvy Keepalive to CnC 491 (trojan.rules) 2821862 - ProApps TROJAN HawkEye Keylogger Reporting via SMTP (trojan.rules) 2821863 - ProApps CURRENT_EVENTS Successful Chase Phish M1 Aug 26 2016 (current_events.rules) 2821864 - ProApps CURRENT_EVENTS Successful Chase Phish M2 Aug 26 2016 (current_events.rules) 2821865 - ProApps CURRENT_EVENTS Successful Chase Phish M3 Aug 26 2016 (current_events.rules) 2821866 - ProApps CURRENT_EVENTS Successful Chase Phish M4 Aug 26 2016 (current_events.rules) 2821867 - ProApps CURRENT_EVENTS Successful Chase Phish M5 Aug 26 2016 (current_events.rules) 2821868 - ProApps CURRENT_EVENTS Successful Chase Phish M6 Aug 26 2016 (current_events.rules) 2821869 - ProApps CURRENT_EVENTS Successful HSBC Phish Aug 26 2016 (current_events.rules) 2821870 - ProApps CURRENT_EVENTS Successful Adobe Shared Document Phish Aug 26 2016 (current_events.rules) 2821871 - ProApps CURRENT_EVENTS Successful Google Drive Phish Aug 26 2016 (current_events.rules) 2821872 - ProApps CURRENT_EVENTS Successful Google Drive Phish - Redirect to PDF Aug 26 2016 (current_events.rules) 2821873 - ProApps CURRENT_EVENTS Google Drive Phish Landing Aug 26 2016 (current_events.rules) [+++] Modify rules: 57 [+++] 2012612 - ProApps TROJAN Hiloti Style GET to PHP with invalid terse MSIE headers (trojan.rules) 2018231 - ProApps INFO SUSPICIOUS .scr file download (info.rules) 2023089 - ProApps TROJAN PNScan.2 CnC Beacon (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 1587 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2016 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 5546 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 7654 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2821375 - ProApps TROJAN Win32/Unknown TViewer RAT Checkin (trojan.rules) 2821818 - ProApps TROJAN Ransomware.MarsJoke Checkin (trojan.rules) 2821819 - ProApps TROJAN Ransomware.MarsJoke CnC beacon (trojan.rules) 2821821 - ProApps TROJAN Godzilla CnC Beacon (trojan.rules) [+++] Removed rules: 1 [+++] 2806790 - ProApps TROJAN Livesearchnow browser hijack 2 (trojan.rules) [***] ProApps Security IDS Rules Changelog started Thu Aug 25 16:37:49 2016 [***] [+++] Added rules: 61 [+++] 2023086 - ProApps EXPLOIT CISCO FIREWALL SNMP Buffer Overflow Extrabacon (CVE-2016-6366) (exploit.rules) 2023087 - ProApps TROJAN PNScan.2 Inbound Status Check - set (trojan.rules) 2023088 - ProApps TROJAN PNScan.2 Inbound Status Check Response (trojan.rules) 2023089 - ProApps TROJAN PNScan.2 CnC Beacon (trojan.rules) 2023090 - ProApps TROJAN PNScan.2 CnC Beacon 2 (trojan.rules) 2023091 - ProApps TROJAN Backdoor.Win32.DarkComet Keepalive Outbound (trojan.rules) 2023092 - ProApps CURRENT_EVENTS Possible Google Drive Phishing Domain Aug 25 2016 (current_events.rules) 2023093 - ProApps TROJAN Possible Pegasus Related DNS Lookup (aalaan .tv) (trojan.rules) 2023094 - ProApps TROJAN Possible Pegasus Related DNS Lookup (accounts .mx) (trojan.rules) 2023095 - ProApps TROJAN Possible Pegasus Related DNS Lookup (adjust-local-settings .com) (trojan.rules) 2023096 - ProApps TROJAN Possible Pegasus Related DNS Lookup (alawaeltech .com) (trojan.rules) 2023097 - ProApps TROJAN Possible Pegasus Related DNS Lookup (alljazeera .co) (trojan.rules) 2023098 - ProApps TROJAN Possible Pegasus Related DNS Lookup (asrararabiya .co) (trojan.rules) 2023099 - ProApps TROJAN Possible Pegasus Related DNS Lookup (asrararablya .com) (trojan.rules) 2023100 - ProApps TROJAN Possible Pegasus Related DNS Lookup (asrarrarabiya .com) (trojan.rules) 2023101 - ProApps TROJAN Possible Pegasus Related DNS Lookup (bahrainsms .co) (trojan.rules) 2023102 - ProApps TROJAN Possible Pegasus Related DNS Lookup (bbc-africa .com) (trojan.rules) 2023103 - ProApps TROJAN Possible Pegasus Related DNS Lookup (bulbazaur .com) (trojan.rules) 2023104 - ProApps TROJAN Possible Pegasus Related DNS Lookup (checkinonlinehere .com) (trojan.rules) 2023105 - ProApps TROJAN Possible Pegasus Related DNS Lookup (cnn-africa .co) (trojan.rules) 2023106 - ProApps TROJAN Possible Pegasus Related DNS Lookup (damanhealth .online) (trojan.rules) 2023107 - ProApps TROJAN Possible Pegasus Related DNS Lookup (emiratesfoundation .net) (trojan.rules) 2023108 - ProApps TROJAN Possible Pegasus Related DNS Lookup (fb-accounts .com) (trojan.rules) 2023109 - ProApps TROJAN Possible Pegasus Related DNS Lookup (googleplay-store .com) (trojan.rules) 2023110 - ProApps TROJAN Possible Pegasus Related DNS Lookup (icloudcacher .com) (trojan.rules) 2023111 - ProApps TROJAN Possible Pegasus Related DNS Lookup (icrcworld .com) (trojan.rules) 2023112 - ProApps TROJAN Possible Pegasus Related DNS Lookup (manoraonline .net) (trojan.rules) 2023113 - ProApps TROJAN Possible Pegasus Related DNS Lookup (mz-vodacom .info) (trojan.rules) 2023114 - ProApps TROJAN Possible Pegasus Related DNS Lookup (newtarrifs .net) (trojan.rules) 2023115 - ProApps TROJAN Possible Pegasus Related DNS Lookup (ooredoodeals .com) (trojan.rules) 2023116 - ProApps TROJAN Possible Pegasus Related DNS Lookup (pickuchu .com) (trojan.rules) 2023117 - ProApps TROJAN Possible Pegasus Related DNS Lookup (redcrossworld .com) (trojan.rules) 2023118 - ProApps TROJAN Possible Pegasus Related DNS Lookup (sabafon .info) (trojan.rules) 2023119 - ProApps TROJAN Possible Pegasus Related DNS Lookup (smser .net) (trojan.rules) 2023120 - ProApps TROJAN Possible Pegasus Related DNS Lookup (sms .webadv.co) (trojan.rules) 2023121 - ProApps TROJAN Possible Pegasus Related DNS Lookup (topcontactco .com) (trojan.rules) 2023122 - ProApps TROJAN Possible Pegasus Related DNS Lookup (tpcontact .co.uk) (trojan.rules) 2023123 - ProApps TROJAN Possible Pegasus Related DNS Lookup (track-your-fedex-package .org) (trojan.rules) 2023124 - ProApps TROJAN Possible Pegasus Related DNS Lookup (turkeynewsupdates .com) (trojan.rules) 2023125 - ProApps TROJAN Possible Pegasus Related DNS Lookup (turkishairines .info) (trojan.rules) 2023126 - ProApps TROJAN Possible Pegasus Related DNS Lookup (uaenews .online) (trojan.rules) 2023127 - ProApps TROJAN Possible Pegasus Related DNS Lookup (univision .click) (trojan.rules) 2023128 - ProApps TROJAN Possible Pegasus Related DNS Lookup (unonoticias .net) (trojan.rules) 2023129 - ProApps TROJAN Possible Pegasus Related DNS Lookup (whatsapp-app .com) (trojan.rules) 2023130 - ProApps TROJAN Possible Pegasus Related DNS Lookup (y0utube .com.mx) (trojan.rules) 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) 2405048 - ProApps CNC Shadowserver Reported CnC Server Port 47221 Group 1 (botcc.portgrouped.rules) 2821845 - ProApps TROJAN W32/SteamStealerX Uploading Creds (trojan.rules) 2821846 - ProApps CURRENT_EVENTS Successful Generic Phish - JS Redirect to PDF Aug 24 2016 (current_events.rules) 2821847 - ProApps TROJAN PoisonIvy Keepalive to CnC 486 (trojan.rules) 2821848 - ProApps TROJAN PoisonIvy Keepalive to CnC 487 (trojan.rules) 2821849 - ProApps TROJAN PoisonIvy Keepalive to CnC 488 (trojan.rules) 2821850 - ProApps CURRENT_EVENTS Successful Google Drive Phish M1 Aug 25 2016 (current_events.rules) 2821851 - ProApps CURRENT_EVENTS Google Drive Phishing Landing Aug 25 2016 (current_events.rules) 2821852 - ProApps CURRENT_EVENTS Successful Google Drive Phish M2 Aug 25 2016 (current_events.rules) 2821853 - ProApps MALWARE Adware/Dotdo.J Activity (malware.rules) 2821854 - ProApps TROJAN Win32/Shade/Troldesh Ransomware External IP Check 2 (trojan.rules) 2821855 - ProApps TROJAN Win32/Shade/Troldesh Ransomware External IP Check 3 (trojan.rules) 2821856 - ProApps TROJAN Win32/Fantom Ransomware Checkin (trojan.rules) 2821857 - ProApps TROJAN Observed Malicious Domain SSL Cert in SNI (Zeus Panda) (trojan.rules) 2821858 - ProApps TROJAN Win32.KillProc.eewdhh Checkin (trojan.rules) [+++] Modify rules: 51 [+++] 2013091 - ProApps TROJAN Backdoor.Win32.DarkComet Keepalive Inbound (trojan.rules) 2021641 - ProApps TROJAN Fareit/Pony Loader User-Agent (Charon/Inferno) (trojan.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1863 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2009 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2016 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3211 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 3327 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2810366 - ProApps TROJAN Win32/Shade/Troldesh Ransomware External IP Check (trojan.rules) [+++] Removed rules: 1 [+++] 2821619 - ProApps CURRENT_EVENTS Successful USAA Phish Aug 11 2016 (current_events.rules) [***] ProApps Security IDS Rules Changelog started Wed Aug 24 17:33:35 2016 [***] [+++] Added rules: 25 [+++] 2023085 - ProApps TROJAN R980/CRYPBEE.A Ransomware Activity (trojan.rules) 2821821 - ProApps TROJAN Godzilla CnC Beacon (trojan.rules) 2821822 - ProApps TROJAN Ransomware Bart CnC Beacon (trojan.rules) 2821823 - ProApps TROJAN Ransomware Bart User-Agent (trojan.rules) 2821824 - ProApps CURRENT_EVENTS Possible Office 365 Phishing Landing Aug 24 2016 (current_events.rules) 2821825 - ProApps CURRENT_EVENTS Successful Office 365 Phish Aug 24 2016 (current_events.rules) 2821826 - ProApps TROJAN Orcus RAT Malicious SSL Certificate Detected (trojan.rules) 2821827 - ProApps WEB_SPECIFIC_APPS Navis WebAccess SQLi Attempt (web_specific_apps.rules) 2821828 - ProApps CURRENT_EVENTS Team IPwned Phishing Landing Aug 24 2016 (current_events.rules) 2821829 - ProApps CURRENT_EVENTS Yahoo Password Strength Phishing Landing Aug 24 2016 (current_events.rules) 2821830 - ProApps CURRENT_EVENTS Successful Yahoo Password Strength Phish M1 Aug 24 2016 (current_events.rules) 2821831 - ProApps CURRENT_EVENTS Successful Team IPwned Phish Aug 24 2016 (current_events.rules) 2821832 - ProApps CURRENT_EVENTS Successful Yahoo Password Strength Phish M2 Aug 24 2016 (current_events.rules) 2821833 - ProApps TROJAN W32/Unknown Downloading Tor EXE (trojan.rules) 2821834 - ProApps TROJAN PoisonIvy Keepalive to CnC 481 (trojan.rules) 2821835 - ProApps TROJAN PoisonIvy Keepalive to CnC 482 (trojan.rules) 2821836 - ProApps TROJAN PoisonIvy Keepalive to CnC 483 (trojan.rules) 2821837 - ProApps TROJAN PoisonIvy Keepalive to CnC 484 (trojan.rules) 2821838 - ProApps TROJAN PoisonIvy Keepalive to CnC 485 (trojan.rules) 2821839 - ProApps TROJAN Panda Banker CnC (trojan.rules) 2821840 - ProApps MOBILE_MALWARE Android/SMForw.MV Checkin (mobile_malware.rules) 2821841 - ProApps TROJAN Trojan.Win32.Jorik Bot Nick Command (trojan.rules) 2821842 - ProApps TROJAN Trojan.Win32.HTSS Bot USER Command (trojan.rules) 2821843 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l SSL CnC Cert 4 (mobile_malware.rules) 2821844 - ProApps MOBILE_MALWARE Trojan-Banker.AndroidOS.Marcher.l DNS Lookup 10 (mobile_malware.rules) [+++] Modify rules: 50 [+++] 2018302 - ProApps INFO Possible Phish - Mirrored Website Comment Observed (info.rules) 2019714 - ProApps CURRENT_EVENTS Terse alphanumeric executable downloader high likelihood of being hostile (current_events.rules) 2402000 - ProApps DROP Dshield Block Listed Source group 1 (dshield.rules) 2405000 - ProApps CNC Shadowserver Reported CnC Server Port 22 Group 1 (botcc.portgrouped.rules) 2405001 - ProApps CNC Shadowserver Reported CnC Server Port 80 Group 1 (botcc.portgrouped.rules) 2405002 - ProApps CNC Shadowserver Reported CnC Server Port 81 Group 1 (botcc.portgrouped.rules) 2405003 - ProApps CNC Shadowserver Reported CnC Server Port 443 Group 1 (botcc.portgrouped.rules) 2405004 - ProApps CNC Shadowserver Reported CnC Server Port 444 Group 1 (botcc.portgrouped.rules) 2405005 - ProApps CNC Shadowserver Reported CnC Server Port 1023 Group 1 (botcc.portgrouped.rules) 2405006 - ProApps CNC Shadowserver Reported CnC Server Port 1337 Group 1 (botcc.portgrouped.rules) 2405007 - ProApps CNC Shadowserver Reported CnC Server Port 2016 Group 1 (botcc.portgrouped.rules) 2405008 - ProApps CNC Shadowserver Reported CnC Server Port 2319 Group 1 (botcc.portgrouped.rules) 2405009 - ProApps CNC Shadowserver Reported CnC Server Port 3303 Group 1 (botcc.portgrouped.rules) 2405010 - ProApps CNC Shadowserver Reported CnC Server Port 3306 Group 1 (botcc.portgrouped.rules) 2405011 - ProApps CNC Shadowserver Reported CnC Server Port 4042 Group 1 (botcc.portgrouped.rules) 2405012 - ProApps CNC Shadowserver Reported CnC Server Port 4244 Group 1 (botcc.portgrouped.rules) 2405013 - ProApps CNC Shadowserver Reported CnC Server Port 4466 Group 1 (botcc.portgrouped.rules) 2405014 - ProApps CNC Shadowserver Reported CnC Server Port 5050 Group 1 (botcc.portgrouped.rules) 2405015 - ProApps CNC Shadowserver Reported CnC Server Port 6556 Group 1 (botcc.portgrouped.rules) 2405016 - ProApps CNC Shadowserver Reported CnC Server Port 6660 Group 1 (botcc.portgrouped.rules) 2405017 - ProApps CNC Shadowserver Reported CnC Server Port 6662 Group 1 (botcc.portgrouped.rules) 2405018 - ProApps CNC Shadowserver Reported CnC Server Port 6663 Group 1 (botcc.portgrouped.rules) 2405019 - ProApps CNC Shadowserver Reported CnC Server Port 6664 Group 1 (botcc.portgrouped.rules) 2405020 - ProApps CNC Shadowserver Reported CnC Server Port 6665 Group 1 (botcc.portgrouped.rules) 2405021 - ProApps CNC Shadowserver Reported CnC Server Port 6666 Group 1 (botcc.portgrouped.rules) 2405022 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 1 (botcc.portgrouped.rules) 2405023 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 2 (botcc.portgrouped.rules) 2405024 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 3 (botcc.portgrouped.rules) 2405025 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 4 (botcc.portgrouped.rules) 2405026 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 5 (botcc.portgrouped.rules) 2405027 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 6 (botcc.portgrouped.rules) 2405028 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 7 (botcc.portgrouped.rules) 2405029 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 8 (botcc.portgrouped.rules) 2405030 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 9 (botcc.portgrouped.rules) 2405031 - ProApps CNC Shadowserver Reported CnC Server Port 6667 Group 10 (botcc.portgrouped.rules) 2405032 - ProApps CNC Shadowserver Reported CnC Server Port 6668 Group 1 (botcc.portgrouped.rules) 2405033 - ProApps CNC Shadowserver Reported CnC Server Port 6669 Group 1 (botcc.portgrouped.rules) 2405034 - ProApps CNC Shadowserver Reported CnC Server Port 6768 Group 1 (botcc.portgrouped.rules) 2405035 - ProApps CNC Shadowserver Reported CnC Server Port 7000 Group 1 (botcc.portgrouped.rules) 2405036 - ProApps CNC Shadowserver Reported CnC Server Port 7100 Group 1 (botcc.portgrouped.rules) 2405037 - ProApps CNC Shadowserver Reported CnC Server Port 7770 Group 1 (botcc.portgrouped.rules) 2405038 - ProApps CNC Shadowserver Reported CnC Server Port 8080 Group 1 (botcc.portgrouped.rules) 2405039 - ProApps CNC Shadowserver Reported CnC Server Port 8089 Group 1 (botcc.portgrouped.rules) 2405040 - ProApps CNC Shadowserver Reported CnC Server Port 8585 Group 1 (botcc.portgrouped.rules) 2405041 - ProApps CNC Shadowserver Reported CnC Server Port 9000 Group 1 (botcc.portgrouped.rules) 2405042 - ProApps CNC Shadowserver Reported CnC Server Port 10324 Group 1 (botcc.portgrouped.rules) 2405043 - ProApps CNC Shadowserver Reported CnC Server Port 11830 Group 1 (botcc.portgrouped.rules) 2405044 - ProApps CNC Shadowserver Reported CnC Server Port 13001 Group 1 (botcc.portgrouped.rules) 2405045 - ProApps CNC Shadowserver Reported CnC Server Port 19899 Group 1 (botcc.portgrouped.rules) 2405046 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) [+++] Removed rules: 1 [+++] 2405047 - ProApps CNC Shadowserver Reported CnC Server Port 33333 Group 1 (botcc.portgrouped.rules) | |
Comentários (0)