Last 50 Rule Changes

Results from Main web retrieved at 14:40 (GMT)

alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Wells Fargo Phishing Landing 2018 02 22`; flow:established,to client; file data; content:` Added ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Wells Fargo Phishing Landing 2018 02 22`; flow:established,to client; file data; content:` Added ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Upgrade Advantage Phishing Landing 2018 02 22`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Office 365 Phishing Landing 2018 02 22`; flow:established,to client; file data; content:` Added ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Evrial Stealer CnC Activity M2`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB SPECIFIC APPS Possible Jenkins CLI RCE (CVE 2017 1000353)`; flow:to server,established; content:`POST`; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Yoyo DDoS Bot HTTP Flood Attack Inbound`; flow:established,to server; content:` 0d 0a Accept Encoding ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Downloader.Win32.Zlob.bgs Checkin(1)`; flow:established,to server; content:`GET`; http header ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Yoyo DDoS Bot HTTP Flood Attack Outbound`; flow:established,to server; content:` 0d 0a Accept Encoding ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN FAKEAV landing page sector.hdd.png no repeat`; flow:established,to client; content:`sector.hdd.png ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Downloader.Win32.Zlob.bgs Checkin(2)`; flow:established,to server; content:`GET`; http method ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Fake AV CnC Checkin cycle report`; flow:established,to server; content:`POST`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Feodo Banking Trojan Account Details Post`; flow:established,to server; content:`POST`; nocase; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Shiz/Rohimafo Binary Download Request`; flow:established,to server; content:`.php?id `; nocase; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Deepend Research BestaBid FakeFlash Redirect`; content:`302`; http stat code; content:`Location ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Daurso Checkin`; flow:established,to server; content:`POST`; http method; content:`receiver ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Win32/Small.genAQ Communication with Controller`; flow:established,to server; content:`?uid ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Comotor.Adll Reporting 2`; flow:to server,established; content:`GET`; nocase; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE PPI User Agent (InstallCapital)`; flow:to server,established; content:`User Agent 3a 20 InstallCapital ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET TROJAN Avzhan DDOS Bot Inbound Hardcoded Malformed GET Request Denial Of Service Attack Detected ...
#alert tcp $EXTERNAL NET any $HOME NET 1024: (msg:`ET TROJAN Yoyo DDoS Bot Download and Launch Executable Message From CnC Server`; flow:established,from server ...
#alert tcp $EXTERNAL NET any $HOME NET 1024: (msg:`ET TROJAN Yoyo DDoS Bot Download and Launch Executable Message From CnC Server`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Carberp CnC Reply no tasks`; flow:established,from server; content:` 0d 0a 0d 0a no tasks`; classtype ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Potential Hiloti/FakeAV site access`; flow:established,to server; uricontent:`?p p52dcW`; pcre:`/\/ ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Daurso FTP Credential Theft Reported`; flow:to server,established; content:`/receiver/ftp`; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Antivirus2010 Checkin port 8082`; flow:established,to server;content:`/ask?`; http uri; content:` u ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Vundo Variant reporting to Controller via HTTP (1)`; flow:established,to server; content:`POST ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Stupid Stealer C C Communication (2)`; flow:established,to server; content:`action add`; nocase ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Stupid Stealer C C Communication (1)`; flow:established,to server; content:`cmd give pcname ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN FakeAV SetupSecure Download Attempt SetupSecure`; flow:established,to server; content:`/download ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Virut/Virutas/Virtob/QQHelper Dropper Family HTTP GET`; flow:established,to server; content ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Win32.Small.yml or Related HTTP Command`; flow:established,to server; content:`/ClientTask.aspx ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN WindowsEnterpriseSuite FakeAV Reporting via POST initial check in`; flow:established,to server; content ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN s4t4n1c Trojan Check in`; flow:established,to server; content:`POST`; depth:4; http method; content ...
#alert tcp $EXTERNAL NET any $HOME NET 1024: (msg:`ET TROJAN Yoyo DDoS Bot Execute DDoS Command From CnC Server`; flow:established,from server; dsize:124; content ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN WindowsEnterpriseSuite FakeAV check in HEAD`; flow:established,to server; content:`HEAD`; depth ...
#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET TROJAN Trojan.Win32.Small.yml client command`; flow:established,to client; content:` 0d 0a Content Length ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Win32/Winwebsec User Agent Detected`; flow:established,to server; content:`User Agent 3a InstallNotify ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN FraudPack.aweo`; flow:established,to server; content:`GET`; http method; content:`update.php ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN wisp backdoor detected reporting`; flow:established,to server; content:`getkys.kys`; nocase ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Virut Counter/Check in `; flow:established,to server; content:`POST`; depth:4; http method; content ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN FakeYak or Related Infection Checkin 2`; flow:established,to server; content:` fff `; http uri ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN thespybot.com installation download detected`; flow:established,to server; content:`GET`; depth ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Zlob Updating via HTTP (v2)`; flow:established,to server; content:`.php?Code `; nocase; http uri; content ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Vundo HTTP Pre Install Checkin`; flow:established,to server; content:`/app/preinstall.php?`; ...
#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET TROJAN Trojan.Win32.Small.yml client registration`; flow:established,to client; content:` 0d 0a Content ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Win32.Small.yml or Related HTTP Checkin`; flow:established,to server; content:`/ClientReg.aspx ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Zlob HTTP Checkin`; flow:established,to server; content:`/confirm.php?aid `; nocase; http uri ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Vundo HTTP Post Install Checkin`; flow:established,to server; content:`/app/install done.php ...
#alert tcp $HOME NET any $EXTERNAL NET 3306 (msg:`ET TROJAN Viruscatch.co.kr/Win32.Small.hvd Mysql Command and Control Connection (user viruscatch)`; flow:established ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats