Last 50 Rule Changes

Results from Main web retrieved at 23:52 (GMT)

alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS ABSA Online Phishing Landing 2018 01 23`; flow:established,to client; file data; content:`setTimeout ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Blocked Incoming Emails Phishing Landing 2018 01 23`; flow:established,to client; file data; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Facebook Phishing Landing 2018 01 23`; flow:established,to client; file data; content:`Facebook ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS AT T Phishing Landing 2018 01 23`; flow:established,to client; file data; content:`AT amp 3b ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS LCL Banque et Assurance (FR) Phishing Landing 2018 01 23`; flow:established,to client; file data ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any any any (msg:`ET POLICY Http Client Body contains pwd in cleartext`; flow:established,to server; content:`pwd `; nocase; http client body ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Base64 Encoded powershell.exe in HTTP Response M1`; flow:established,from server; content:`Content Type ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Base64 Encoded powershell.exe in HTTP Response M2`; flow:established,from server; content:`Content Type ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/SamMiner CnC Checkin M1`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/SamMiner CnC Checkin M2`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Compromised Wordpress Generic Phishing Landing 2018 01 22`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Base64 Encoded powershell.exe in HTTP Response M3`; flow:established,from server; content:`Content Type ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Unknown Brazilian Banker CnC Activity`; flow:to server,established; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Rodecap/Travle/PYLOT CnC Checkin M2`; flow:established,to server; content:`POST`; http method; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Multiple Javascript Unescapes Common Obfuscation Observed in Phish Landing`; flow:established,to client ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Email Server Mobile Security Settings Phishing Landing 2018 01 22`; flow:established,to client ...
alert dns $HOME NET any any any (msg:`ET TROJAN Observed Evrial Domain (projectevrial .ru in DNS Lookup)`; dns query; content:`projectevrial.ru`; nocase; isdataat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ARS Checkin`; flow:established,to server; content:`POST`; http method; content:`.php?os windows`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Nov 20 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Suspicious User Agent (Mozilla/4.0 (compatible ICS))`; flow:established,to server; content:`Mozilla ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Dropbox Phishing Landing Title over non SSL`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Possible Phishing Landing Common Multiple JS Unescape May 25 2017`; flow:from server,established; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Email Verification/Upgrade Phishing Landing 2018 01 22`; flow:established,to client; file data ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Formbook 0.3 Checkin`; flow:to server,established; content:`POST`; http method; content:`Mozilla`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Drun Checkin`; flow:established,to server; content:`POST`; http method; content:`.php`; http uri ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Generic ADSL Router DNS Change Request`; flow:to server,established; content:`dnsPrimary `; http uri ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Microsoft Questionnaire Phishing Landing 2018 01 19`; flow:established,to client; file data; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Unknown EXE Dropped by 2017 11882 RTF`; flow:established,to server; content:`POST`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible Belkin N600DB Wireless Router Request Forgery Attempt`; flow:to server,established; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Malicious Chrome Extension Click Fraud Activity via Websocket`; flow:established,to client; content: ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Bank of America Phishing Landing 2018 01 18 M2`; flow:established,to client; file data; content ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Malicious Chrome Extension Domain Request (stickies .pro in DNS Lookup)`; dns query; content:`stickies.pro ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Bank of America Phishing Landing 2018 01 18 M1`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Paypal Phishing Landing 2018 01 18 M2`; flow:established,to client; file data; content:`Log in ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Chase Phishing Landing Title over non SSL`; flow:established,to client; file data ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Chase Phishing Landing 2018 01 18`; flow:established,to client; file data; content:`Chase`; nocase ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Malicious Chrome Extension Domain Request (lite bookmarks .info in DNS Lookup)`; dns query; content:`lite ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Malicious Chrome Extension Domain Request (nyoogle .info in DNS Lookup)`; dns query; content:`nyoogle.info ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Chase Phishing Landing 2018 01 18`; flow:established,to client; file data; content:` Added 2018 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN PTsecurity Adwind SSL Certificate Observed`; flow:established,from server; tls cert serial; content ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Malicious Chrome Extension Domain Request (change request .info in DNS Lookup)`; dns query; content:`change ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Malicious Chrome Extension Requesting Websocket`; flow:established,to server; content:`GET`; http method ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Office 365 Phishing Landing 2018 01 18`; flow:established,to client; file data; content:`background ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Paypal Phishing Landing 2018 01 18 M1`; flow:established,to client; file data; content:` 73 63 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Win32 Adware.Hotclip.A Reporting`; flow:established,to server; content:`GET`; nocase; http method; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Win32/Eorezo B Adware Checkin`; flow:established,to server; content:`x company 3a `; http header; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Malicious file bitdefender isecurity.exe download`; flow:established,to server; content:`GET`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Dropbox Phishing Landing 2018 01 18`; flow:established,to client; file data; content:` Added ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Malicious pusk.exe download`; flow:established,to server; content:`GET`; http method; content:`/pusk ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats