Last 50 Rule Changes

Results from Main web retrieved at 03:47 (GMT)

alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Weevely PHP backdoor detected (passthru() function used) M1`; flow:to server,established; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Weevely PHP backdoor detected (passthru() function used) M3`; flow:to server,established; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Weevely PHP backdoor detected (passthru() function used) M2`; flow:to server,established; content ...
alert tcp pkt $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Cryptocurrency Miner Checkin`; flow:established,to server; content:` 7b 22 id 22 3a `; nocase; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BlackshadesRAT Reporting`; flow:established,to server; content:`GET`; nocase; http method; content:` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2018 06 14`; flow:to server,established; content:`POST ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Generic Paypal Phish Kit Landing`; flow:established,to client; content:`200`; http stat code ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Malicious Chrome Extension Click Fraud Activity via Websocket`; flow:established,to client; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE WiseCleaner Installed (PUA)`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2018 06 11`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Antibody Software Installed (PUA)`; flow:established,to server; content:`GET`; http method; content ...
alert udp any any any 53 (msg:`ET POLICY DNS Query to .onion proxy Domain (onion.cab)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content: ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Outdated Flash Version M2`; flow:established,to server; content:`X Requested With 3a 20 ShockwaveFlash ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN KeyBase Keylogger Uploading Screenshots`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2018 05 31`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Aurora/OneKeyLocker Ransomware CnC Checkin`; flow:established,to server; content:`GET`; http method; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan.Win32/Mutopy.A Checkin`; flow:to server,established; content:`/protocol.php?p `; fast pattern ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Zusy Gettime Checkin`; flow:established,to server; content:`/gettime.html?`; fast pattern; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Icoo CnC Checkin`; flow:established,to server; content:`GET`; http method; content:`/tUrl.xml?num ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor Win32/Hupigon.CK Client Idle`; flow:to server,established; content:` 00 00 00 02 00 00 00 ` ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Win32/Bicololo.Dropper ne unik CnC Server Response`; flow:established,to client; content:` 0d 0a 0d ...
#alert http $HOME NET any any any (msg:`ET TROJAN Flamer WuSetupV module traffic 1`; flow:established,to server; content:`?mp 1`; http uri; content:` jz `; http ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Snap Bot Receiving Download Command`; flow:to client,established; content:` 0d 0a 0d 0a `; content: ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/HupigonUser.Backdoor Rabclib UA Checkin`; flow:established,to server; content:`.txt`; http uri; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN BAT.Qhost Response from Controller`; flow:established,from server; flowbits:isset,ETPRO.Trojan.BAT.Qhost ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Feodo/Cridex Traffic Detected`; flow:established,to server; content:`POST`; http method; nocase ...
#alert http $HOME NET any $EXTERNAL NET 88 (msg:`ET TROJAN Virus.Win32.Sality.aa Checkin`; flow:established,to server; content:`.txt`; http uri; pcre:`/\.txt$/U ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Pushbot server response`; flow:to client,established; content:` 0d 0a 0d 0a ZG% 20 GX`; reference:url ...
#alert http $HOME NET any any any (msg:`ET TROJAN Flamer WuSetupV module traffic 2`; flow:established,to server; content:`?ac 1`; http uri; content:` fd `; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32.Gimemo/Aldibot CnC POST`; flow:established,to server; content:`POST`; http method; content:`ukashcode ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Syndicasec.Backdoor Client POST CMD result`; flow:established,to server; content:`POST`; http method ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Votwup.Backdoor Checkin`; flow:established,to server; content:`/ddos?uid `; http uri; content:` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ZeuS Ransomware win unlock`; flow:established,to server; content:`/locker/lock.php?id `; http uri; reference ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Pushbot User Agent`; flow:to server,established; content:`User Agent 3A 20 cvc v105`; fast pattern:only ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Snap Bot Receiving DDoS Command`; flow:to client,established; content:` 0d 0a 0d 0a `; content:` 7c ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Scar CnC Checkin`; flow:established,to server; content:`/yeni urunler.php?hdd `; http uri; reference ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN HTTP Request to Zaletelly CnC Domain zaletellyxx.be`; flow:established,to server; content:`Host 3a ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN STX RAT Checkin`; flow:established,to server; content:`GET /WinData.DLL?HELO STX 1 `; depth:28; content ...
#alert tcp $HOME NET 1024: $EXTERNAL NET any (msg:`ET TROJAN W32/Downloader/Agent.dxh.1 Reporting to CnC`; flow:established,to server; dsize:80110; content:`!` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Simbot.Backdoor Checkin`; flow:established,to server; content:`/rclgx.php?id `; depth:14; http uri ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Suspicious lcon http header in response seen with Medfos/Midhos downloader`; flow:to client,established ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Boatz Checkin`; flow:to server,established; content:`/clients.php?os `; http uri; content:` name `; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Taidoor.Backdoor Command Request CnC Checkin`; flow:established,to server; content:`.php?id `; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Maljava Dropper for Windows`; flow:established,to server; content:`GET`; nocase; http method; content ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats