Last 50 Rule Changes

Results from Main web retrieved at 19:31 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Phishing Attempt via GetGoPhish Phishing Tool`; flow:to server,established; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN PTsecurity NNR XORed Zip payload (key 0x91)`; flow:established,from server; content:`200`; http stat ...
#alert udp $HOME NET any any 53 (msg:`ET DELETED Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0f ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY HTTPie User Agent Outbound`; flow:established,to server; content:`HTTPie/`; http user agent; depth:7 ...
alert dns $HOME NET any any any (msg:`ET POLICY DNS Query For Browser Cryptocurrency Mining Domain`; content:` 06 static 0a reasedoper 02 pw 00 `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Phishing Landing via GetGoPhish Phishing Tool`; flow:to server,established; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Observed Malicious SSL Cert (Coinhive URL Shortener)`; flow:established,to client; tls cert subject ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Vibem.C CnC Activity`; flow:established,to server; content:` 63 76 c4 52 99 1d 04 80 a9 1b 2d ` ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)`; flow:established,from ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XOR Checkin via HTTP`; flow:established,to server; content:`MSIE 6.0 3b 20 Windows NT 5.2 3b 20 SV1 3b ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/Karmen Ransomware CnC Activity`; flow:established,to server; content:`GET`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TDS Sutra page redirecting to a SutraTDS`; flow:established,to client; file data; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoBot Sending LAN Details`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Unk.Stealer CnC Activity`; flow:established,to server; content:`POST`; http method; content:`/check ...
alert http any any $HOME NET any (msg:`ET EXPLOIT HackingTrio UA (Hello, World)`; flow:established,to server; content:`POST`; http method; content:`Hello, World ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Phish 2018 05 16 (set)`; flow:established,to server; flowbits:set,ET.genericphish ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoBot Sending Machine Details`; flow:established,to server; content:`POST`; http method; content:` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code`; flow:established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT PDF With Embedded U3D`; flow:established,to client; content:`obj`; content:` Added 2018 05 16 17 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Suspicious User Agent (InfoBot)`; flow:to server,established; content:`InfoBot`; http user agent ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Rogue.Win32/Winwebsec Install`; flow:to server,established; content:`/api/stats/install/?affid `; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan Spy.Win32.Agent.byhm User Agent (EMSCBVDFRT)`; flow:to server,established; content:`EMSCBVDFRT ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan Spy.Win32.Zbot.djrm Checkin`; flow:to server,established; content:`/index.html?mac `; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ABUD Checkin`; flow:established,to server; content:`/imagedump/image.php?size `; http uri; content: ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Kazy Checkin`; flow:established,to server; content:`/guidcheck.php?q `; http uri; content:` g ` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Datamaikon Checkin NewAgent`; flow:to server,established; content:`/index.dat?`; http uri; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/LockScreen Scareware Geolocation Request`; flow:established,to server; content:`/loc/gate.php?getpic ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32.Blocker Checkin`; flow:established,to server; content:`/gate.php?cmd `; http uri; content:` botnet ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Cridex.B/Feodo Checkin`; flow:to server,established; content:`POST`; nocase; http method; content:` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN SpyEye Checkin version 1.3.25 or later 3`; flow:established,to server; content:`POST`; http method; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN FakeAV Landing Page Initializing Protection System`; flow:established,from server; content:` Initializing ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DwnLdr JMZ Downloading Binary 2`; flow:established,to server; content:`/?path qx200.exe`; http uri; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoStealer Checkin`; flow:established,to server; content:`POST`; nocase; http method; content:`/abc ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoStealer Checkin`; flow:established,to server; content:`POST`; nocase; http method; content:`/login ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Generic Dropper User Agent (XXXwww)`; flow:established,to server; content:`User Agent 3a XXXwww`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN NfLog Checkin (TTip)`; flow:to server,established; content:`/NfStart.asp?ClientId `; http uri; nocase ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DwnLdr JMZ Downloading Binary`; flow:established,to server; content:`/ngt.exe`; fast pattern; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Protux.B Download Update`; flow:from client,established; content:`Mozilla/4.2.20 (compatible 3B ...
#alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Backdoor.Win32.Riern.K Checkin Off Port`; flow:established,from client; content:` 01 new host `; depth ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Peed Checkin`; flow:established,to server; content:`POST`; nocase; http method; content:`.php`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN NfLog Checkin`; flow:to server,established; content:`POST`; http method; nocase; content:`/Nfile.asp ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN UPDATE Protocol Trojan Communication detected on http ports`; flow:to server,established; content:`POST ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Pasta.IK Checkin`; flow:established,to server; content:`/data/index.asp?act `; http uri; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Karagany/Kazy Obfuscated Payload Download`; flow:established,to client; content:`Content Disposition ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Gozi Checkin to CnC`; flow:to server,established; content:`user id `; depth:8; http client body; content ...
#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET TROJAN Delf/Troxen/Zema controller delivering clickfraud instructions`; flow:established,to client; ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats