Last 50 Rule Changes

Results from Main web retrieved at 00:56 (GMT)

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013`; flow:to client,established; file data; content ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Landing Page 2 May 24 2013`; flow:to client,established; file data; content ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32.Gh0st Checkin (5 12 Byte keyword)`; flow:to server,established; dsize: Added 2013 05 24 ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS HellSpawn EK Landing 2 May 24 2013`; flow:to client,established; file data; content:`FlashPlayer ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic`; flow:to server,established; byte jump:4,5,from beginning,little ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS WordPress CommentLuv Plugin ajax nonce Parameter XSS Attempt`; flow:established ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible HellSpawn EK Fake Flash May 24 2013`; flow:to server,established; content:`/FlashPlayer ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS HellSpawn EK Requesting Jar`; flow:established,to server; content:`/j21.jar`; http uri; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible HellSpawn EK Java Artifact May 24 2013`; flow:to server,established; content ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class 2 May 24 2013`; flow:to client,established; file data; content ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class`; flow:to client,established; file data; content:`Gond` ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Landing Page 1 May 24 2013`; flow:to client,established; file data; content ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS HellSpawn EK Landing 1 May 24 2013`; flow:to client,established; file data; content:`function ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER Possible NGINX Overflow CVE 2013 2028 Exploit Specific`; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO Suspicious Mozilla UA with no Space after colon`; flow:established,to server; content:`User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Malicious Redirect URL`; flow:established,to server; content:`/8gcf744Waxolp752.php`; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO Suspicious MSIE 10 on Windows NT 5`; flow:established,to server; content:` MSIE 10.0 3b Windows ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER Apache Struts Possible xwork Disable Method Execution`; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake Internet Explorer Version MSIE 4.`; flow:to server,established; content:` MSIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake FireFox Version 1.`; flow:to server,established; content:` Firefox/1.`; http ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake Windows NT Version 4.`; flow:to server,established; content:` Windows NT 4.` ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.`; flow:to server,established; content:` MSIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake Windows NT Version 5.0`; flow:to server,established; content:` Windows NT 5.0 ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake Internet Explorer Version MSIE 1.`; flow:to server,established; content:` MSIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake Internet Explorer Version MSIE 3.`; flow:to server,established; content:` MSIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Possible Win32/Gapz MSIE 9 on Windows NT 5`; flow:established,to server; content:` MSIE 9.0 3b ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake FireFox Version 2.`; flow:to server,established; content:` Firefox/2.`; http ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2.`; flow:to server,established; content:` MSIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET POLICY Unsupported/Fake FireFox Version 0.`; flow:to server,established; content:` Firefox/0.`; http ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE Adware pricepeep Adware.Shopper.297`; flow: established,to server; content:`GET`; nocase; http ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN ACQHtr Checkin`; flow:to server,established; content:`.php?cname `; fast pattern:only; http uri ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Backdoor.Win32.VB.Alsci/Dragon Eye RAT Checkin (sending user info)`; flow:to server,established; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE Suspicious User Agent Smart RTP`; flow: established,to server; content:`User Agent 3A Smart ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE Suspicious User Agent Custom 56562 HttpClient/VER STR COMMA`; flow: established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Trojan.Win32.Antavmu.guw Checkin`; flow:to server,established; content:`/smadstat.php?mac `; fast ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Blackhole 2.0 Binary Get Request`; flow:established,to server; content:`GET`; http method ...
##alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET DELETED KeyLogger Hangover Campaign User Agent(wininetget/0.1)`; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE MSIL.Solimba.b POST`; flow:established,to server; content:`POST`; nocase; http method; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Unknown EK Requesting Payload`; flow:established,to server; content:`.php?ex `; http uri ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN BlackRev Get Command Rev3`; flow:established,to server; content:`/get`; http uri; pcre:`/\/get ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN KeyLogger Hangover Campaign User Agent(nento)`; flow:established,to server; content:`User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN FresctSpy.A User Agent (MBVDFRESCT)`; flow:to server,established; content:`User 2d Agent 3a MBVDFRESCT ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN KeyLogger Hangover Campaign User Agent(vbusers)`; flow:established,to server; content:`User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN BlackRev Download Executable`; flow:established,to server; content:`/gate.php?cmd getexe`; http ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN KeyLogger Hangover Campaign User Agent(file)`; flow:established,to server; content:`User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET USER AGENTS Suspicious User Agent (DownloadMR)`; flow:to server,established; content:`User Agent 3a ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE MSIL.Solimba.b GET`; flow:established,to server; content:`GET`; nocase; http method; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN KeyLogger Hangover Campaign User Agent(smaal)`; flow:established,to server; content:`User Agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN Trojan Spy.Win32.Agent.byhm User Agent (EMSCBVDFRT)`; flow:to server,established; content:`User ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET TROJAN BlackRev Registering Client`; flow:established,to server; content:`/gate.php?reg `; http uri; ...
Number of topics: 50
Topic revision: r3 - 2013-04-19 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats