Last 50 Rule Changes

Results from Main web retrieved at 00:22 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Phish Generic Credential POST to Ngrok.io`; flow:established,to server ...
#alert tcp any any any any (msg:`ET TROJAN NCSC APT28 CompuTrace Beacon UserAgent`; flow:established; content:` 0d0a TagId 3a `; fast pattern; content: `POST / ...
alert dns $HOME NET any any any (msg:`ET TROJAN Observed GandCrab Payment Domain (gandcrab in DNS Lookup)`; dns query; content:`gandcrab`; depth:8; nocase; pcre ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Suspicious Redirect to Download EXE from Bitbucket`; flow:established,to client; content:`302`; http stat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Locky CnC Checkin`; flow:to server,established; content:`POST`; http method; urilen:14; content:`/imageload ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XLS.Unk DDE rar Drop Attempt (.live)`; flow:established,to server; content:`GET`; http method; urilen ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Remcos RAT Checkin 73`; flow:established,to server; content:` 2e 11 6e fe 1c 00 92 21 3c ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Remcos RAT Checkin 72`; flow:established,to server; content:` eb e7 a2 ec 6e 3e cc a8 34 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 66`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Remcos RAT Checkin 69`; flow:established,to server; content:` e3 34 a1 ef b4 32 58 d0 f0 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 60`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 62`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 61`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Remcos RAT Checkin 70`; flow:established,to server; content:` 35 cd 13 07 49 3a 45 81 02 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 59`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 58`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 68`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 65`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 63`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 67`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Remcos RAT Checkin 71`; flow:established,to server; content:` 38 b6 1d 2b 3b 5c 11 b4 d8 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 64`; flow:established,to server; dsize: Added 2018 10 16 18:06:21 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 54`; flow:established,to server; dsize: Added 2018 10 16 18:06:20 UTC
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Phish (set) 2018 10 16`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XLS.Unk DDE rar Drop Attempt (.club)`; flow:established,to server; content:`GET`; http method; urilen ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Phish (set) 2018 10 16`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XLS.Unk DDE rar Drop Attempt (.online)`; flow:established,to server; content:`GET`; http method; urilen ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 55`; flow:established,to server; dsize: Added 2018 10 16 18:06:20 UTC
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN XLS.Unk DDE rar Drop Fake 404 Response`; flow:established,to client; content:`200`; http stat code; flowbits ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 56`; flow:established,to server; dsize: Added 2018 10 16 18:06:20 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 57`; flow:established,to server; dsize: Added 2018 10 16 18:06:20 UTC
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android APT C 23 (pml help .site in TLS SNI)`; flow:established,to server; tls sni; content:`pml ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android APT C 23 (christopher .fun in TLS SNI)`; flow:established,to server; tls sni; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Microsoft Edge Remote Command Execution PoC (CVE 2018 8495)`; flow:established,to client ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Android APT C 23 (christopher .fun in DNS Lookup)`; dns query; content:`christopher.fun`; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Android APT C 23 (pml help .site in DNS Lookup)`; dns query; content:`pml help.site`; isdataat:1,relative ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android APT C 23 (mail goog1e .com in TLS SNI)`; flow:established,to server; tls sni; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android APT C 23 (harvey ross .info in TLS SNI)`; flow:established,to server; tls sni; content ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Android APT C 23 (harvey ross .info in DNS Lookup)`; dns query; content:`harvey ross.info`; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Android APT C 23 (chat often .com in DNS Lookup)`; dns query; content:`chat often.com`; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Android APT C 23 (mail goog1e .com in DNS Lookup)`; dns query; content:`mail goog1e.com`; isdataat:1,relative ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android APT C 23 (chat often .com in TLS SNI)`; flow:established,to server; tls sni; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Fake FlashPlayer Update Leading to CoinMiner M1 2018 10 12`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Fake FlashPlayer Update Leading to CoinMiner M2 2018 10 12`; flow:established,to server; content ...
alert smtp $EXTERNAL NET any $HOME NET any (msg:`ET SCAN StarDotStar HELO, suspected AUTH LOGIN botnet`; flow:established,to server; content:`HELO 20 2a 2e 2a 0d ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Kraken Ransomware Start Activity 2`; flow:established,to server; content:!`.`; http uri ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kraken Ransomware End Activity`; flow:established,to server; content:!`.`; http uri; content:!` `; http ...
alert tcp $EXTERNAL NET 1024: $HOME NET any (msg:`ET TROJAN eSentire Win32/Spy.Banker CnC Command (DOWNLOAD)`; flow:from server,established; dsize:11; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kraken Ransomware Start Activity 1`; flow:established,to server; content:!`.`; http uri; content:!` ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats