Last 50 Rule Changes

Results from Main web retrieved at 00:56 (GMT)

alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS PSHELL Downloader Primitives B645W Oct 19 2017`; flow:established,from server; file ...
alert http any any $HTTP SERVERS any (msg:`ET EXPLOIT Possible CVE 2017 12629 RCE Exploit Attempt (HTTP GET 2)`; flow:to server,established; content:`GET`; http ...
alert http any any $HTTP SERVERS any (msg:`ET EXPLOIT Possible CVE 2017 12629 RCE Exploit Attempt (HTTP POST)`; flow:to server,established; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS PSHELL Downloader Primitives B645W Oct 19 2017`; flow:established,from server; file ...
alert http any any $HTTP SERVERS any (msg:`ET EXPLOIT Possible CVE 2017 12629 XXE Exploit Attempt (URI)`; flow:to server,established; content:`?q 7b 21 xmlparser ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS PSHELL Downloader Primitives B641 Oct 19 2017`; flow:established,from server; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS PSHELL Downloader Primitives B644W Oct 19 2017`; flow:established,from server; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS PSHELL Downloader Primitives B642 Oct 19 2017`; flow:established,from server; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS PSHELL Downloader Primitives B643 Oct 19 2017`; flow:established,from server; file ...
alert http any any $HTTP SERVERS any (msg:`ET EXPLOIT Possible CVE 2017 12629 RCE Exploit Attempt (HTTP GET 1)`; flow:to server,established; content:`GET`; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 09 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0f ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`dnslog.mobi`; http header ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`immigrantlol.com`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`alienlol.com`; http header ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 06 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination (google searching .com)`; flow:established,to server; content:`google ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 09 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup (google statics .com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 09 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup (google searching .com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`dnslog.mobi`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`awsstatics.com`; http header ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`martianlol.com`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`outerlol.com`; http header ...
alert tcp $HOME NET any $EXTERNAL NET 5800 (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 6`; flow:to server,established; dsize: 11; content ...
alert tcp $HOME NET any $EXTERNAL NET 5800 (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 5`; flow:to server,established; dsize: 11; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0a ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`microsoftsec.com`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`ssrsec.com`; http header; ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 08 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`sqlmapff.com`; http header ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 08 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Winnti related Destination`; flow:established,to server; content:`strangelol.com`; http header ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 06 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Suspicious Mozilla UA with no Space after colon`; flow:established,to server; content:`User Agent 3a Mozilla ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful HMRC Phish Oct 18 2017`; flow:to server,established; content:`POST`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PTsecurity Trojan.JS.Agent.dwz Checkin 1`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan.JS.Agent.dwz Checkin`; flow:established,to server; content:!`Referer 3a `; http header; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET SCAN struts pwn User Agent`; flow:established,to server; content:`struts pwn`; depth:10; http user agent; fast ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Paypal (FR) Phish Oct 16 2017`; flow:to server,established; content:`POST`; http method ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Tech Support Phone Scam Landing M1 Oct 16 2016`; flow:from server,established; content:`401` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Paypal Phish Oct 16 2017`; flow:to server,established; content:`POST`; http method ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats