Last 50 Rule Changes

Results from Main web retrieved at 07:17 (GMT)

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (HiddenTear Variant CnC)`; flow:established,from server; content:` 55 04 03 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO Suspicious HTML Hex Obfuscated Title Possible Phishing Landing Jun 28 2017`; flow:from server,established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Watering Hole Redirect Inject Jun 28 2017`; flow:established,from server; file data; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tcp $EXTERNAL NET any $HOME NET 445 (msg:`ET EXPLOIT Microsoft SYS SMB Negotiate ProcessID Function Table Dereference (CVE 2009 3103)`; flow:to server,established ...
alert smb any any $HOME NET any (msg:`ET CURRENT EVENTS Possible ETERNALBLUE Exploit M3 MS17 010`; flow:to server,established; content:` ff SMB 32 00 00 00 00 18 ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Unknown NetworkWorm Checkin`; flow:to server,established; dsize: 1000; content:` 00 00 00 00 9c 00 00 ...
alert udp $HOME NET any any 53 (msg:`ET MALWARE All Numerical .ru Domain Lookup Likely Malware Related`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE All Numerical .ru Domain HTTP Request Likely Malware Related`; flow:established,to server; content: ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Powershell/Unknown CnC Checkin`; flow:established,to server; urilen:1; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Banker.AndroidOS.Marcher.a CnC Beacon`; flow:to server,established; content:`/inj/injek ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Banker.AndroidOS.Marcher.a Checkin`; flow:to server,established; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY MOBILE Apple device leaking UDID from SpringBoard via GET`; flow:established,to server; content:` CFNetwork ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX OceanLotus Checkin`; flow:established,to server; content:` 41 61 54 03 `; offset:1; depth:4; fast ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Naoinstalad Checkin`; flow:to server,established; content:`GET`; http method; content:`.php?MD `; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MalDoc Retrieving Malicious Payload (Possibly Ursnif)`; flow:established,to server; content:`.bin`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Amazon Phish Landing Jun 22`; flow:to client,established; content:`200`; http stat code; file ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN x0Proto File Info Request`; flow:established,from server; dsize:8; content:`REQF 0c 1 0c 1`; depth:8; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET ATTACK RESPONSE Possible BeEF HTTP Headers Inbound`; flow:established,from server; content:`Content Type 3a ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN x0Proto File Contents Exfil Request`; flow:established,from server; dsize:9; content:`DLOAD 0c 1 0c 1 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET INFO PDF Using CCITTFax Filter`; flow:established,to client; content:`obj`; content:` Added 2017 06 01 16:43 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Data POST to an image file (gif)`; flow:to server,established; content:`POST`; http method; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FF RAT Stage 1 CnC Checkin`; flow:to server,established; content:`POST`; http method; content:`.php?hdr ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 85`; flow:to server,established; dsize: 11; content ...
alert tcp any any $HOME NET 9100 (msg:`ET EXPLOIT HP Printer Attempted Path Traversal via PJL`; flow:to server,established; content:`@PJL FS`; depth:7; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Outdated Flash Version M2`; flow:established,to server; content:`X Requested With 3a 20 ShockwaveFlash ...
alert tcp $HOME NET any $EXTERNAL NET 9997,1024: (msg:`ET TROJAN Dropper 497 (Yumato) Initial Checkin`; flow:established,to server; dsize:5; content:` 30 30 30 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Fake Windows Scam ScreenLocker`; flow:established,to server; content:`GET`; http method; content:`/lock ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE MSIL/Adload.AT Beacon`; flow:established,to server; content:`GET`; http method; content:`/impression ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN DragonOK KHRAT Downloader Receiving Payload`; flow:established,from server; file data; content:`.DAT ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT BeEF HTTP Get Outbound`; flow:to server,established; content:`.js?BEEFHOOK `; http uri; fast pattern ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CVE 2017 0199 Common Obfus Stage 2 DL`; flow:established,from server; file data; content:` 7b ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS RIG EK Broken/Filtered Payload Download Jun 19 2017`; flow:established,from server; content: ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible BeEF Module in use`; flow:established,from server; file data; content:`beef.websocket.send ...
alert http any any $HOME NET any (msg:`ET EXPLOIT Possible SharePoint XSS (CVE 2017 8514) Inbound`; flow:to server,established; content:`FollowSite `; http uri ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Pegasus Related DNS Lookup (secure access10 .mx)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Pegasus Related DNS Lookup (network190 .com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible iTunes Phishing Landing Title over non SSL`; flow:established,to client; file data ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Pegasus Related DNS Lookup (smscentro .com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Pegasus Related DNS Lookup (ideas telcel .com.mx)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Pegasus Related DNS Lookup (mymensaje sms .com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android.Dropper.Abd Checkin`; flow:to server,established; content:`POST`; http method; nocase ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Dropbox Phishing Landing Title over non SSL`; flow:established,to client; file data ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible Pegasus Related DNS Lookup (twiitter .com.mx)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible AOL Mail Phishing Landing Title over non SSL`; flow:established,to client; file data ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats