Last 50 Rule Changes

Results from Main web retrieved at 13:57 (GMT)

alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ARM Binary Downloaded via WGET Containing Suspicious Netcat Command Possible IoT Malware`; flow:from ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Known IoT Malware Domain`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 03 ntp 06 gtpnet ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ARM Binary Downloaded via WGET Containing GoAhead and Multiple Camera RCE 0Day Vulnerabilities`; flow ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/Karmen Ransomware CnC Activity`; flow:established,to server; content:`GET`; http method; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Known IoT Malware Domain`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 04 load 06 gtpnet ...
alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN Observed Malicious SSL cert (pyteHole Ransomware)`; flow:established,from server; content:` 55 04 03 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ARM Binary Requested via WGET to Known IoT Malware Domain`; flow:to server,established; content:`GET ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO ARM File Requested via WGET (set)`; flow:to server,established; content:`GET`; http method; content:`Wget ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Locky CnC Checkin Dec 5 M1`; flow:to server,established; content:`POST`; http method; urilen:12; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS ElTest Exploit Kit Redirection Script`; flow:established,to client; file data; content:``; within ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS HoeflerText Chrome Popup DriveBy Download Attempt`; flow:established,to client; file data; content ...
alert smtp $EXTERNAL NET any $SMTP SERVERS any (msg:`ET INFO SMTP PDF Attachment Flowbit Set`; flow:established,from server; content:` 0d 0a 0d 0a JVBERi`; fast ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 85`; flow:to server,established; dsize: 11; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS justVisual contact.php fs jVroot Parameter Remote File Inclusion`; flow:to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Alitalia Airline Phish Apr 20 2017`; flow:to server,established; content:`POST`; http ...
alert udp $HOME NET any $EXTERNAL NET 53 (msg:`ET INFO DNS Query to Free Hosting Domain (freevnn . com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; content:` 07 ...
alert http $HOME NET any $EXTERNAL NET 80 (msg:`ET TROJAN Unknown Possibly Ransomware (Dropped by RIG) CnC Beacon`; msg:`ET TROJAN Unknown Possibly Ransomware ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS justVisual utilities.php fs jVroot Parameter Remote File Inclusion`; flow:to server ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Datalife Engine api.class.php dle config api Parameter Remote File Inclusion ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful iCloud Phish Apr 20 2017`; flow:to server,established; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Office Requesting .HTA File Likely CVE 2017 0199 Request`; flow:established,to server; content:` ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS News Manager ch readalso.php read xml include Parameter Remote File Inclusion ...
alert http any any $HOME NET 8082 (msg:`ET EXPLOIT BlueCoat CAS v1.3.7.1 Report Email Command Injection attempt`; flow:to server,established; content:`POST`; nocase ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS FSphp pathwirte.php FSPHP LIB Parameter Remote File Inclusion Attempt`; flow:to ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS FSphp navigation.php FSPHP LIB Parameter Remote File Inclusion Attempt`; flow ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS FSphp FSphp.php FSPHP LIB Parameter Remote File Inclusion Attempt`; flow:to server ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Ultrize TimeSheet timesheet.php include dir Parameter Remote File Inclusion`; ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS justVisual pageTemplate.php fs jVroot Parameter Remote File Inclusion`; flow:to ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS VirtueMart Google Base Component admin.googlebase.php Remote File Inclusion`; ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS PHPauction GPL messages.inc.php include path Parameter Remote File Inclusion` ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS PHPGenealogy CoupleDB.php DataDirectory Parameter Remote File Inclusion`; flow ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS PHPauction GPL converter.inc.php include path Parameter Remote File Inclusion ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS x10 Automatic MP3 Script layout lyrics.php web root Parameter Remote File Inclusion ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Webradev Download Protect EmailTemplates.class.php Remote File Inclusion`; flow ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS x10 Automatic MP3 Script function core.php web root Parameter Remote File Inclusion ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS AdaptBB latestposts.php forumspath Parameter Remote File Inclusion`; flow:to ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Bredolab Infection Windows Key`; flow:established,to server; content:`?s Windows`; nocase; http uri ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Webradev Download Protect ResellersManager.class.php Remote File Inclusion`; flow ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Webradev Download Protect PDPEmailReplaceConstants.class.php Remote File Inclusion ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS PHPauction GPL settings.inc.php include path Parameter Remote File Inclusion` ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS WB News global.php config Parameter Remote File Inclusion`; flow:to server,established ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Pragyan CMS form.lib.php sourceFolder Parameter Remote File Inclusion`; flow:to ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS GROUP E head auth.php CFG Parameter Remote File Inclusion`; flow:to server,established ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS cpCommerce functions.php GLOBALS Parameter Remote File Inclusion`; flow:to server ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS DM Albums album.php SECURITY FILE Parameter Remote File Inclusion`; flow:to server ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Dragoon header.inc.php root Parameter Remote File Inclusion`; flow:to server ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS ProjectCMS admin theme remove.php file Parameter Remote Directory Delete`; flow ...
#alert http $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS Clickheat main.php mosConfig absolute path Parameter Remote File Inclusion 2 ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS QuickTeam qte web.php qte web path Parameter Remote File Inclusion`; flow:to server ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats