Last 50 Rule Changes

Results from Main web retrieved at 18:11 (GMT)

alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 5`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 7`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 06 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 9`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 8`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 08 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 6`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0b ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 10`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 07 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 4`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0f ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 3`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful RBC Royal Bank Phish M2 Aug 17 2017`; flow:to server,established; content:`POST`; ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 11`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0e ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 1`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0f ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 2`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0b ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic SSN Phish`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic PII Phish`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful RBC Royal Bank Phish M1 Aug 17 2017`; flow:to server,established; content:`POST`; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Office Document Download Containing AutoOpen Macro`; flow:established,to client; file data; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Credit Card Information Phish`; flow:established,to server; content:`POST ...
alert tcp $EXTERNAL NET,199.30.201.192/29 any $HOME NET any (msg:`ET TROJAN NetWire / Ozone / Darktrack Alien RAT Server Hello`; flow:established,to client ...
alert ftp $HOME NET 0:20,22:24,26:118,120:138,140:444,446:464,466:586,588:901,903:1432,1434:65535 any any (msg:`ET POLICY Suspicious FTP 220 Banner on Local Port ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jan 12 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) May 25 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jul 06 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jul 11 2017`; flow:to server,established; content:`POST ...
alert udp $EXTERNAL NET any $HOME NET 389 (msg:`ET DOS Potential CLDAP Amplification Reflection`; content:`objectclass0`; fast pattern; threshold:type both, count ...
alert udp $EXTERNAL NET 389 $HOME NET 389 (msg:`ET DOS CLDAP Amplification Reflection (PoC based)`; dsize:52; content:` 30 84 00 00 00 2d 02 01 01 63 84 00 00 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jan 17 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Dec 20 2016`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Dec 27 2016`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jan 03 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jan 17 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jun 08 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) May 31 2017`; flow:to server,established; content:`POST ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible YapiKredi Bank (TR) Phish Landing Page Title over non SSL`; flow:established,to ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) May 24 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jul 10 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Feb 26`; flow:to server,established; content:`POST`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Nov 22 2016`; flow:to server,established; content:`POST ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Tech Support Phone Scam Landing M1 Jun 29 2016`; flow:from server,established; content:`401` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Adobe Online Phish Aug 16 2016`; flow:to server,established; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Dec 07 2016`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Nov 15 2016`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Sept 2`; flow:to server,established; content:`POST`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Nov 16 2016`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Feb 26`; flow:to server,established; content:`POST`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Feb 26`; flow:to server,established; content:`POST`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Oct 25`; flow:to server,established; content:`POST`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Oct 13`; flow:to server,established; content:`POST`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jun 8`; flow:to server,established; content:`GET`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jul 13`; flow:to server,established; content:`POST`; ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats