Last 50 Rule Changes

Results from Main web retrieved at 13:19 (GMT)

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE PTsecurity WebToolbar.Win32.Searchbar.k HTTP JSON Artifact`; flow:established,to client; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BDM Communicating with CnC`; flow:to server,established; content:`/WPSecurity/load.php`; http uri; fast ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE PTsecurity SearchGo (start page)`; flow:established,to server; urilen: 100; content:`/07%2746%d3 ...
#alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible OptionsBleed (CVE 2017 9798)`; flow:established,to server; content:`OPTIONS`; http ...
alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET WEB SERVER OptionsBleed (CVE 2017 9798)`; flow:from server; content:`Allow 3a 20 `; http header; pcre:` ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert udp $HOME NET any any 53 (msg:`ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (search.feedvertizus)`; content:` 01 00 00 01 00 00 00 00 00 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Malicious Adware Chrome Extension Detected (1)`; flow:to server,established; content:`/hostedsearch ...
alert udp $HOME NET any any 53 (msg:`ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (startupfraction)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE UBar Trojan/Adware Checkin 1`; flow:established,to server; content:`?gname `; http uri; content:` pid ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Malicious Adware Chrome Extension Detected (2)`; flow:to server,established; content:`/?keyword `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Adware/FakeAV.Kraddare Checkin UA`; flow:established,to server; content:`pcsetup `; http header; pcre ...
alert tcp $HOME NET any $EXTERNAL NET 5217 (msg:`ET MALWARE W32/SmartPops Adware Outbound Off Port MSSQL Communication`; flow:established,to server; content:`S ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Downloader Checkin Downloads Rogue Adware `; flow:established,to server; content:`GET`; nocase; http ...
alert udp $HOME NET any any 53 (msg:`ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (opurie)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert udp $HOME NET any any 53 (msg:`ET MALWARE Malicious Chrome Ext. DNS Query For Adware CnC (go.querymo)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Adware.Kraddare Checkin`; flow:established,to server; content:`.php?`; http uri; content:`strID `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE UBar Trojan/Adware Checkin 2`; flow:established,to server; content:`inst.php?`; http uri; content:`pcode ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Known Malicious User Agent (x) Win32/Tracur.A or OneStep Adware Related`; flow:to server,established ...
#alert tcp $EXTERNAL NET :32768 $HOME NET any (msg:`ET TROJAN PTsecurity Backdoor.Java.Adwind.cu Certificate flowbit set 1`; flow:established, to client; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET MALWARE AdWare.Win32.Yokbar User Agent Detected (YOK Agent)`; flow:established,to server; content:`User ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE UBar Trojan/Adware Checkin 3`; flow:established,to server; content:`size.php?`; http uri; content:`file ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MalDoc DL)`; flow:established,from server; content:` 55 04 03 `; content ...
#alert tcp $EXTERNAL NET :32768 $HOME NET any (msg:`ET TROJAN PTsecurity Backdoor.Java.Adwind.cu pkt Checker flowbit set 3`; flow:established,to client; content ...
#alert tcp $EXTERNAL NET :32768 $HOME NET any (msg:`ET TROJAN PTsecurity Backdoor.Java.Adwind.cu pkt Checker flowbit set 5`; flow:established,to client; content ...
alert tcp $EXTERNAL NET :32768 $HOME NET any (msg:`ET TROJAN PTsecurity Backdoor.Java.Adwind.cu`; flow:established, to client; content:` 17 03 `; depth:2; content ...
#alert tcp $HOME NET any $EXTERNAL NET :32768 (msg:`ET TROJAN PTsecurity Backdoor.Java.Adwind.cu pkt Checker flowbit set 4`; flow:established,to server; content ...
#alert tcp $HOME NET any $EXTERNAL NET :32768 (msg:`ET TROJAN PTsecurity Backdoor.Java.Adwind.cu pkt Checker flowbit set 2`; flow:established, to server; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 10`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 8`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 6`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 9`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 11`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 13`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 7`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 15`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 12`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 14`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 16`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 5`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET MOBILE MALWARE Android/Bankbot.HHtr DNS Lookup 2`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query For TURNEDUP.Backdoor / NanoCore CnC (microsoftupdated)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED SPL2 PluginDetect Data Hash`; flow:to server,established; content:`.html?id`; http uri; fast pattern ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query For TURNEDUP.Backdoor CnC (chromup)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats