Main WebLast 50 Site Changes
Results from Main web retrieved at 23:09 (GMT)
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Shopcenter.co.kr Spyware Install Report"; flow:established,to server; uricontent:"/RewardInstall ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (agent)"; flow: to server,established; content:" 0d 0a User Agent\: agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Possible Storm Worm EXE Request (fireworks.exe)"; flow:established,to server; content ...
SandnetAnalystsGroup Member list (comma separated list): Set GROUP MattJonkman, DeapeshMisra, BlakeHartstein, JamesMcQuaid, AndreDiMino, DavidBianco, TeresaGarner ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp any 20 $HOME NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send Javascript"; flow: established; content:" 0d 0a ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Unknown Keylogger checkin"; flow:established; content:"GET"; depth:4; uricontent:"?mail "; uricontent ...
alert tcp any 20 $HOME NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content ...
alert tcp any $HTTP PORTS $HOME NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send image, Win32"; flow: established; content:"Content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Keylogger Crack by bahman"; flow:established; content:"POST"; depth:5; content:" message 2b keylogger ...
alert tcp $HOME NET any $EXTERNAL NET 82 (msg:"ET TROJAN LD Pinch Checkin (HTTP POST on port 82)"; flow:established,to server; content:"POST "; depth:5; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32 Cloaker Related Post Infection Checkin"; flow:established,to server; uricontent:"/log/proc ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (Playtech Downloader)"; flow:to server,established; content:" 0d 0a User ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (ISMYIE)"; flow:to server,established; content:" 0d 0a User Agent\: ISMYIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Donkeyp2p Update Detected"; flow:established,to server; content:"GET "; depth:4; uricontent:"donkeyp2p ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Possible Storm Worm URL Request (mylove.exe)"; flow:established,to server; content:"GET ...
Ruleset Downloads All Emerging Threats Signatures http://www.emergingthreats.net/rules/ Browseable Web Directory Format Web Directory Daily Change ...
Emerging Bro Signatures Bro is an Open Source IDS similar to Snort, but with a different philosophy. Bro is not primarily intended to do byte wise signature matching ...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORTS (msg:"ET SCAN bsqlbf Brute Force SQL Injection"; flow:established,to server; content:" 0d 0a User Agent\: bsqlbf ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:"ET POLICY HTTP CONNECT Tunnel Attempt Outbound"; flow: to server,established; content:"CONNECT "; nocase; content ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET POLICY HTTP CONNECT Tunnel Attempt Inbound"; flow: to server,established; content:"CONNECT "; nocase; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Vipdataend C C Traffic Checkin"; flow:established,to server; dsize: Added 2008 06 24 23:26:43 UTC ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Unnamed kuaiche.com related"; flow:established,to server; content:"GET "; depth:4; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE User Agent Containing http\:// Suspicious Likely Spyware/Trojan"; flow:to server,established ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (Accessing)"; flow:to server,established; content:" 0d 0a User Agent\: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET VIRUS Sality Virus User Agent Detected (KUKU)"; flow:established,to server; content:"User Agent\: KUKU ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Steam Steal0r"; flow:established,to server; uricontent:"info Steam 20 Steal0r 20 "; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN LDPinch Checkin (5)"; flow:established,to server; uricontent:".php"; nocase; content:"a "; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to server; dsize:1; content:"d"; classtype ...
alert tcp $EXTERNAL NET 6112 $HOME NET any (msg:"ET GAMES Battle.net connection reset (possible IP Ban)"; flags:R,12; classtype: policy violation; sid:2002117; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN LDPinch Checkin (4)"; flow:established,to server; content:"a "; offset:0; depth:2; content:" b ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Pakes/Cutwall/Kobcka Checkin Detected High Ports"; flow:established,to server; dsize: Added 2008 06 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:"ET TROJAN Win32.Small.wpx or Related Downloader Posting Data"; flow:to server,established; content:"POST "; depth ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET SCAN Amap Scannner Traffic Inbound"; flow:to server; content:" 79 08 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET TROJAN FSG Packed Binary via HTTP Inbound"; flow:from server,established; content:" 4D 5A "; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Banload iLLBrain Trojan Activity"; flow:to server,established; content:"GET"; depth:4; content ...
alert tcp $HOME NET any $EXTERNAL NET 82 (msg:"ET TROJAN LDPinch Checkin on Port 82"; flow:established,to server; uricontent:".php"; nocase; content:"a "; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (angel)"; flow:to server,established; content:" 0d 0a User Agent\: angel ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Seekmo.com Spyware Data Upload"; flow:established,to server; uricontent:".aspx?"; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Winquickupdates.com/Mycashloads.com Related Trojan Install Report"; flow:established,to server ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
Spamhaus.org DROP List This ruleset takes a daily list of known spammers and spam networks as researched by Spamhaus and converts them into Snort signatures, Bro Signatures ...
Dshield Top Attackers This ruleset takes a daily list of the top attackers reported to Dshield and converts them into Snort signatures, Bro Signatures, and Firewall ...
Shadowserver.org Known Command and Control Rules This ruleset takes a daily list of the known CnC Servers as researched by Shadowserver.org and converts them into ...
Using the Emerging Threats Firewall Rules The firewall rulesets are versions of the IP Block lists in a format easily imported into IPF, IPTables, PF, and PIX firewalls ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET TROJAN Themida Packed Binary Likely Hostile"; flow:established,from server; content:" 2E 69 64 61 74 61 20 ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Swizzor Checkin"; flow:established,to server; content:"GET "; depth:4; uricontent:"c "; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET VIRUS CoreFlooder.Q Data Posting"; flow:established,to server; content:"POST"; depth:4; uricontent:" ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET Google Search Appliance browsing the Internet"; flow:to server,established; content:"GET "; depth:4; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN User agent DownloadNetFile Win32.small.hsh downloader"; flow:established,to server; content:"GET ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET WEB Neosploit 1.5.x URL Loader"; flow:to server,established; content:"GET "; depth:4; pcre:"/\?u\d \d ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Injecter Checkin"; flow:established,to server; content:"GET"; depth:4; uricontent:"mod "; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET BOTNET IP Discovery via whatismyip.com"; flow:to server,established; content:"GET "; depth:4; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET VIRUS CoreFlooder.Q C C Checkin"; flow:established,to server; content:"POST"; depth:4; uricontent:"/a ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET POLICY ICP Email Send via HTTP Often Trojan Install Reports"; flow:established,to server; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Mitglieder Checkin"; flow:established,to server; content:"GET "; depth:4; uricontent:"p "; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET POLICY Autoit Windows Automation tool User Agent in HTTP Request Possibly Hostile"; flow:established ...
alert tcp $HOME NET any $EXTERNAL NET 25 (msg:"ET POLICY SC KeyLog Keylogger Installed Sending Log Email Report"; flow:established,to server; content:"SC KeyLog ...
alert tcp $HOME NET any $EXTERNAL NET 25 (msg:"ET POLICY SC KeyLog Keylogger Installed Sending Initial Email Report"; flow:established,to server; content:"Installation ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Beizhu/Womble/Vipdataend Checking with Controller"; flow:established,to server; dsize: Added 2008 06 ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Dialer.Trojan Activity"; flow: to server,established; uricontent:"/dialer min/getnum.asp?nip" ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (ld)"; flow:to server,established; content:" 0d 0a User Agent\: ld 0d 0a ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (123)"; flow:to server,established; content:" 0d 0a User Agent\: 123 0d ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (DownloadNetFile)"; flow:to server,established; content:" 0d 0a User Agent ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN AFV POST"; flow:to server,established; content:"POST "; nocase; depth:5; uricontent:".php"; nocase ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Lost Door Checkin"; flow:established,to server; content:"GET"; depth:4; uricontent:"subject Lost ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Keypack.co.kr Related Trojan User Agent Detected"; flow:established,to server; content:" 0d 0a ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN KLog Nick Keylogger Checkin"; flow:established,to server; content:"POST"; depth:5; uricontent ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32.Small.dvs or Related DDOS Checkin"; flow:established,to server; content:"GET ?ddos x"; depth ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET POLICY Eurobarre.us Setup User Agent"; flow:established,to server; content:" 0d 0a User Agent\: eurobarre ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Lop.gfr/Swizzor HTTP Update/Checkin (usually host domain lookup.com related)"; flow:established ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:"ET TROJAN Steam Pass Stealer FTP Upload"; flow:established,to server; dsize:33; content:"STEAM nicht eingespeichert ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Hitpop.AG/Pophot.az HTTP Checkin"; flow:to server,established; content:"GET "; depth:4; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Banker/Banbra Variant POST via x www form urlencoded"; flow:established,to server; content:"POST ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN xpsecuritycenter.com Fake AntiVirus GET Install Checkin"; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Perfect Keylogger FTP Initial Install Log Upload (Null obfuscated)"; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET 8074 (msg:"ET POLICY GaduGadu Chat File Send Details"; flowbits:isset,ET.gadu.loggedin; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET 8074 (msg:"ET POLICY GaduGadu Chat File Send Request"; flowbits:isset,ET.gadu.loggedin; flow:established,to server; content ...
alert tcp $EXTERNAL NET 8074 $HOME NET any (msg:"ET POLICY GaduGadu Chat Keepalive PONG"; flowbits:isset,ET.gadu.loggedin; flow:established,from server; content ...
alert tcp $EXTERNAL NET 8074 $HOME NET any (msg:"ET POLICY GaduGadu Chat File Send Begin"; flowbits:isset,ET.gadu.loggedin; flow:established,from server; content ...
alert tcp $EXTERNAL NET 8074 $HOME NET any (msg:"ET POLICY GaduGadu Chat File Send Accept"; flowbits:isset,ET.gadu.loggedin; flow:established,from server; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Hupigon CnC Data Post (variant abb)"; flow:established,to server; dsize: 200; flowbits:isset,ET.hupa ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Juicopotomous to Controller"; flow:established,to server; dsize:1; content:" 7c "; flowbits:set,ET.unknown ...
alert tcp $HOME NET any $EXTERNAL NET 1024:65535 (msg:"ET TROJAN Bandok phoning home (xor by 0xe9 to decode)"; flow:established,to server; content:" CF 8F 80 9B ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Backdoor.Win32.VB.brg C C Reporting Version"; flow:established,to server; content:"Version 28 2a "; ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Hupigon CnC init (variant abb)"; flow:established,to server; dsize:4; flowbits:isnotset,ET.hupa.init ...
alert tcp $EXTERNAL NET 81 $HOME NET any (msg:"ET TROJAN Bifrose Response from Controller"; flow:established,from server; dsize:9; content:" 05 00 00 00 BC "; depth ...
alert tcp $EXTERNAL NET 443 $HOME NET any (msg:"ET TROJAN Win32.Onlinegames.ajok CnC Packet from Server"; flow:established,from server; flowbits:isset,ET.onlinegames ...
alert tcp $HOME NET any $EXTERNAL NET 8074 (msg:"ET POLICY GaduGadu Chat Client Login Packet"; flowbits:isset,ET.gadu.welcome; flow:established,to server; dsize ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Vipdataend/Ceckno C C Traffic Checkin"; flow:established,to server; dsize: Added 2008 06 24 23:26 ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Dorf/Win32.Inject.adt C C Communication Outbound"; flow:established,to server; dsize:16; content:"1SCD ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Ceckno Reporting to Controller"; flow:established,to server; dsize: Added 2008 06 24 23:26:43 UTC ...
alert tcp $EXTERNAL NET 1024: $HOME NET any (msg:"ET TROJAN Turkojan C C Browse Drive Command (BROWSC)"; flow:established,from server; dsize: Added 2008 06 24 23 ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Turkojan C C Keepalive (BAGLANTI)"; flow:established,to server; dsize:9; content:"BAGLANTI?"; classtype ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Delf CnC Channel Packet 1"; flowbits:isnotset,ET.unk.1; flow:established,to server; dsize: Added 2008 ...
alert tcp $EXTERNAL NET 1024: $HOME NET any (msg:"ET TROJAN Delf CnC Channel Packet 1 reply"; flowbits:isset,ET.unk.1; flow:established,from server; dsize: Added ...
Number of topics: 100
-- MattJonkman - 28 Feb 2007
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback