TWiki's Main webThe web for users, groups and offices. TWiki is an Enterprise Collaboration Platform.http://doc.emergingthreats.net/bin/view/MainCopyright 2012 Emerging Threats and Contributing Authors2012-02-09T01:36:41Z2014198http://doc.emergingthreats.net/bin/view/Main/20141982012-02-09T01:36:41Zalert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN ZeuS ICE IX cid in cookie"; content:"POST"; http method; content:" 0D 0A Cookie 3a cid "; pcre: ... (last changed by TWikiGuest)TWikiGuest2013836http://doc.emergingthreats.net/bin/view/Main/20138362012-02-09T01:36:41Z#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET DELETED HTTP Request to a .cz.tf domain"; flow:to server,established; content:".cz.tf 0D 0A "; fast ... (last changed by TWikiGuest)TWikiGuest2011923http://doc.emergingthreats.net/bin/view/Main/20119232012-02-09T01:36:41Z##alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET DELETED FAKEAV CryptMEN inst.exe Payload Download"; flow:established,from server; content:"Content ... (last changed by TWikiGuest)TWikiGuestWebStatisticshttp://doc.emergingthreats.net/bin/view/Main/WebStatistics2012-02-08T21:51:30ZStatistics for Main Web Month: Topic views: Topic saves: File uploads: Most popular topic views: Top contributors for topic save and uploads ... (last changed by TWikiGuest)TWikiGuest2014217http://doc.emergingthreats.net/bin/view/Main/20142172012-02-07T03:00:20Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET TROJAN Delf/Troxen/Zema controller delivering clickfraud instructions"; flow:established,to client; file ... (last changed by TWikiGuest)TWikiGuest2014212http://doc.emergingthreats.net/bin/view/Main/20142122012-02-07T03:00:19Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN MSUpdater POST checkin to CnC"; flow:established,to server; content:"/microsoft/errorpost/default ... (last changed by TWikiGuest)TWikiGuest2014214http://doc.emergingthreats.net/bin/view/Main/20142142012-02-07T03:00:19Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN MSUpdater post auth checkin"; flow:established,to server; content:"/search6"; http uri; fast pattern ... (last changed by TWikiGuest)TWikiGuest2014216http://doc.emergingthreats.net/bin/view/Main/20142162012-02-07T03:00:19Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET TROJAN Delf/Troxen/Zema controller responding to client"; flow:established,to client; file data; content ... (last changed by TWikiGuest)TWikiGuest2014209http://doc.emergingthreats.net/bin/view/Main/20142092012-02-07T03:00:19Zalert tcp $EXTERNAL NET 443 $HOME NET any (msg:"ET TROJAN Sykipot SSL Certificate serial number detected"; flow:established,to client; content:" 16 "; content: ... (last changed by TWikiGuest)TWikiGuest2014213http://doc.emergingthreats.net/bin/view/Main/20142132012-02-07T03:00:19Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN MSUpdater Connectivity Check to Google"; flow:established,to server; content:"/search?qu "; http ... (last changed by TWikiGuest)TWikiGuest2014215http://doc.emergingthreats.net/bin/view/Main/20142152012-02-07T03:00:19Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MOBILE MALWARE Android/Plankton.P Commands Request to CnC Server"; flow:established,to server; content ... (last changed by TWikiGuest)TWikiGuest2014211http://doc.emergingthreats.net/bin/view/Main/20142112012-02-07T03:00:19Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN MSUpdater alt checkin to CnC"; flow:established,to server; content:"/microsoft/errorpost/default ... (last changed by TWikiGuest)TWikiGuest2014204http://doc.emergingthreats.net/bin/view/Main/20142042012-02-07T03:00:18Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS CutePack Exploit Kit JavaScript Variable Detected"; flow:established,to client; content ... (last changed by TWikiGuest)TWikiGuest2014207http://doc.emergingthreats.net/bin/view/Main/20142072012-02-07T03:00:18Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Likely MS12 004 midiOutPlayNextPolyEvent Heap Overflow Midi Filename Requested baby.mid ... (last changed by TWikiGuest)TWikiGuest2014203http://doc.emergingthreats.net/bin/view/Main/20142032012-02-07T03:00:18Zalert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS CUTE IE.html CutePack Exploit Kit Landing Page Request"; flow:established,to server; content ... (last changed by TWikiGuest)TWikiGuest2014206http://doc.emergingthreats.net/bin/view/Main/20142062012-02-07T03:00:18Zalert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS CutePack Exploit Kit Landing Page Detected"; flow:established,to client; content:"button ... (last changed by TWikiGuest)TWikiGuest