EmergingThreats's Main web

EmergingThreats's Main web The web for users, groups and offices. TWiki is an Enterprise Collaboration Platform. http://doc.emergingthreats.net/bin/view/Main Copyright 2013 Emerging Threats and Contributing Authors 2013-05-24T23:11:21Z 2016923 http://doc.emergingthreats.net/bin/view/Main/2016923 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest)

TWikiGuest 2016926 http://doc.emergingthreats.net/bin/view/Main/2016926 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Landing Page 2 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest)

TWikiGuest 2015624 http://doc.emergingthreats.net/bin/view/Main/2015624 2013-05-24T23:11:21Z

alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32.Gh0st Checkin (5 12 Byte keyword)`; flow:to server,established; dsize: Added 2013 05 24 ... (last changed by TWikiGuest)

TWikiGuest 2016928 http://doc.emergingthreats.net/bin/view/Main/2016928 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS HellSpawn EK Landing 2 May 24 2013`; flow:to client,established; file data; content:`FlashPlayer ... (last changed by TWikiGuest)

TWikiGuest 2016922 http://doc.emergingthreats.net/bin/view/Main/2016922 2013-05-24T23:11:21Z

alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic`; flow:to server,established; byte jump:4,5,from beginning,little ... (last changed by TWikiGuest)

TWikiGuest 2016384 http://doc.emergingthreats.net/bin/view/Main/2016384 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS WordPress CommentLuv Plugin ajax nonce Parameter XSS Attempt`; flow:established ... (last changed by TWikiGuest)

TWikiGuest 2016929 http://doc.emergingthreats.net/bin/view/Main/2016929 2013-05-24T23:11:21Z

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible HellSpawn EK Fake Flash May 24 2013`; flow:to server,established; content:`/FlashPlayer ... (last changed by TWikiGuest)

TWikiGuest 2016832 http://doc.emergingthreats.net/bin/view/Main/2016832 2013-05-24T23:11:21Z

alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS HellSpawn EK Requesting Jar`; flow:established,to server; content:`/j21.jar`; http uri; content ... (last changed by TWikiGuest)

TWikiGuest 2016930 http://doc.emergingthreats.net/bin/view/Main/2016930 2013-05-24T23:11:21Z

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible HellSpawn EK Java Artifact May 24 2013`; flow:to server,established; content ... (last changed by TWikiGuest)

TWikiGuest 2016924 http://doc.emergingthreats.net/bin/view/Main/2016924 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class 2 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest)

TWikiGuest 2015575 http://doc.emergingthreats.net/bin/view/Main/2015575 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class`; flow:to client,established; file data; content:`Gond` ... (last changed by TWikiGuest)

TWikiGuest 2016925 http://doc.emergingthreats.net/bin/view/Main/2016925 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Landing Page 1 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest)

TWikiGuest 2016927 http://doc.emergingthreats.net/bin/view/Main/2016927 2013-05-24T23:11:21Z

alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS HellSpawn EK Landing 1 May 24 2013`; flow:to client,established; file data; content:`function ... (last changed by TWikiGuest)

TWikiGuest 2016918 http://doc.emergingthreats.net/bin/view/Main/2016918 2013-05-24T00:38:13Z

alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER Possible NGINX Overflow CVE 2013 2028 Exploit Specific`; flow:established,to server; content ... (last changed by TWikiGuest)

TWikiGuest 2016921 http://doc.emergingthreats.net/bin/view/Main/2016921 2013-05-23T23:39:37Z

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO Suspicious Mozilla UA with no Space after colon`; flow:established,to server; content:`User Agent ... (last changed by TWikiGuest)

TWikiGuest 2016919 http://doc.emergingthreats.net/bin/view/Main/2016919 2013-05-23T23:39:37Z

alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Malicious Redirect URL`; flow:established,to server; content:`/8gcf744Waxolp752.php`; ... (last changed by TWikiGuest)

TWikiGuest