50 Recent Changes in Main Web retrieved at 19:28 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY HTTPie User Agent Outbound`; flow:established,to server; content:`HTTPie/`; http user agent; depth:7 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN PTsecurity NNR XORed Zip payload (key 0x91)`; flow:established,from server; content:`200`; http stat ...
#alert udp $HOME NET any any 53 (msg:`ET DELETED Possible Winnti related DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0f ...
alert dns $HOME NET any any any (msg:`ET POLICY DNS Query For Browser Cryptocurrency Mining Domain`; content:` 06 static 0a reasedoper 02 pw 00 `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Phishing Attempt via GetGoPhish Phishing Tool`; flow:to server,established; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Phishing Landing via GetGoPhish Phishing Tool`; flow:to server,established; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Observed Malicious SSL Cert (Coinhive URL Shortener)`; flow:established,to client; tls cert subject ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Vibem.C CnC Activity`; flow:established,to server; content:` 63 76 c4 52 99 1d 04 80 a9 1b 2d ` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XOR Checkin via HTTP`; flow:established,to server; content:`MSIE 6.0 3b 20 Windows NT 5.2 3b 20 SV1 3b ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex/Trickbot CnC)`; flow:established,from ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/Karmen Ransomware CnC Activity`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Unk.Stealer CnC Activity`; flow:established,to server; content:`POST`; http method; content:`/check ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Phish 2018 05 16 (set)`; flow:established,to server; flowbits:set,ET.genericphish ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoBot Sending LAN Details`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoBot Sending Machine Details`; flow:established,to server; content:`POST`; http method; content:` ...
alert http any any $HOME NET any (msg:`ET EXPLOIT HackingTrio UA (Hello, World)`; flow:established,to server; content:`POST`; http method; content:`Hello, World ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TDS Sutra page redirecting to a SutraTDS`; flow:established,to client; file data; content: ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT PDF With Embedded U3D`; flow:established,to client; content:`obj`; content:` Added 2018 05 16 17 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT Possible Javascript obfuscation using app.setTimeOut in PDF in Order to Run Code`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Suspicious User Agent (InfoBot)`; flow:to server,established; content:`InfoBot`; http user agent ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan Spy.Win32.Agent.byhm User Agent (EMSCBVDFRT)`; flow:to server,established; content:`EMSCBVDFRT ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Rogue.Win32/Winwebsec Install`; flow:to server,established; content:`/api/stats/install/?affid `; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Datamaikon Checkin NewAgent`; flow:to server,established; content:`/index.dat?`; http uri; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DwnLdr JMZ Downloading Binary 2`; flow:established,to server; content:`/?path qx200.exe`; http uri; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DwnLdr JMZ Downloading Binary`; flow:established,to server; content:`/ngt.exe`; fast pattern; http uri ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN FakeAV Landing Page Initializing Protection System`; flow:established,from server; content:` Initializing ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN SpyEye Checkin version 1.3.25 or later 3`; flow:established,to server; content:`POST`; http method; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Cridex.B/Feodo Checkin`; flow:to server,established; content:`POST`; nocase; http method; content:` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan Spy.Win32.Zbot.djrm Checkin`; flow:to server,established; content:`/index.html?mac `; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Generic Dropper User Agent (XXXwww)`; flow:established,to server; content:`User Agent 3a XXXwww`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32.Blocker Checkin`; flow:established,to server; content:`/gate.php?cmd `; http uri; content:` botnet ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Protux.B Download Update`; flow:from client,established; content:`Mozilla/4.2.20 (compatible 3B ...
#alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Backdoor.Win32.Riern.K Checkin Off Port`; flow:established,from client; content:` 01 new host `; depth ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Kazy Checkin`; flow:established,to server; content:`/guidcheck.php?q `; http uri; content:` g ` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoStealer Checkin`; flow:established,to server; content:`POST`; nocase; http method; content:`/abc ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Peed Checkin`; flow:established,to server; content:`POST`; nocase; http method; content:`.php`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/LockScreen Scareware Geolocation Request`; flow:established,to server; content:`/loc/gate.php?getpic ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InfoStealer Checkin`; flow:established,to server; content:`POST`; nocase; http method; content:`/login ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ABUD Checkin`; flow:established,to server; content:`/imagedump/image.php?size `; http uri; content: ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN NfLog Checkin (TTip)`; flow:to server,established; content:`/NfStart.asp?ClientId `; http uri; nocase ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Pasta.IK Checkin`; flow:established,to server; content:`/data/index.asp?act `; http uri; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sefnit Checkin 5`; flow:established,to server; content:`?subid `; http uri; content:` u `; distance ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sefnit Checkin 4`; flow:established,to server; content:`?aid `; http uri; content:` url `; http uri ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Karagany/Kazy Obfuscated Payload Download`; flow:established,to client; content:`Content Disposition ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN NfLog Checkin`; flow:to server,established; content:`POST`; http method; nocase; content:`/Nfile.asp ...
#alert http $HOME NET any $EXTERNAL NET !$HTTP PORTS (msg:`ET TROJAN UPDATE Protocol Trojan Communication detected on non http ports`; flow:to server,established ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats