alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN ZeuS ICE IX cid in cookie"; content:"POST"; http method; content:" 0D 0A Cookie 3a cid "; pcre: ...
#alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET DELETED HTTP Request to a .cz.tf domain"; flow:to server,established; content:".cz.tf 0D 0A "; fast ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN MSUpdater POST checkin to CnC"; flow:established,to server; content:"/microsoft/errorpost/default ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN MSUpdater post auth checkin"; flow:established,to server; content:"/search6"; http uri; fast pattern ...
alert tcp $EXTERNAL NET 443 $HOME NET any (msg:"ET TROJAN Sykipot SSL Certificate serial number detected"; flow:established,to client; content:" 16 "; content: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MOBILE MALWARE Android/Plankton.P Commands Request to CnC Server"; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN MSUpdater alt checkin to CnC"; flow:established,to server; content:"/microsoft/errorpost/default ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS CUTE IE.html CutePack Exploit Kit Iframe for Landing Page Detected"; flow:established ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN TLD4 Purple Haze Variant Initial CnC Request for Ad Servers"; flow:established,to server; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET POLICY File Being Uploaded to SendSpace File Hosting Site"; flow:established,to server; content:"POST ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS Blackhole Exploit Kit JavaScript colon string splitting"; flow:established,from server ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Blackhole Acrobat 8/9.3 PDF exploit download request 5"; flow:established,to server; content ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET CURRENT EVENTS Yang Pack Exploit Kit Landing Page Known JavaScript Function Detected"; flow:established ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Blackhole Java Exploit request to /content/rin.jar"; flow:established,to server; content ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS IBBY nouvelles.php id Parameter UPDATE SET SQL Injection Attempt"; flow:established ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS IBBY nouvelles.php id Parameter INSERT INTO SQL Injection Attempt"; flow:established ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS IBBY nouvelles.php id Parameter UNION SELECT SQL Injection Attempt"; flow:established ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS IBBY nouvelles.php id Parameter SELECT FROM SQL Injection Attempt"; flow:established ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS Joomla mod currencyconverter from Cross Site Scripting Attempt"; flow:established ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS SAPID get infochannel.inc.php Remote File inclusion Attempt"; flow:established ...
alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:"ET WEB SPECIFIC APPS IBBY nouvelles.php id Parameter DELETE FROM SQL Injection Attempt"; flow:established ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32.MSUpdater C C traffic GET"; flow:from client,established; content:".aspx?ID "; http uri ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Incognito Exploit Kit Java request to showthread.php?t "; flow:established,to server; ...
##alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET DELETED MSUpdater.net Spyware Checkin"; flow:established,to server; content:"/popsetarray.php? country ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32/Cryptrun.B/MSUpdater C C traffic 1"; flow:from client,established; content:"/search"; http ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Laik exploit kit binary download request"; flow:established,to server; content:"/load ...