Main Web50 Recent Changes in Main Web retrieved at 23:15 (GMT)
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Shopcenter.co.kr Spyware Install Report"; flow:established,to server; uricontent:"/RewardInstall ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (agent)"; flow: to server,established; content:" 0d 0a User Agent\: agent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Possible Storm Worm EXE Request (fireworks.exe)"; flow:established,to server; content ...
SandnetAnalystsGroup Member list (comma separated list): Set GROUP MattJonkman, DeapeshMisra, BlakeHartstein, JamesMcQuaid, AndreDiMino, DavidBianco, TeresaGarner ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp any 20 $HOME NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send Javascript"; flow: established; content:" 0d 0a ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Unknown Keylogger checkin"; flow:established; content:"GET"; depth:4; uricontent:"?mail "; uricontent ...
alert tcp any 20 $HOME NET 25 (msg:"ET MALWARE Possible Windows executable sent when remote host claims to send an image"; flow: established; content:"Content ...
alert tcp any $HTTP PORTS $HOME NET any (msg:"ET MALWARE Windows executable sent when remote host claims to send image, Win32"; flow: established; content:"Content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Keylogger Crack by bahman"; flow:established; content:"POST"; depth:5; content:" message 2b keylogger ...
alert tcp $HOME NET any $EXTERNAL NET 82 (msg:"ET TROJAN LD Pinch Checkin (HTTP POST on port 82)"; flow:established,to server; content:"POST "; depth:5; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Win32 Cloaker Related Post Infection Checkin"; flow:established,to server; uricontent:"/log/proc ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (Playtech Downloader)"; flow:to server,established; content:" 0d 0a User ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (ISMYIE)"; flow:to server,established; content:" 0d 0a User Agent\: ISMYIE ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Donkeyp2p Update Detected"; flow:established,to server; content:"GET "; depth:4; uricontent:"donkeyp2p ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET CURRENT EVENTS Possible Storm Worm URL Request (mylove.exe)"; flow:established,to server; content:"GET ...
Ruleset Downloads All Emerging Threats Signatures http://www.emergingthreats.net/rules/ Browseable Web Directory Format Web Directory Daily Change ...
Emerging Bro Signatures Bro is an Open Source IDS similar to Snort, but with a different philosophy. Bro is not primarily intended to do byte wise signature matching ...
alert tcp $EXTERNAL NET any $HOME NET $HTTP PORTS (msg:"ET SCAN bsqlbf Brute Force SQL Injection"; flow:established,to server; content:" 0d 0a User Agent\: bsqlbf ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:"ET POLICY HTTP CONNECT Tunnel Attempt Outbound"; flow: to server,established; content:"CONNECT "; nocase; content ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET POLICY HTTP CONNECT Tunnel Attempt Inbound"; flow: to server,established; content:"CONNECT "; nocase; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Vipdataend C C Traffic Checkin"; flow:established,to server; dsize: Added 2008 06 24 23:26:43 UTC ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Unnamed kuaiche.com related"; flow:established,to server; content:"GET "; depth:4; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE User Agent Containing http\:// Suspicious Likely Spyware/Trojan"; flow:to server,established ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (Accessing)"; flow:to server,established; content:" 0d 0a User Agent\: ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET VIRUS Sality Virus User Agent Detected (KUKU)"; flow:established,to server; content:"User Agent\: KUKU ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Steam Steal0r"; flow:established,to server; uricontent:"info Steam 20 Steal0r 20 "; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN LDPinch Checkin (5)"; flow:established,to server; uricontent:".php"; nocase; content:"a "; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Beizhu/Womble/Vipdataend Controller Keepalive"; flow:established,to server; dsize:1; content:"d"; classtype ...
alert tcp $EXTERNAL NET 6112 $HOME NET any (msg:"ET GAMES Battle.net connection reset (possible IP Ban)"; flags:R,12; classtype: policy violation; sid:2002117; ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN LDPinch Checkin (4)"; flow:established,to server; content:"a "; offset:0; depth:2; content:" b ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:"ET TROJAN Pakes/Cutwall/Kobcka Checkin Detected High Ports"; flow:established,to server; dsize: Added 2008 06 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:"ET TROJAN Win32.Small.wpx or Related Downloader Posting Data"; flow:to server,established; content:"POST "; depth ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET SCAN Amap Scannner Traffic Inbound"; flow:to server; content:" 79 08 00 00 00 01 00 00 00 00 00 00 20 43 4B 41 ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:"ET TROJAN FSG Packed Binary via HTTP Inbound"; flow:from server,established; content:" 4D 5A "; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Banload iLLBrain Trojan Activity"; flow:to server,established; content:"GET"; depth:4; content ...
alert tcp $HOME NET any $EXTERNAL NET 82 (msg:"ET TROJAN LDPinch Checkin on Port 82"; flow:established,to server; uricontent:".php"; nocase; content:"a "; content ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Suspicious User Agent (angel)"; flow:to server,established; content:" 0d 0a User Agent\: angel ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Seekmo.com Spyware Data Upload"; flow:established,to server; uricontent:".aspx?"; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET MALWARE Winquickupdates.com/Mycashloads.com Related Trojan Install Report"; flow:established,to server ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
Spamhaus.org DROP List This ruleset takes a daily list of known spammers and spam networks as researched by Spamhaus and converts them into Snort signatures, Bro Signatures ...
Dshield Top Attackers This ruleset takes a daily list of the top attackers reported to Dshield and converts them into Snort signatures, Bro Signatures, and Firewall ...
Shadowserver.org Known Command and Control Rules This ruleset takes a daily list of the known CnC Servers as researched by Shadowserver.org and converts them into ...
Using the Emerging Threats Firewall Rules The firewall rulesets are versions of the IP Block lists in a format easily imported into IPF, IPTables, PF, and PIX firewalls ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:"ET TROJAN Themida Packed Binary Likely Hostile"; flow:established,from server; content:" 2E 69 64 61 74 61 20 ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET TROJAN Swizzor Checkin"; flow:established,to server; content:"GET "; depth:4; uricontent:"c "; uricontent ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET VIRUS CoreFlooder.Q Data Posting"; flow:established,to server; content:"POST"; depth:4; uricontent:" ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:"ET Google Search Appliance browsing the Internet"; flow:to server,established; content:"GET "; depth:4; ...
Number of topics: 50
See also:
RSS feed, recent changes with 50, 100, 200, 500, 1000 topics, all changes
Main Web
Create New Topic
Index
Search
Changes
Preferences- User Reference
- ATasteOfTWiki
- TextFormattingRules
- Signature Reference
- WebRss Feed
- EmergingFAQ
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback