50 Recent Changes in Main Web retrieved at 12:42 (GMT)

My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Revcode RAT CnC 2`; flow:established,to server; content:`POST`; http method; content:`.php`; http uri ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Revcode RAT CnC`; flow:established,to server; content:`POST`; http method; content:`.php`; http uri; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN XZY Retrieving Payload`; flow:to server,established; content:`GET`; http method; content:`/sosdoudou ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CopyKittens Cobalt Strike DNS Lookup (cloudflare analyse . com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CopyKittens Matryoshka DNS Lookup 2 (twiter statics . info)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CopyKittens Matryoshka DNS Lookup 1 (winupdate64 . com)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TDTESS Backdoor User Agent`; flow:established,to server; content:`XXXXXXXXXXXXXXXXX/5.0 (Windows NT 6 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS EITest Keitaro Evil Redirect Leading to SocENG July 25 2017`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS EITest Inject July 25 2017`; flow:established,from server; file data; content:`var a a 7c 7c ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Shifr Ransomware CnC DNS Query (ojdue4474qghybjb)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Shifr Ransomware CnC DNS Query (v5t5z6a55ksmt3oh)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2 ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Shifr Ransomware Malicious Domain in SNI Observed`; flow:to server,established; content:` 00 00 19 v5t5z6a55ksmt3oh ...
alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO HTTP POST to Free Webhost Possible Successful Phish (site40 . net) Jul 18 2017`; flow:to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN HTTP Request with suspicious filename myguy`; flow:established,to server; content:`myguy`; http uri ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Bitshifter Ransomware CnC Checkin`; flow:established,to server; content:`GET`; http method; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible NotPetya Related DNS query`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Possible NotPetya Related DNS query`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0e ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Malicious Domain SSL Cert in SNI (Unknown Stealer CnC)`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE ProxyGearPro Proxy Tool PUA`; flow:to server,established; content:`GET`; http method; content:`Proxy ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DarkHotel Downloader CnC Beacon 2`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DarkHotel Downloader CnC Beacon 1`; flow:established,to server; content:`GET`; http method; content: ...
alert udp $HOME NET any $EXTERNAL NET 69 (msg:`ET TFTP Outbound TFTP Data Transfer With Cisco Config 2`; content:` 00 03 `; depth:2; content:`NVRAM config last ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Tech Support Scam Landing Jul 19 2017`; flow:from server,established; content:`200`; http stat ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN CDT Credphish/Netwire Campaign DNS Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Win32/Parite.B Checkin 3`; flow:to server,established; dsize: 1000; content:` 00 00 00 00 9c 00 00 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN InstallCore Variant CnC Checkin`; flow:established,to server; urilen:1; content:`POST`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Banker.AndroidOS.Marcher.a Checkin`; flow:to server,established; content:`POST`; http ...
alert udp $HOME NET any any 53 (msg:`ET POLICY OpenDNS IP Lookup`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 04 myip 07 opendns 03 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Possible External IP Lookup whoer.net`; flow:established,to server; content:`Host 3a 20 whoer.net 0d ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Chroject.B Retrieving encoded payload`; flow:to server,established; content:`GET`; http method ...
alert tcp $HOME NET any $EXTERNAL NET 442,443,446,447,8001 (msg:`ET TROJAN Win32/Ramnit Checkin`; flow:established,to server; dsize:6; content:` 00 ff `; depth ...
alert udp $HOME NET any $EXTERNAL NET 69 (msg:`ET TFTP Outbound TFTP Data Transfer with Cisco config`; content:` 00 03 `; depth:2; content:` 0a 21 20 version 20 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CoinMiner Known Malicious Stratum Authline (2017 07 17 7)`; flow:established,to server; dsize: Added 2017 ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN Win32/Parite.B Checkin 3`; flow:to server,established; dsize: 1000; content:` 00 00 00 00 9c 00 00 00 ...
alert tcp $HOME NET any $EXTERNAL NET 6666:7000 (msg:`ET TROJAN IRC Private message on non standard port`; flow:to server,established; dsize: Added 2017 06 06 16 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Observed Malicious DNS Query (Reyptson Ransomware CnC)`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CoinMiner Known Malicious Stratum Authline (2017 07 11 1)`; flow:established,to server; dsize: Added 2017 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Tinba Banker CnC Response`; flow:established,from server; file data; content:` 00 00 00 00 48 65 61 44 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Excel Online Phishing Landing Title over non SSL`; flow:established,to client; file ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Tesco Bank Phish M1 Nov 08 2016`; flow:to server,established; content:`POST`; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats