EmergingThreats's Main web http://doc.emergingthreats.net/bin/view/Main The web for users, groups and offices. TWiki is an Enterprise Collaboration Platform. en-us Copyright 2013 Emerging Threats and Contributing Authors TWiki Administrator [twiki@emergingthreats.net] The contributing authors of EmergingThreats? EmergingThreats .Main http://doc.emergingthreats.net/bin/view/Main http://doc.emergingthreats.net/logo.png 2016923 http://doc.emergingthreats.net/bin/view/Main/2016923 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class 1 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016926 http://doc.emergingthreats.net/bin/view/Main/2016926 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Landing Page 2 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2015624 http://doc.emergingthreats.net/bin/view/Main/2015624 alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32.Gh0st Checkin (5 12 Byte keyword)`; flow:to server,established; dsize: Added 2013 05 24 ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016928 http://doc.emergingthreats.net/bin/view/Main/2016928 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS HellSpawn EK Landing 2 May 24 2013`; flow:to client,established; file data; content:`FlashPlayer ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016922 http://doc.emergingthreats.net/bin/view/Main/2016922 alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic`; flow:to server,established; byte jump:4,5,from beginning,little ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016384 http://doc.emergingthreats.net/bin/view/Main/2016384 alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SPECIFIC APPS WordPress CommentLuv Plugin ajax nonce Parameter XSS Attempt`; flow:established ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016929 http://doc.emergingthreats.net/bin/view/Main/2016929 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible HellSpawn EK Fake Flash May 24 2013`; flow:to server,established; content:`/FlashPlayer ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016832 http://doc.emergingthreats.net/bin/view/Main/2016832 alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS HellSpawn EK Requesting Jar`; flow:established,to server; content:`/j21.jar`; http uri; content ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016930 http://doc.emergingthreats.net/bin/view/Main/2016930 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible HellSpawn EK Java Artifact May 24 2013`; flow:to server,established; content ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016924 http://doc.emergingthreats.net/bin/view/Main/2016924 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class 2 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2015575 http://doc.emergingthreats.net/bin/view/Main/2015575 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Kit Java Class`; flow:to client,established; file data; content:`Gond` ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016925 http://doc.emergingthreats.net/bin/view/Main/2016925 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS KaiXin Exploit Landing Page 1 May 24 2013`; flow:to client,established; file data; content ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016927 http://doc.emergingthreats.net/bin/view/Main/2016927 alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS HellSpawn EK Landing 1 May 24 2013`; flow:to client,established; file data; content:`function ... (last changed by TWikiGuest) 2013-05-24T23:11:21Z guest 2016918 http://doc.emergingthreats.net/bin/view/Main/2016918 alert tcp $EXTERNAL NET any $HTTP SERVERS $HTTP PORTS (msg:`ET WEB SERVER Possible NGINX Overflow CVE 2013 2028 Exploit Specific`; flow:established,to server; content ... (last changed by TWikiGuest) 2013-05-24T00:38:13Z guest 2016921 http://doc.emergingthreats.net/bin/view/Main/2016921 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET INFO Suspicious Mozilla UA with no Space after colon`; flow:established,to server; content:`User Agent ... (last changed by TWikiGuest) 2013-05-23T23:39:37Z guest 2016919 http://doc.emergingthreats.net/bin/view/Main/2016919 alert tcp $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Malicious Redirect URL`; flow:established,to server; content:`/8gcf744Waxolp752.php`; ... (last changed by TWikiGuest) 2013-05-23T23:39:37Z guest