Last 50 Rule Changes

Results from Main web retrieved at 16:52 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Egobot Checkin`; flow:to server,established; content:`.php?arg1 `; nocase; fast pattern; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible W32/KanKan tools.ini Request`; flow:established,to server; content:`/tools.ini`; http uri; fast ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SUSPICIOUS taskmgr.exe in URI Probable Process Dump/Trojan Download`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SUSPICIOUS connhost.exe in URI Probable Process Dump/Trojan Download`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SUSPICIOUS msctcd.exe in URI Probable Process Dump/Trojan Download`; flow:established,to server ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Oracle JSF2 Path Traversal Attempt`; flow:established,to server; content:`/WEB INF/web ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Generic Multi Email Phishing Landing 2018 08 30`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FakeAV Install`; flow:established,to server; content:`GET`; http method; content:`/api/stats/debug/` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SUSPICIOUS wsqmocn.exe in URI Probable Process Dump/Trojan Download`; flow:established,to server ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP GET SuperGlobal in POST`; flow:established,to server; content:` GET `; fast pattern; http ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP REQUEST SuperGlobal in POST`; flow:established,to server; content:` REQUEST `; fast pattern ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS DRIVEBY Redirection Forum Injection`; flow:established,to server; urilen:2733; content:`.js ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP POST SuperGlobal in POST`; flow:established,to server; content:` POST `; fast pattern; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBS.ayr CnC command (is enum driver)`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBS.ayr CnC command (is cmd shell)`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Waledac FACEPUNCH Traffic Detected`; flow:to server,established; content:`POST`; depth:4; http method ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS FiestaEK js redirect`; flow:established,to server; content:`/?`; http uri; fast pattern; pcre ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Possible VBulletin Unauthorized Admin Account Creation`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS DotkaChef EK initial landing from Oct 02 2013 mass site compromise EK campaign`; flow:established ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP REQUEST SuperGlobal in URI`; flow:established,to server; content:` REQUEST `; fast pattern ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP ENV SuperGlobal in POST`; flow:established,to server; content:` ENV `; fast pattern; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBS.ayr CnC command (is enum process)`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DATA BROKER BOT Activity`; flow:established,to server; content:`POST`; http method; content:`g `; depth ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP ENV SuperGlobal in URI`; flow:established,to server; content:` ENV `; fast pattern; http ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP COOKIE SuperGlobal in POST`; flow:established,to server; content:` COOKIE `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Dipverdle.A Activity`; flow:to server,established; content:`POST`; http method; content:`/cp/? ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP SESSION SuperGlobal in POST`; flow:established,to server; content:` SESSION `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS LightsOut EK POST Compromise POST`; flow:to server,established; content:`POST`; http method; ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP SERVER SuperGlobal in POST`; flow:established,to server; content:` SERVER `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS BHEK Payload Download (java only alternate method may overlap with 2017454)`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Caphaw Requesting Additional Modules From CnC`; flow:established,to server; content:`/ping.html?r ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN SpamBot Email Template Request`; flow:established,to server; content:`/ae1.php`; fast pattern; http uri ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP GET SuperGlobal in URI`; flow:established,to server; content:` GET `; fast pattern; http ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP SESSION SuperGlobal in URI`; flow:established,to server; content:` SESSION `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN RegSubsDat Checkin`; flow:established,to server; content:`POST`; http method; nocase; content:`0000/log ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP POST SuperGlobal in URI`; flow:established,to server; content:` POST `; fast pattern; http ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Coldfusion 9 Auth Bypass CVE 2013 0632`; flow:to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win64/Vabushky.A Malicious driver download`; flow:established,to server; content:`.bmp.gz`; http uri ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible FortDisco Reporting Hacked Accounts`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CBReplay.P Ransomware`; flow:established,to server; content:`MSIE 9.0 3b `; fast pattern; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Bitcoin variant Checkin`; flow:to server,established; content:!` 0d 0a Referer`; nocase; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Proxychecker Lookup`; flow:established,to server; content:`/proxy/proxychecker/`; http uri; nocase; fast ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN SpamBot Configuration File Request`; flow:established,to server; content:`/lts.txt`; fast pattern; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kovter Ransomware Check in`; flow:established,to server; content:`.php?mode `; nocase; http uri; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP COOKIE SuperGlobal in URI`; flow:established,to server; content:` COOKIE `; fast pattern ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Possible Apache Struts OGNL in Dynamic Action`; flow:established,to server; content:`/${`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32.Troj.Cidox Checkin`; flow:established,to server; content:`.php?sign `; fast pattern; http uri; ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER Joomla Upload File Filter Bypass`; flow:established,to server; content:`option com media`; http ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER PHP SERVER SuperGlobal in URI`; flow:established,to server; content:` SERVER `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Magnitude EK (formerly Popads) Flash Exploit Requested`; flow:established,to server; urilen:70 ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats