Last 50 Rule Changes

Results from Main web retrieved at 11:12 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Tesch.B CnC Beacon`; flow:established,to server; content:`POST`; http method; content:`.php`; ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Vulnerable Magento Adminhtml Access`; flow:established,to server; content:`Adminhtml` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Dalexis Downloading EXE`; flow:established,to server; content:`.jpg`; http uri; pcre:`/\.jpg$/U`; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Possible ThousandEyes User Agent Outbound`; flow:established,to server; content:`Mozilla/5.0 AppleWebKit ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PunkeyPOS HTTP CnC Beacon 4`; flow:established,to server; content:`POST`; http method; content:`/`; offset ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Fiesta EK Flash Exploit Apr 23 2015`; flow:established,from server; content:`Content Disposition ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible CryptoPHP Leaking Credentials May 8 2015 M1`; flow:established,to server; content:`GET`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Zacom/NFlog HTTP POST Connectivity Check`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible CryptoPHP Leaking Credentials May 8 2015 M2`; flow:established,to server; content:`GET`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PunkeyPOS HTTP CnC Beacon Fake UA`; flow:established,to server; content:`Mozilla Firefox/4.0`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PunkeyPOS HTTP CnC Beacon 3`; flow:established,to server; content:`POST`; http method; content:!`Accept ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS MSF Meterpreter Default User Agent`; flow:established,to server; content:`Mozilla/4.0 (compatible ...
alert http any any $HTTP SERVERS any (msg:`ET INFO Possible ThousandEyes User Agent Inbound`; flow:established,to server; content:`Mozilla/5.0 AppleWebKit/999.0 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Miniduke variant C C activity`; flow:to server,established; content:` Auth `; http uri; content:` Session ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible CryptoPHP Leaking Credentials May 8 2015 M3`; flow:established,to server; content:`GET`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PunkeyPOS HTTP CnC Beacon 1`; flow:established,to server; content:`POST`; http method; content:!`Accept ...
alert http any any $HOME NET any (msg:`ET EXPLOIT Motorola SBG900 Router DNS Change GET Request`; flow:to server,established; content:`GET`; http method; content ...
alert http any any $HOME NET any (msg:`ET EXPLOIT ASUS RT N56U Router DNS Change GET Request 2`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FighterPOS CnC Beacon 2`; flow:established,to server; content:`GET`; http method; content:`/log.php?id ...
alert http any any $HOME NET any (msg:`ET EXPLOIT Linksys WRT54GL DNS Change GET Request`; flow:to server,established; content:`GET`; http method; content:`/Basic ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mikey Variant HTTP CnC Beacon 3`; flow:established,to server; content:`GET`; http method; content:!`User ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Maldoc Retrieving Dridex from pastebin`; flow:established,to server; content:`GET`; http method ...
alert http any any $HOME NET any (msg:`ET EXPLOIT TP LINK TL WR841N Router DNS Change GET Request`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN LankerBoy HTTP CnC Beacon`; flow:established,to server; content:`GET`; http method; content:`.txt`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kriptovor Retrieving RAR Payload`; flow:established,to server; content:`GET`; http method; content:` ...
alert http any any $HOME NET any (msg:`ET EXPLOIT Netgear WNDR Router DNS Change POST Request`; flow:to server,established; content:`POST`; http method; urilen ...
alert http any any $HOME NET any (msg:`ET EXPLOIT ASUS RT N56U Router DNS Change GET Request 3`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Win32/SillyFDC WordPress Traffic`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CoinVault CnC Beacon M2`; flow:established,to server; content:`POST`; http method; content:!`User Agent ...
alert http any any $HOME NET any (msg:`ET EXPLOIT FritzBox RCE GET Request`; flow:to server,established; content:`GET`; http method; content:`/cgi bin/webcm?`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mikey Variant HTTP CnC Beacon 1`; flow:established,to server; content:!`Accept `; http header; content ...
alert http any any $HOME NET any (msg:`ET EXPLOIT TP LINK TL WR750N DNS Change GET Request`; flow:to server,established; content:`GET`; http method; content:`/userRpm ...
alert http any any $HOME NET any (msg:`ET EXPLOIT Belkin G F5D7230 4 Router DNS Change GET Request`; flow:to server,established; content:`GET`; http method; content ...
alert http any any $HOME NET any (msg:`ET EXPLOIT TP LINK Known Malicious Router DNS Change GET Request`; flow:to server,established; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kriptovor External IP Lookup checkip.dyndns.org`; flow:established,to server; content:`GET`; http method ...
alert http any any $HOME NET any (msg:`ET EXPLOIT ASUS RT N56U Router DNS Change GET Request 1`; flow:to server,established; content:`GET`; http method; content ...
alert http any any $HOME NET any (msg:`ET EXPLOIT D link DI604 Known Malicious Router DNS Change GET Request`; flow:to server,established; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Volatile Cedar Win32.Explosive Fake User Agent`; flow:established,to server; content:`Mozilla/4.0 (compatible ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BePush/Kilim Checkin`; flow:established,to server; content:`GET`; http method; content:`/ok.txt`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Volatile Cedar Win32.Explosive HTTP CnC Beacon 1`; flow:established,to server; content:`.php?win `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY External IP Lookup ip whois`; flow:established,to server; content:`Host 3A 20 ip whois.net 0d 0a ` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Volatile Cedar Win32.Explosive HTTP CnC Beacon 1`; flow:established,to server; content:`.php?micro ` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY External IP Lookup Bravica`; flow:established,to server; content:`POST`; http method; content:`Host ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Skyfall fake Skype install link`; flow:established,to server; content:`/video/?n `; http uri; depth:10 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Upatre Binary Download Jan 02 2014`; flow:established,from server; content:`Content Type 3a 20 text/plain ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Hangover related campaign Response`; flow:established,to client; content:`200`; http stat code; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Remote Access RView Host .rview.com`; flow:established,to server; content:`.rview.com 0D 0A ` ...
alert tcp any any any 3389 (msg:`ET EXPLOIT NCC GROUP Possible Bluekeep Inbound RDP Exploitation Attempt (CVE 2019 0708)`; flow:to server,established; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed JS/Skimmer (likely Magecart) Domain in TLS SNI (imprintcenter .com)`; flow:established,to server ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android.Trojan.SMSSend.Y`; flow:established,to server; content:`/api/log.html 3f `; http uri ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats