Last 50 Rule Changes

Results from Main web retrieved at 17:41 (GMT)

alert udp $HOME NET 3389,1024:65535 $EXTERNAL NET 3389,1024:65535 (msg:`ET P2P Edonkey Search Request (search by name)`; dsize: 5; content:` e3 98 `; depth ...
alert tcp $HOME NET 80 $EXTERNAL NET 25,445,1500 (msg:`ET TROJAN Win32/BlackCarat XORed (0x77) CnC Checkin`; flow:established,to server; dsize: 800; content: ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN AtomLogger Exfil via FTP`; flow:established,to server; content:`Username 3a 20 `; content:` 0d 0a Machine ...
alert smtp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Atom Logger exfil via SMTP`; flow:established,to server; content:`Subject 3a 20 `; content:` KEYLOG ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/LamePyre Screenshot Upload`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert tls 108.160.162.0/20,162.125.0.0/16,192.189.200.0/23,199.47.216.0/22,205.189.0.0/24,209.99.70.0/24,45.58.64.0/20 443 $HOME NET any (msg:`ET POLICY Dropbox ...
alert http any any $HOME NET any (msg:`ET WEB SPECIFIC APPS Kibana Attempted LFI Exploitation (CVE 2018 17246)`; flow:established,to server; content:`GET`; http ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN SA Banker Checkin`; flow:to server,established; content:`GET`; http method; content:`.php?role `; fast ...
alert tls $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN MageCart CnC Domain in SNI`; flow:to server,established; tls sni; content:`cdn content.cc`; isdataat:1 ...
alert tls $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN MageCart CnC Domain in SNI`; flow:to server,established; tls sni; content:`deliveryjs.cc`; isdataat:1 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (POWERRATANKBA CnC)`; flow:from server,established; tls cert subject; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 26`; dns query; content:`asimov win microsoft.services`; nocase; isdataat:1,relative; ...
alert dns $HOME NET any any any (msg:`ET TROJAN PS/PowerRatankba CnC DNS Lookup`; dns query; content:`bodyshoppechiropractic.com`; nocase; isdataat:1,relative; ...
alert dns $HOME NET any any any (msg:`ET TROJAN PS/PowerRatankba CnC DNS Lookup`; dns query; content:`ecombox.store`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 25`; dns query; content:`data microsoft.services`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 27`; dns query; content:`iecvlist microsoft.services`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 28`; dns query; content:`onecs live.services`; nocase; isdataat:1,relative; metadata: ...
alert dns $HOME NET any any any (msg:`ET POLICY DNS Query to .onion proxy domain (onion .pet)`; dns query; content:`.onion.pet`; nocase; isdataat:1,relative; metadata ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Apache Struts memberAccess inbound OGNL injection remote code execution attempt`; flow ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. pet))`; flow:established,to client; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Bitter RAT HTTP CnC Beacon M2`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert dns $HOME NET any any any (msg:`ET POLICY DNS Query to .onion proxy domain (onion .ws)`; dns query; content:`.onion.ws`; nocase; isdataat:1,relative; metadata ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Observed SSL Cert (Tor Proxy Domain (.onion. ws))`; flow:established,to client; tls cert subject; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed TrumpHead Ransomware CnC Domain (6bbsjnrzv2uvp7bp .onion .pet in TLS SNI)`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Sharik/Smoke Loader 7zip Connectivity Check`; flow:established,to server; content:`GET`; http ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Cryptor Ransomware CnC Domain (e3kok4ekzalzapsf .onion .ws in TLS SNI)`; flow:established,to ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)`; flow:from server,established; tls cert subject ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Awad Bot CnC Domain (hawad .000webhostapp .com in TLS SNI)`; flow:established,to server; tls ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ServHelper RAT CnC Domain Observed in SNI`; flow:established,to server; tls sni; content:`arhidsfderm ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ServHelper RAT CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ColdRiver APT DNSpionage MITM)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Observed Malicious SSL Cert (ServHelper CnC)`; flow:from server,established; tls cert serial; ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
TWiki Site Statistics Monthly Site Statistics Data Month WebsTotal WebsViewed Websupdated TopicsTotal TopicsViewed TopicsUpdated Attach ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 16`; dns query; content:`trafficmanager.live`; nocase; isdataat:1,relative; metadata: ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 23`; dns query; content:`akadns.live`; nocase; isdataat:1,relative; metadata: former category ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 18`; dns query; content:`hotmai1.com`; nocase; isdataat:1,relative; metadata: former category ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 17`; dns query; content:`cloudfronts.services`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 24`; dns query; content:`azureedge.today`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 19`; dns query; content:`microsoftonline.services`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 20`; dns query; content:`nsatc.agency`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 21`; dns query; content:`phicdn.world`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 22`; dns query; content:`t msedge.world`; nocase; isdataat:1,relative; metadata: former ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT DarkHydrus DNS Lookup 5`; dns query; content:`onedrive.agency`; nocase; isdataat:1,relative; metadata: former ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats