Last 50 Rule Changes

Results from Main web retrieved at 00:14 (GMT)

alert tcp $HOME NET 80 $EXTERNAL NET 25,445,1500 (msg:`ET TROJAN Win32/BlackCarat XORed (0x77) CnC Checkin`; flow:established,to server; dsize: 800; content: ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor family PCRat/Gh0st CnC traffic (OUTBOUND) 107`; flow:to server,established; dsize: 11; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
Emerging Threats FAQ What is Emerging Threats? Emerging Threats is a division of Proofpoint, Inc. Our primary projects are the Emerging Threats Ruleset, contributed ...
TWiki Site Statistics Monthly Site Statistics Data Month WebsTotal WebsViewed Websupdated TopicsTotal TopicsViewed TopicsUpdated Attach ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links .ATasteOfTWiki view a short introductory presentation on TWiki for beginners .WelcomeGuest starting points on TWiki .TWikiUsersGuide ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL.Kraken.v2 HTTP Pattern`; flow:established,to server; content:`Kraken web request agent/`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ArrobarLoader CnC Checkin M1`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN JavaRAT Requesting Screen Size`; flow:established,to client; dsize:13; content:`SC.OP packet `; depth ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN JavaRAT Requesting Screenshot`; flow:established,to client; dsize: Added 2018 11 07 17:35:38 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN JavaRAT Sending Screen Size`; flow:established,to server; dsize: Added 2018 11 07 17:35:37 UTC
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN JavaRAT Sending Screenshot`; flow:established,to server; dsize: 1000; content:`sc.cap sep `; depth:11 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN JavaRAT Keep Alive (outbound)`; flow:established,to server; dsize:11; content:`PNG packet `; depth:11 ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN JavaRAT Keep Alive (inbound)`; flow:established,to client; dsize:11; content:`PNG packet `; depth:11; ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN JavaRAT CnC Checkin`; flow:established,to server; dsize: Added 2018 11 07 17:35:33 UTC
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN JavaRAT CnC Init Activity`; flow:established,to client; dsize:11; content:`AUT packet `; depth:11; isdataat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 12`; flow:established,to server; content:`POST`; http method; urilen: Added 2018 ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS Lookup M2`; dns query; content:`mypsh.ddns.net`; nocase; fast pattern ...
alert dns $HOME NET any any any (msg:`ET TROJAN APT33/CharmingKitten DDNS Overlap Domain in DNS Lookup M1`; dns query; content:`mynetwork.ddns.net`; nocase; fast ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MICROPSIA CnC Domain)`; flow:from server,established; content:` 16 `; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN APT33/CharmingKitten Encrypted Payload Inbound`; flow:established,from server; content:`200`; http stat ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT33/CharmingKitten Retrieving New Payload (flowbit set)`; flow:established,to server; content:`GET ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Perl/Shellbot.SM IRC CnC Checkin`; flow:established,to server; content:`JOIN`; depth:4; content:`Procesor ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT33/CharmingKitten Shellcode Communicating with CnC`; flow:established,to server; dsize: Added 2018 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN APT33/CharmingKitten JS/HTA Stage 1 CnC Checkin`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BackNet Checkin`; flow:established,to server; content:`POST`; http method; content:`data %7B%22host key ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/Lordix Stealer Exfiltrating Data`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO GET to Puu.sh for TXT File with Minimal Headers`; flow:to server,established; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Possibly Suspicious Request for Putty.exe from Non Standard Download Location`; flow:to server,established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M2`; flow:established,to server; content:`GET`; http method; content ...
#alert tls $EXTERNAL NET 443,4443 $HOME NET any (msg:`ET CURRENT EVENTS Possible Upatre/Dyre/Kegotip SSL Cert Sept 8 2015`; flow:established,from server; content ...
alert icmp $HOME NET any any any (msg:`ET EXPLOIT Possible CVE 2018 4407 Apple ICMP DoS PoC`; itype:12; icode:0; content:`AAAAAAAA`; fast pattern; metadata: former ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BlackTech/PLEAD TSCookie CnC Checkin M1`; flow:established,to server; content:`GET`; http method; content ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Android/GPlayed (sub1 .tdsworker .ru in DNS Lookup)`; dns query; content:`sub1.tdsworker.ru`; isdataat:1 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Zberp receiving config via image file SET`; flow:to server,established; content:`.jpg`; http uri; fast ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert udp $EXTERNAL NET 53 $HOME NET any (msg:`ET TROJAN DNS Reply Sinkhole Anubis 195.22.26.192/26`; byte test:1, ,224,0,relative; content:!` 0e anubisnetworks ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN MSIL/KeyRedirEx Banker Receiving Exit Instruction`; flow:established,from server; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TrueBot/Silence.Downloader Keep Alive`; flow:established,to server; content:`GET`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN MSIL/KeyRedirEx Banker Receiving Redirect/Inject List`; flow:established,from server; content:`200`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Python urllib/ Suspicious User Agent`; flow:established,to server; content:`Python urllib/`; nocase; ...
alert http $EXTERNAL NET any $HOME NET 2375,2376 (msg:`ET POLICY External Host Creating Docker Container`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL/KeyRedirEx Banker Requesting Redirect/Inject List`; flow:established,to server; content:`GET`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TrueBot/Silence.Downloader CnC Checkin`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Suspicious UA Observed (IEhook)`; flow:established,to server; content:`IEhook`; http user agent ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats