Last 50 Rule Changes

Results from Main web retrieved at 21:54 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBS Dunihi/Houdini/H Worm Checkin UA`; flow:to server,established; content:` 3c 7c 3e `; http user agent ...
alert dns $HOME NET any any any (msg:`ET POLICY Disposable Email Provider Domain in DNS Lookup (www .yopmail .com)`; dns query; content:`www.yopmail.com`; nocase ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Proyecto RAT Variant Yopmail Stage 2 CnC Retrieval`; flow:established,from server; flowbits:isset,ET ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Proyecto RAT Variant Yopmail Login attempt (set)`; flow:established,to server; flowbits:set,ET.Proyecto ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Ketrican CnC Activity`; flow:to server,established; content:`POST`; http method; content:`.aspx ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Blacknix CnC Heartbeat`; flow:to server,established; dsize:15; content:` 7c 78 01 `; offset:2; depth ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Blacknix CnC Checkin`; flow:to server,established; dsize:200300; content:` 32 `; depth:1; content ...
TWiki Site Statistics Monthly Site Statistics Data Month WebsTotal WebsViewed Websupdated TopicsTotal TopicsViewed TopicsUpdated Attach ...
alert dns $HOME NET any any any (msg:`ET TROJAN Gamaredon CnC Domain in DNS Lookup`; dns query; content:`kotl.space`; nocase; depth:10; isdataat:1,relative; metadata ...
alert http $EXTERNAL NET any any any (msg:`ET EXPLOIT Possible Palo Alto SSL VPN sslmgr Format String Vulnerability (Inbound)`; flow:to server,established; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN Gamaredon CnC Domain in DNS Lookup`; dns query; content:`gamework.ddns.net`; nocase; depth:17; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN Gamaredon CnC Domain in DNS Lookup`; dns query; content:`clsass.ddns.net`; nocase; depth:15; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN Gamaredon CnC Domain in DNS Lookup`; dns query; content:`workan.ddns.net`; nocase; depth:15; isdataat:1,relative ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:B5 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:9C ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:B2 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:CB ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible IE Scripting Engine Memory Corruption Vulnerability (CVE 2019 0752)`; flow:established,from ...
alert dns $HOME NET any any any (msg:`ET TROJAN SLUB Domain in DNS Lookup`; dns query; content:`toni132.pen.io`; nocase; depth:14; isdataat:1,relative; metadata ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:B7 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:D2 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:B0 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN SSL/TLS Certificate Observed (StrongPity)`; flow:established,to client; tls cert serial; content:`00:82 ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Atlassian JIRA Template Injection RCE (CVE 2019 11581)`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Atlassian Crowd Plugin Upload Attempt (CVE 2019 11580)`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC GET`; flow:to server,established; urilen: 40; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Command Response`; flow:from server,established; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC POST`; flow:to server,established; urilen: 40; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Godlua Backdoor Downloading Encrypted Lua`; flow:established,to server; content:`GET`; http method; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Observed OSX/PremierOpinionD Collection Domain in TLS SNI`; flow:established,to server; tls sni; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Possible APT Sarhurst/Husar/Hussarini/Hassar CnC Check Response`; flow:from server,established; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Python urllib/ Suspicious User Agent`; flow:established,to server; content:`Python urllib/`; nocase; ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Observed Cloudflare DNS over HTTPS Domain (cloudflare dns .com in TLS SNI)`; flow:established,to server ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS Appointment Hour Booking WordPress Plugin Stored XSS (CVE 2019 13505)`; flow:established ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN eCh0raix/QNAPCrypt Successful Server Response`; flow:established,from server; flowbits:isset,ET.QNAPCrypt ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN eCh0raix/QNAPCrypt CnC Activity Done`; flow:established,to server; content:`GET`; http method; content ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN eCh0raix/QNAPCrypt Requesting Key/Wallet/Note`; flow:established,to server; flowbits:isset,ET.Socks5.OnionReq ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN eCh0raix/QNAPCrypt CnC Activity Started`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Amadey CnC Check In`; flow:established,to server; content:`POST`; http method; content:`.php`; http uri ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Successful Generic Miarroba Phish 2019 07 11`; flow:from server,established; flowbits:isset,ET ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Socks5 Proxy to Onion (set)`; flow:established,to server; flowbits:set,ET.Socks5.OnionReq; content:` 05 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible Zoom Client Auto Join (CVE 2019 13450)`; flow:established,to client; file data; content:`localhost ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Unk.VBScript Requesting Instruction from CnC`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Unk Retreiving Malicious VBScript`; flow:established,to server; content:`GET`; http method; content ...
#alert tls $EXTERNAL NET 443 $HOME NET any (msg:`ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Quakbot CnC)`; flow:established,from server ...
alert dns $HOME NET any any any (msg:`ET TROJAN Inter Skimmer CnC Domain in DNS Lookup`; dns query; content:`jsreload.pw`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN Inter Skimmer CnC Domain in DNS Lookup`; dns query; content:`jquery stats.com`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN Inter Skimmer CnC Domain in DNS Lookup`; dns query; content:`routingzen.com`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN Inter Skimmer CnC Domain in DNS Lookup`; dns query; content:`tracker visitors.com`; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN Inter Skimmer CnC Domain in DNS Lookup`; dns query; content:`jquery web.com`; nocase; isdataat:1,relative; metadata ...
Number of topics: 50
Topic revision: r7 - 2018-07-19 - PhilSchroeder
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats