EmergingThreats> Main Web>RuleChanges (revision 3)EditAttach

Last 50 Rule Changes

Results from Main web retrieved at 12:51 (GMT)

alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`medsource ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tdreg ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tretas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`piastas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`pervas ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)`; flow:established,to client; tls cert subject ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`vosmas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`vtoras ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`semasa ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tdreg ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`devata ...
alert dns $HOME NET any any any (msg:`ET MALWARE Fake ProtonVPN/AZORult CnC Domain Query`; dns query; content:`accounts.protonvpn.store`; nocase; depth:24; isdataat ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`dolodos ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`piasuna ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN VBScript Redirect Style Exe File Download`; flow:to client,established; flowbits:isset,ET.Locky; file ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE SurfSidekick Download`; flow: established,to server; content:`/requestimpression.aspx?ver `; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE 180solutions Spyware Keywords Download`; flow: to server,established; content:`GET`; http method; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Webhancer Data Post`; flow: to server,established; content:`POST`; nocase; http method; content:`http ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert dns $HOME NET any any any (msg:`ET POLICY Observed DNS Query for Suspicious TLD (.management)`; dns query; content:`.management`; nocase; isdataat:1,relative ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS PHPNuke general SQL injection attempt`; flow: to server,established; content:`/modules ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kimsuky Related CnC`; flow:established,to server; content:`GET`; http method; content:`.php?WORD com ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage2 CnC Activity M2`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mermaid Ransomware Variant CnC Activity M4`; flow:established,to server; content:`GET`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage1 CnC Activity`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Charming Kitten Backdoor CnC Activity`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Suspected Gamaredon Downloader Activity`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage2 CnC Activity M1`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Charming Kitten Backdoor Checkin`; flow:established,to server; content:`POST`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Nexus Stealer CnC Data Exfil`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN GanDownloader CnC Checkin`; flow:established,to server; content:` 2f 00 00 00 `; depth:4; http client ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Possible Glitch.me Phishing Domain`; dns query; content:`.glitch.me`; nocase; isdataat:1,relative; pcre ...
alert http $EXTERNAL NET any $HOME NET 9080 (msg:`ET EXPLOIT Possible LG SuperSign EZ CMS 2.5 RCE (CVE 2018 17173)`; flow:established,to server; content:`GET`; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Powershell Download Command Observed within Flash File Probable EK Activity`; flow:established ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MICROPSIA CnC Domain)`; flow:from server,established; tls cert subject; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M3`; flow:established,from server; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Xwo CnC Activity`; flow:established,to server; content:`POST`; http method; content:`Accept Charset 3a ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M5`; flow:established,from server; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M1`; flow:established,from server; content:`200`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Locky JS Downloading Payload`; flow:to server,established; urilen: Added 2020 02 19 18:51:50 ...
alert dns $HOME NET any any any (msg:`ET TROJAN Spark Backdoor CnC Domain Query`; dns query; content:`nysura.com`; nocase; depth:10; isdataat:1,relative; metadata ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET GAMES Wolfteam HileYapak Server Response`; flow:established,from server; content:`200`; http stat code; file ...
Number of topics: 50
Edit | Attach | Print version | History: r7 | r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 2013-04-19 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats