EmergingThreats> Main Web>RuleChanges (revision 6)EditAttach

Last 50 Rule Changes

Results from Main web retrieved at 12:37 (GMT)

alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`medsource ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`vtoras ...
alert dns $HOME NET any any any (msg:`ET MALWARE Fake ProtonVPN/AZORult CnC Domain Query`; dns query; content:`accounts.protonvpn.store`; nocase; depth:24; isdataat ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tdreg ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (PHPs Labyrinth Stage1 CnC)`; flow:established,to client; tls cert subject ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tdreg ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`piasuna ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`piastas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`pervas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`vosmas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`tretas ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`devata ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`dolodos ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed PHPs Labyrinth Stage2 CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`semasa ...
alert dns $HOME NET any any any (msg:`ET POLICY Observed DNS Query for Suspicious TLD (.management)`; dns query; content:`.management`; nocase; isdataat:1,relative ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Webhancer Data Post`; flow: to server,established; content:`POST`; nocase; http method; content:`http ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE SurfSidekick Download`; flow: established,to server; content:`/requestimpression.aspx?ver `; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE 180solutions Spyware Keywords Download`; flow: to server,established; content:`GET`; http method; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart CnC)`; flow:from server,established; tls cert subject; content: ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kimsuky Related CnC`; flow:established,to server; content:`GET`; http method; content:`.php?WORD com ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS PHPNuke general SQL injection attempt`; flow: to server,established; content:`/modules ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN VBScript Redirect Style Exe File Download`; flow:to client,established; flowbits:isset,ET.Locky; file ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 12)`; flow:from server,established; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage2 CnC Activity M2`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Suspected Gamaredon Downloader Activity`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mermaid Ransomware Variant CnC Activity M4`; flow:established,to server; content:`GET`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage2 CnC Activity M1`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Charming Kitten Backdoor CnC Activity`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PHPs Labyrinth Backdoor Stage1 CnC Activity`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Onliner Mailer Module Communicating with CnC`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Charming Kitten Backdoor Checkin`; flow:established,to server; content:`POST`; http method; ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:established,from server; content:`traderserviceinfo ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Locky JS Downloading Payload`; flow:to server,established; urilen: Added 2020 02 19 18:51:50 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Powershell Download Command Observed within Flash File Probable EK Activity`; flow:established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M1`; flow:established,from server; content:`200`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET GAMES Wolfteam HileYapak Server Response`; flow:established,from server; content:`200`; http stat code; file ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Dridex AlphaNum DL Feb 10 2016`; flow:established,to server; urilen:1550; content:`MSIE 7.0 3b 20 Windows ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN GanDownloader CnC Checkin`; flow:established,to server; content:` 2f 00 00 00 `; depth:4; http client ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Xwo CnC Activity`; flow:established,to server; content:`POST`; http method; content:`Accept Charset 3a ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (OilRig QUADAGENT CnC)`; flow:from server,established; tls cert subject; content ...
alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Possible Glitch.me Phishing Domain`; dns query; content:`.glitch.me`; nocase; isdataat:1,relative; pcre ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Nexus Stealer CnC Data Exfil`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET MALWARE LNKR landing page (possible compromised site) M5`; flow:established,from server; content:`200`; http ...
Number of topics: 50
Topic attachments
I Attachment Action Size Date Who Comment
Texttxt malurl.txt manage 239.0 K 2018-07-19 - 07:23 UnknownUser  
Edit | Attach | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r6 - 2018-07-19 - TestTest?
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats