50 Recent Changes in Main Web retrieved at 07:06 (GMT)

#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Netgear DGN1000/DGN2200 Unauthenticated Command Execution Inbound`; flow:established,to server; content ...
#alert udp $HOME NET any $HOME NET 7 (msg:`ET DELETED Ryuk Wake on LAN Packet Observed`; dsize: \x00 \xff {6})(?P mac addr){2,}$/R`; reference:url,www.crowdstrike ...
#alert dns $HOME NET any any any (msg:`ET DELETED Unk/LNKR CnC Domain Observed in DNS Query`; dns query; content:`cdn javascript.net`; nocase; isdataat:1,relative ...
#alert tcp any any any any (msg:`ET EXPLOIT Possible VXWORKS Urgent11 RCE Attempt Urgent Flag`; flags:U ; reference:url,armis.com/urgent11; reference:cve,2019 ...
#alert udp $HOME NET any any 53 (msg:`ET DNS Query for .co TLD`; content:` 01 `; offset:2; depth:1; content:` 00 01 00 00 00 00 00 `; distance:1; within:7; content ...
#alert dns $HOME NET any any any (msg:`ET CURRENT EVENTS Brushaloader Domain in DNS Lookup 2019 05 30`; dns query; content:`canasikos.info`; nocase; isdataat:1 ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC) 2019 05 30`; flow:established,to client; tls cert subject ...
#alert tcp any any $HOME NET 445 (msg:`ET POLICY Executable Transfer in SMB`; flow:established,to server; content:`SMB`; depth:8; content:`MZ`; distance:0; content ...
#alert tcp any any $HOME NET any (msg:`ET NETBIOS DCERPC DCOM ShellExecute Likely Lateral Movement`; flow:established,to server; content:` 00 S 00 h 00 e 00 l ...
#alert tcp any any $HOME NET 445 (msg:`ET POLICY Net View Command in SMB Traffic Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8 ...
#alert tcp any any $HOME NET 445 (msg:`ET POLICY Net View Command in SMB Traffic Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8 ...
#alert tcp any any $HOME NET 445 (msg:`ET POLICY Command Shell Activity Over SMB Possible Lateral Movement`; flow:established,to server; content:`SMB`; depth ...
#alert tcp any any $HOME NET 445 (msg:`ET POLICY Powershell Activity Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
#alert tcp any any $HOME NET any (msg:`ET NETBIOS DCERPC WMI Remote Process Execution`; flow:to server,established; dce iface:00000143 0000 0000 c000 000000000046 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED Delphi APT28 Zebrocy/Zekapab Reporting to CnC`; flow:established,to server; content:`POST`; http method ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader Domain)`; flow:from server,established; tls cert subject; content ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader Domain)`; flow:from server,established; tls cert subject; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Phish (set) 2018 10 10`; flow:established,to server; content:`POST`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Locky Payload DL Sept 26 2017 M4`; flow:established,to server; urilen: 6; pcre:`/^ ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Locky Payload DL Sept 26 2017 M3`; flow:established,to server; urilen: 6; content: ...
#alert tcp any any any any (msg:`ET TROJAN NCSC APT28 CompuTrace Beacon UserAgent`; flow:established; content:` 0d0a TagId 3a `; fast pattern; content: `POST / ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Phish (set) 2018 08 27`; flow:established,to server; content:`POST`; http ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Underminer EK Plugin Check`; flow:established,to client; content:`Cache Control 3a 20 private 3b 20 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Underminer EK Flash Exploit`; flow:established,to client; file data; content:`D27CDB6E AE6D ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Possible ModSecurity 3.0.0 Cross Site Scripting`; flow:established,from server; file data; content ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 3`; flow:established ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 2`; flow:established ...
#alert tcp $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SPECIFIC APPS ELF file magic encoded Base64 Inbound Web Servers Likely Command Execution 1`; flow:established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Docusign Phishing Landing 2018 05 01`; flow:established,to client; file data; content:` DocuSlgn ...
#alert tcp $EXTERNAL NET !$HTTP PORTS $HOME NET any (msg:`ET TROJAN PTsecurity Ursnif Socks5 Proxy Connection`; flow:established,from server; flowbits:isset ...
#alert tcp $HOME NET any $EXTERNAL NET !$HTTP PORTS (msg:`ET TROJAN PTsecurity Ursnif Socks Proxy Check in`; flow:established,to server; stream size:server, ...
#alert tcp $EXTERNAL NET 139,445 $HOME NET any (msg:`ET CURRENT EVENTS CERTEGO Possible JScript Coming Over SMB v2`; flow:established,from server; content:` FE ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Google Docs Phishing Landing 2018 02 15`; flow:established,to client; file data; content:` Added ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Fidelis Abnormal Very Long x509v3 SubjectKeyIdentifier Extension`; flow:established,from server; dsize ...
#alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Fidelis Abnormal x509v3 SubjectKeyIdentifier extension`; flow:established,from server; dsize: 768; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M8`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M7`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M6`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M5`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M4`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M3`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M2`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing July 07 2016 M1`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino EK Landing Jul 04 2016 M3`; flow:established,from server; content:`Server 3a 20 nginx ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino EK Landing Jul 04 2016 M2`; flow:established,from server; content:`Server 3a 20 nginx ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino EK Landing Jul 04 2016 M1`; flow:established,from server; content:`Server 3a 20 nginx ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing June 11 2016 M4 (with URI Primer)`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing June 11 2016 M3`; flow:established,from server; content:`Server 3a ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing June 11 2016 M2`; flow:established,from server; content:`nginx`; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Job314/Neutrino Reboot EK Landing June 11 2016 M2`; flow:established,from server; content:`nginx`; ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats