50 Recent Changes in Main Web retrieved at 08:50 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible APT40/Dadstache Stage 2 Payload Beacon`; flow:to server,established; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Patchwork APT CnC Beacon 2`; flow:established,to server; content:`GET`; http method; content:`.php?profile ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Evil Eye Android Malware Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Covenant Framework HTTP Beacon`; flow:established,to server; content:`POST`; http method; content:` eyJHVUlEIjoi ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Covenant Framework Default HTTP Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 12`; flow:established,to server; content:`POST`; http method; urilen: Added 2021 ...
#alert tcp any any any any (msg:`ET TROJAN NCSC APT28 CompuTrace Beacon UserAgent`; flow:established; content:` 0d0a TagId 3a `; fast pattern; content: `POST / ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN NCSC XAgent itwm beacon v2`; flow:established,to server; content:` itwm`; fast pattern; pcre:`/ itwm ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN NCSC XAgent itwm beacon v1`; flow:established,to server; content:`/?itwm`; fast pattern; pcre:`/itwm ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN NCSC XAgent Beacon`; flow:established,to server; content:`HTTP/1.1 0d 0a Accept 3a text/html,application ...
alert udp $EXTERNAL NET 53 $HOME NET any (msg:`ET TROJAN CobaltStrike DNS Beacon Response`; content:` 81 80 00 01 00 01 `; depth:6; offset:2; content:` c0 0c 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 11`; flow:established,to server; content:`POST`; http method; content:`/`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Lazarus Downloader (JEUSD) CnC Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Spy.AndroidOS.CrazyMango.a CnC Beacon`; flow:to server,established; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Volexity JS Sniffer Data Theft Beacon Detected`; flow:established,to server; content:`GET` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN eSentire Cobalt Strike Beacon`; flow:established,to server; content:`GET`; http method; content:` 43 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 10`; flow:established,to server; content:`POST`; http method; pcre:`/\/\d \/ ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Elise CnC Beacon 2 M2`; flow:to server,established; content:`POST`; http method; pcre:`/^\/ ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/SchwSonne CnC Beacon M2`; flow:established,to server; content:`C 7c P UID `; depth:8; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Bitter RAT HTTP CnC Beacon M2`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 9`; flow:established,to server; content:`POST`; http method; content:`/`; http ...
alert tcp $HOME NET any $EXTERNAL NET 1024: (msg:`ET TROJAN PTsecurity DorkBot.Downloader CnC Beacon`; flow:established,to server; dsize:170; content:` 45 36 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 8`; flow:established,to server; content:`POST`; http method; content:`/`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Sharik/Smoke CnC Beacon 7`; flow:established,to server; content:`POST`; http method; content:`/`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Vawtrak/NeverQuest CnC Beacon`; flow:established,to server; content:`POST`; http method; content:`.php ...
#alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android JadeRAT CnC Beacon 2`; flow:to server,established; dsize:22; content:`@hi 3a `; depth ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android JadeRAT CnC Beacon`; flow:to server,established; dsize: Added 2021 06 18 18:19:36 UTC ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Dragonfly Backdoor.Goodor Go Implant CnC Beacon 1`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Banker.AndroidOS.RedAlert CnC Beacon`; flow:to server,established; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DarkHotel Downloader CnC Beacon 2`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DarkHotel Downloader CnC Beacon 1`; flow:established,to server; content:`GET`; http method; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Trojan Banker.AndroidOS.Marcher.a CnC Beacon`; flow:to server,established; content:`/inj/injek ...
alert tcp any any any any (msg:`ET TROJAN DPRK HIDDEN COBRA Botnet C2 Host Beacon`; flow:established,to server; content:` 1b 17 e9 e9 e9 e9 `; depth:6; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PLATINUM Dipsind CnC Beacon`; flow:established,to server; content:`POST`; http method; content:`ud7LDjtsTHe2tWeC8DYo8A ...
#alert http $HOME NET any $EXTERNAL NET 443,7080,8080 (msg:`ET TROJAN W32/Emotet CnC Beacon 2`; flow:established,to server; urilen:1; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET 443,7080,8080 (msg:`ET TROJAN W32/Emotet CnC Beacon 1`; flow:established,to server; urilen:1; content:`GET`; http method ...
alert tcp $HOME NET any any any (msg:`ET TROJAN SuperCMD CnC Beacon`; flow:established,to server; content:`windows update `; depth:15; pcre:`/^ A F0 9 \x00/R` ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kazuar CnC Beacon`; flow:established,to server; content:`GET`; http method; content:!`Accept`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible DANDERSPRITZ HTTP Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET 80 (msg:`ET TROJAN Unknown Possibly Ransomware (Dropped by RIG) CnC Beacon`; flow:established,to server; urilen:1; content ...
alert smb $HOME NET any any any (msg:`ET EXPLOIT Possible DOUBLEPULSAR Beacon Response`; flow:from server,established; content:` 00 00 00 23 ff SMB2 02 00 00 c0 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Mole Ransomware CnC Beacon`; flow:established,to server; content:`POST`; http method; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Turla Carbon Paper CnC Beacon (Fake User Agent)`; flow:established,to server; content:`GET` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Felismus CnC Beacon 2`; flow:established,to server; content:`POST`; http method; content:`/products.php ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Felismus CnC Beacon 1`; flow:established,to server; content:`GET`; http method; content:`.php?V `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Red Leaves HTTP CnC Beacon (APT10 implant)`; flow:established,to server; content:`POST`; http method ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android Trojan Pegasus CnC Beacon M2`; flow:to server,established; content:`GET`; http method ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android Trojan Pegasus CnC Beacon`; flow:to server,established; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE C2P.Qdc Ransomware CnC Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MagikPOS CnC Beacon`; flow:established,to server; content:`POST`; http method; content:`/api/?act in ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats