50 Recent Changes in Main Web retrieved at 21:56 (GMT)

alert http any any $HOME NET any (msg:`ET ATTACK RESPONSE Windows SCM DLL Hijack Script (UTF 16) Inbound via HTTP M3`; flow:established,from server; content:`200 ...
alert tcp any any $HOME NET 135 (msg:`ET NETBIOS DCERPC SVCCTL Remote Service Control Manager Access`; flow:established,to server; content:` 00 00 00 00 00 00 ...
alert http any any $HOME NET any (msg:`ET ATTACK RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M3`; flow:established,from server; content:`200`; http ...
alert http any any $HOME NET any (msg:`ET ATTACK RESPONSE Windows SCM DLL Hijack Command (UTF 16) Inbound via HTTP M2`; flow:established,from server; content:`200 ...
alert http any any $HOME NET any (msg:`ET ATTACK RESPONSE Windows SCM DLL Hijack Command (UTF 16) Inbound via HTTP M1`; flow:established,from server; content:`200 ...
alert http any any $HOME NET any (msg:`ET ATTACK RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M2`; flow:established,from server; content:`200`; http ...
alert http any any $HOME NET any (msg:`ET ATTACK RESPONSE Windows SCM DLL Hijack Command Inbound via HTTP M1`; flow:established,from server; content:`200`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish Jan 14 2016`; flow:established,to client; flowbits:isset,ET ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN PTsecurity Possible Cobalt Strike payload`; flow:established,from server; content:`200`; http stat ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (encrypted message .cloud)`; dns query; content:`encrypted message.cloud` ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (internal message .app)`; dns query; content:`internal message.app`; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (secured mail .online)`; dns query; content:`secured mail.online`; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (encrypt email .online)`; dns query; content:`encrypt email.online`; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (secure message .online)`; dns query; content:`secure message.online`; nocase ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (microsoftonline secure login .com)`; dns query; content:`microsoftonline ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (wipro365 .com)`; dns query; content:`wipro365.com`; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN Unattributed CnC Domain in DNS Lookup (xsecuremail .com)`; dns query; content:`xsecuremail.com`; nocase; isdataat ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Unattributed CnC)`; flow:from server,established; tls cert subject; content ...
alert dns $HOME NET any any any (msg:`ET MOBILE MALWARE Windows Phone PUA.Redpher (myservicessapps .com in DNS Lookup)`; dns query; content:`myservicessapps.com ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS ESET Installer`; flow:established,to server; content:`ESET Installer`; http user agent; depth:14 ...
alert dns $HOME NET any any any (msg:`ET TROJAN DonotGroup CnC Domain in DNS Lookup (drinkeatgood .space)`; dns query; content:`drinkeatgood.space`; nocase; isdataat ...
alert dns $HOME NET any any any (msg:`ET TROJAN DonotGroup CnC Domain in DNS Lookup (drivethrough .top)`; dns query; content:`drivethrough.top`; nocase; isdataat ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Observed SSL Cert (URL Shortener Service tiny .cc)`; flow:from server,established; tls cert subject ...
alert dns $HOME NET any any any (msg:`ET POLICY URL Shortener Service Domain in DNS Lookup (tiny .cc)`; dns query; content:`tiny.cc`; nocase; isdataat:1,relative ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS JS Obfuscation Possible Phishing 2016 03 01`; flow:from server,established; content:`200`; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Outbound POST Request with Base64 ps PowerShell Command Output M3`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Outbound POST Request with Base64 ps PowerShell Command Output M2`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Outbound POST Request with Base64 ps PowerShell Command Output M1`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Outbound POST Request with ps PowerShell Command Output`; flow:established,to server; content:`POST` ...
alert dns $HOME NET any any any (msg:`ET TROJAN DustySky/Gaza Cybergang Group1 CnC Domain in DNS Lookup (dji msi .2waky .com)`; dns query; content:`dji msi.2waky ...
alert dns $HOME NET any any any (msg:`ET TROJAN DustySky/Gaza Cybergang Group1 CnC Domain in DNS Lookup (time loss .dns05 .com)`; dns query; content:`time loss ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO HTTP Request with Double Cache Control`; flow:established,to server; content:`Cache Control 3a 20 no cache ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Possible WMI .mof Managed Object File Use Over SMB`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Possible WMI .mof Managed Object File Use Over SMB`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Possible Powershell .ps1 Script Use Over SMB`; flow:established,to server; content:`SMB`; depth:8; content:` 00 ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Possible Powershell .ps1 Script Use Over SMB`; flow:established,to server; content:`SMB`; depth:8; content:`.ps1 ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Powershell Activity Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET any (msg:`ET POLICY WMIC WMI Request Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET any (msg:`ET POLICY WMIC WMI Request Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET any (msg:`ET POLICY WMIC WMI Request Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET any (msg:`ET POLICY WMIC WMI Request Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert smb any any $HOME NET 445 (msg:`ET POLICY Powershell Activity Over SMB Likely Lateral Movement`; flow:established,to server; content:`SMB`; depth:8; content ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Explorer Shell CLSID COM Object Call Method Inbound via TCP`; flow:established,from server; content:`explorer ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Tech Support Scam Landing M2 2019 04 15`; flow:established,from server; content:`200`; http stat ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats