50 Recent Changes in Main Web retrieved at 19:13 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/AZORult V3.2 Client Checkin M3`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/AZORult V3.2 Client Checkin M2`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/AZORult V3.2 Client Checkin M1`; flow:established,to server; content:`POST`; http method; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MINEBRIDGE/MINEDOOR CnC)`; flow:from server,established; tls cert subject ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (APT34 CnC)`; flow:from server,established; tls cert subject; content:`CN ...
alert dns $HOME NET any any any (msg:`ET TROJAN DonotGroup CnC Observed in DNS Query`; dns query; content:`mangasiso.top`; nocase; isdataat:1,relative; classtype ...
alert dns $HOME NET any any any (msg:`ET TROJAN Possible Winnti DNS Lookup`; dns query; content:`.dnslookup.services`; nocase; isdataat:1,relative; reference:url ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DADJOKE/Rail Tycoon Initial Macro Execution`; flow:to server,established; content:`GET`; http method ...
#alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET TROJAN Wordpress Errorcontent CnC Beacon`; flow:to server,established; content:`GET`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN JavaScriptBackdoor HTTP POST CnC Beacon`; flow:established,to server; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Linux.Mumblehard Initial Checkin`; flow:to server,established; urilen:1; content:`GET`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Dridex POST Retrieving Second Stage`; flow:established,to server; content:`Host 3a 20 `; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN HB Banker16 Get`; flow:to server,established; content:`GET`; http method; content:`Content Type 3a 20 ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET DOS HOIC with booster inbound`; flow:to server,established; content:`GET`; http method; content:`If Modified ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET DOS HOIC with booster outbound`; flow:to server,established; content:`GET`; http method; content:`If Modified ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN EUPUDS.A Requests for Boleto replacement `; flow:established,to server; urilen:10; pcre:`/^ a f0 9 {8 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Dyreza RAT Fake Server Header`; flow:established,to client; content:`Server 3a 20 Stalin`; http header ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN BTQP Checkin 2`; flow:established,to server; content:`GET`; http method; content:`.asp?IDPC `; fast pattern ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Unknown Trojan with Fake Java User Agent`; flow:established,to server; content:`Java/`; http user agent ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN OneLouder EXE download possibly installing Zeus P2P`; flow:to client,established; flowbits:isset,ET ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN possible OneLouder header structure`; flow:to server,established; content:`Mozilla/4.0 (compatible 3b ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Gamut Spambot Checkin 2`; flow:established,to server; urilen:6; content:`POST`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Gamut Spambot Checkin`; flow:established,to server; content:`file SenderClient.conf`; http uri; nocase ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32.Popwin Checkin`; flow:to server,established; content:`/soft/xiaomi`; fast pattern; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Almanahe.B Checkin`; flow:to server,established; urilen:1; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE W32/BettrExperience.Adware Update Checkin`; flow:established,to server; content:`/Check.ashx?`; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE W32/BettrExperience.Adware POST Checkin`; flow:established,to server; content:`POST`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET 9008 (msg:`ET MOBILE MALWARE Android/HeHe.Spy getLastVersion CnC Beacon`; flow:established,to server; content:`POST`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Liftoh.Downloader Final.html Payload Request`; flow:established,to server; content:`GET`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE KorBanker Fake Banking App Install CnC Beacon`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Styx EK SilverLight Payload`; flow:established,to server; urilen:19; content:`/1`; depth ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN VBS.ayr CnC command (is enum folder)`; flow:established,to server; content:`POST`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Avatar RootKit Yahoo Group Search`; flow:to server,established; content:`/search?query `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN FortDisco Reporting Status`; flow:established,to server; content:`POST`; http method; content:`/cmd.php ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET WEB SERVER WebShell GODSpy MySQL`; flow:established,to server; content:`dbhost `; http client body; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS CoolEK Payload Download (9)`; flow:established,to server; content:`.txt?f `; fast pattern; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN WEBC2 CLOVER Checkin APT1 Related`; flow:established,to server; content:`/Default.asp`; http uri; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ProxyBox HTTP CnC POST 1 letter.php`; flow:established,to server; urilen:6; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TDS Sutra cookie set`; flow:established,to client; content:!`302`; http stat code; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TDS Sutra redirect received`; flow:established,to client; content:`302`; http stat code; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TDS Sutra cookie set`; flow:established,to client; content:!`302`; http stat code; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TDS Sutra redirect received`; flow:established,to client; content:`302`; http stat code; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Kelihos/Hlux GET jucheck.exe from CnC`; flow:established,to server; content:`/jucheck.exe`; http uri ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Backdoor.Win32.RShot HTTP Checkin`; flow:established,to server; content:`POST`; http method; content ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats