50 Recent Changes in Main Web retrieved at 20:41 (GMT)

alert dns $HOME NET any any any (msg:`ET TROJAN DonotGroup CnC Observed in DNS Query`; dns query; content:`full.devinelive.top`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET TROJAN DonotGroup CnC Observed in DNS Query`; dns query; content:`suport.worldupdate.site`; nocase; isdataat:1,relative ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (DonotGroup CnC)`; flow:from server,established; tls cert subject; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TransparentTribe APT Maldoc CnC Checkin`; flow:established,to server; content:`POST`; http method; content ...
alert http any any $HOME NET any (msg:`ET TROJAN Possible Tunna Proxy Closing Connection`; flow:established,from server; content:`200`; http stat code; file data ...
alert http any any $HOME NET any (msg:`ET TROJAN Possible Tunna Proxy Activity (Response)`; flow:established,from server; content:`200`; http stat code; file data ...
alert http $HOME NET any any any (msg:`ET TROJAN Suspected Tunna Proxy M4 (Outbound)`; flow:established,to server; content:`POST`; http method; content:`?proxy ...
alert http $HOME NET any any any (msg:`ET TROJAN Suspected Tunna Proxy M3 (Outbound)`; flow:established,to server; content:`POST`; http method; content:`?proxy ...
alert http $HOME NET any any any (msg:`ET TROJAN Suspected Tunna Proxy M2 (Outbound)`; flow:established,to server; content:`POST`; http method; content:`?proxy ...
alert http $HOME NET any any any (msg:`ET TROJAN Suspected Tunna Proxy M1 (Outbound)`; flow:established,to server; content:`GET`; http method; content:`?proxy port ...
alert http $HOME NET any any any (msg:`ET TROJAN Possible Tunna Proxy Closing Connection`; flow:established,from server; content:`200`; http stat code; file data ...
alert http $HOME NET any any any (msg:`ET TROJAN Possible Tunna Proxy Activity (Response)`; flow:established,from server; content:`200`; http stat code; file data ...
alert http any any $HOME NET any (msg:`ET TROJAN Suspected Tunna Proxy M4`; flow:established,to server; content:`POST`; http method; content:`?proxy close`; http ...
alert http any any $HOME NET any (msg:`ET TROJAN Suspected Tunna Proxy M3`; flow:established,to server; content:`POST`; http method; content:`?proxy port `; http ...
alert http any any $HOME NET any (msg:`ET TROJAN Suspected Tunna Proxy M2`; flow:established,to server; content:`POST`; http method; content:`?proxy file upload ...
alert http any any $HOME NET any (msg:`ET TROJAN Suspected Tunna Proxy M1`; flow:established,to server; content:`GET`; http method; content:`?proxy port `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Observed Suspicious UA (Absent)`; flow:established,to server; content:`Absent`; http user agent ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MALWARE Possible TransparentTribe APT CnC Activity`; flow:established,to server; content:`POST`; http method ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Sidewinder CnC)`; flow:established,from server; tls cert serial; content ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN TGI BlackRAT Checkin Response`; flow:established,to client; content:` 2c 20 Version `; content:`BlackRAT ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TGI BlackRAT Checkin`; flow:established,to server; content:`Clientx 2c 20 Version `; fast pattern; content ...
alert smtp any any $SMTP SERVERS any (msg:`ET EXPLOIT Possible EXIM RCE Inbound (CVE 2019 15846)`; flow:established,to server; content:` 16 `; depth:1; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET WEB CLIENT PirateBay Phish Possibly PirateMatryoshka Related`; flow:established,from server; content:`200 ...
alert dns $HOME NET any any any (msg:`ET TROJAN Observed DNS Query for MageCart Data Exfil Domain`; dns query; content:`jquery js.com`; nocase; isdataat:1,relative ...
alert dns $HOME NET any any any (msg:`ET TROJAN Observed DNS Query for MageCart Data Exfil Domain`; dns query; content:`g analytics.com`; nocase; depth:15; isdataat ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)`; flow:from server,established; tls cert serial; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)`; flow:from server,established; tls cert serial; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)`; flow:from server,established; tls cert serial; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (StrongPity Domain)`; flow:from server,established; tls cert serial; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (APT29)`; flow:from server,established; tls cert subject; content:`CN pandorasong ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (Ursnif Inject Domain)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 5 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 4 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 3 Staging Domain)`; flow:from server,established; tls cert ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (MageCart Group 1/2 Staging Domain)`; flow:from server,established; tls cert ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Fake FlashPlayer Update Leading to CoinMiner M2 2018 10 12`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET WEB CLIENT Fake FlashPlayer Update Leading to CoinMiner M1 2018 10 12`; flow:established,to server; content ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats