50 Recent Changes in Main Web retrieved at 07:02 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DirectsX CnC Checkin`; flow:established,to server; content:`GET`; http method; content:`AAAAAAAAAAAAAA ...
alert dns $HOME NET any any any (msg:`ET TROJAN Cayosin/Mirai CnC Domain in DNS Lookup`; dns query; content:`hostnamepxssy.club`; nocase; isdataat:1,relative; metadata ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS SFML User Agent (libsfml network) `; flow:established,to server; content:`libsfml network/`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M4`; flow:established,to server; content:`GET`; http method; content:`/sd/?c ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M3`; flow:established,to server; content:`GET`; http method; content:`/?campid ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M2`; flow:established,to server; content:`GET`; http method; content:`/hyllkjit ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN OSX/Shlayer CnC Activity M1`; flow:established,to server; content:`GET`; http method; content:`/?b9zd1 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Suspicious CVV Parameter in HTTP POST Possible Phishing`; flow:established,to server; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Suspicious SSN Parameter in HTTP POST Possible Phishing`; flow:established,to server; content:`POST ...
Emerging Threats Rule Documentation Wiki This wiki contains all current rules, added as each is put into the main ruleset. UserDocs AllRulesets EmergingFAQ ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET MOBILE MALWARE Android/Xnore Fake Facebook Login Credentials Collected`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Possible Astaroth User Agent Observed`; flow:established,to server; content:`Mozilla/4.0 (compatible ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) 2019 02 13`; flow:to server,established; content:`POST ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Remcos RAT Checkin 84`; flow:established,to server; dsize: Added 2019 02 13 16:58:14 UTC
alert tls $HOME NET any $EXTERNAL NET 443 (msg:`ET TROJAN BrushaLoader CnC Domain in SNI`; flow:to server,established; tls sni; content:`traderserviceinfo.info ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:established,from server; content:`traderserviceinfo ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY Outdated Flash Version M2`; flow:established,to server; content:`X Requested With 3a 20 ShockwaveFlash ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Suspicious User Agent (SomeTimes)`; flow:established,to server; content:`SomeTimes`; http user agent ...
alert tls $HOME NET any $EXTERNAL NET 443 (msg:`ET POLICY IP Logger Redirect Domain in SNI`; flow:to server,established; tls sni; content:`maper.info`; isdataat ...
alert tls $HOME NET any $EXTERNAL NET 443 (msg:`ET POLICY Known External IP Lookup Service Domain in SNI`; flow:to server,established; tls sni; content:`whatismyipaddress ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic .EDU.BR Phish (Legit Set)`; flow:to server,established; content:`.edu.br` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic .EDU.CO Phish (Legit Set)`; flow:to server,established; content:`.edu.co` ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed CDC Ransomware User Agent`; flow:established,to server; content:`NCDC 19 PoS`; http user agent ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET POLICY External IP Address Lookup via iplocation.com`; flow:established,to server; tls sni; content:`iplocation ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO Possible EXE Download From Suspicious TLD (.icu) set`; flow:established,to server; content:`.icu`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET INFO HTTP POST Request to Suspicious .icu domain`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish to .icu Domain 2019 02 06`; flow:established,to server; flowbits ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Credentials Sent to Suspicious TLD via HTTP GET`; flow:to server,established; content ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Peppy/KeeOIL User Agent (ekeoil)`; flow:established,to server; content:`ekeoil/`; http user agent ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Peppy/KeeOIL Google Connectivity Check`; flow:established,to server; content:`GET`; http method; urilen ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Peppy/KeeOIL Google User Agent (google/dance)`; flow:established,to server; content:`google/dance ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Observed External IP Lookup SSL Cert`; flow:from server,established; content:` 0e iplocation.com`; nocase ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS AppControls.com User Agent`; flow:established,to server; content:`AutoUpgrader component (AppControls ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS AppControls.com User Agent`; flow:established,to server; content:`auHTTP component (AppControls ...
alert smb any any $HOME NET any (msg:`ET POLICY Possible winexe over SMB Possible Lateral Movement`; flow:to server,established; content:` ff SMB`; offset:4; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Cayosin Botnet User Agent Observed M2`; flow:established,to server; content:`Cock/2.0`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET USER AGENTS Cayosin Botnet User Agent Observed M1`; flow:established,to server; content:`Cayosin/2.0`; http ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY User Agent (Launcher)`; flow: to server,established; content:`Launcher`; http user agent; nocase; reference ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/TinyNuke CnC Checkin`; flow:established,to server; content:`POST`; http method; content:!` `; http ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (APT32 CnC)`; flow:from server,established; tls cert subject; content:`CN ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (APT32 CnC)`; flow:from server,established; tls cert subject; content:`CN ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (APT32 CnC)`; flow:from server,established; tls cert subject; content:`CN ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (APT32 CnC)`; flow:from server,established; tls cert subject; content:`CN ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats