50 Recent Changes in Main Web retrieved at 11:15 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mermaid Ransomware Variant CnC Activity M3`; flow:established,to server; content:`GET`; http method; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mermaid Ransomware Variant CnC Activity M2`; flow:established,to server; urilen: 50; content:`GET`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Mermaid Ransomware Variant CnC Activity M1`; flow:established,to server; content:`GET`; http method; ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN ELF/Muhstik IRC CnC Checkin`; flow:established,to server; dsize: Added 2020 01 23 19:24:37 UTC
alert http $EXTERNAL NET any $HOME NET any (msg:`ET SCAN Tomato Router Default Credentials (root:admin)`; flow:to server,established; content:`GET`; http method ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET SCAN Tomato Router Default Credentials (admin:admin)`; flow:to server,established; content:`GET`; http method ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (BrushaLoader CnC)`; flow:from server,established; tls cert subject; content ...
alert dns $HOME NET any any any (msg:`ET TROJAN Gamaredon CnC Observed in DNS Query`; dns query; content:`masseffect.space`; nocase; isdataat:1,relative; metadata ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN PPI User Agent (InstallCapital)`; flow:to server,established; content:`User Agent 3a 20 InstallCapital ...
alert dns $HOME NET any any any (msg:`ET TROJAN ELF/Rekoobe CnC Observed in DNS Query`; dns query; content:`huawel.site`; nocase; isdataat:1,relative; metadata ...
alert dns $HOME NET any any any (msg:`ET POLICY Website Hosting Service Observed in DNS Query`; dns query; content:`dynapps.be`; nocase; isdataat:1,relative; metadata ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (ELF/Rekoobe CnC)`; flow:from server,established; content:` 16 `; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Thanatos Ransomware Variant Pico User Agent`; flow:established,to server; content:`Mozilla/5 ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Malicious SSL Cert (Magecart)`; flow:from server,established; tls cert subject; content:`CN jquerysmartstack ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Magecart CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`jquerysmartstack ...
alert dns $HOME NET any any any (msg:`ET TROJAN Magecart CnC Domain Observed in DNS Query`; dns query; content:`jquerysmartstack.com`; nocase; isdataat:1,relative ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Malicious SSL Cert (Magecart)`; flow:from server,established; tls cert subject; content:`CN jqueryextplugin ...
alert tls $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Observed Magecart CnC Domain in TLS SNI`; flow:established,to server; tls sni; content:`jqueryextplugin ...
alert dns $HOME NET any any any (msg:`ET TROJAN Magecart CnC Domain Observed in DNS Query`; dns query; content:`jqueryextplugin.com`; nocase; isdataat:1,relative ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET POLICY HTTP Request to IP Logging Service (2no .co)`; flow:established,to server; content:`2no.co`; depth:6 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Satan/5ss5c Ransomware CnC Activity`; flow:established,to server; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Nexus Stealer CnC Data Exfil`; flow:established,to server; content:`POST`; http method; content:`.php ...
alert dns $HOME NET any any any (msg:`ET TROJAN MageCart CnC Domain Observed in DNS Query`; dns query; content:`jqueryextplugin.com`; nocase; isdataat:1,relative ...
alert http any any $HTTP SERVERS any (msg:`ET EXPLOIT Possible Citrix Application Delivery Controller Arbitrary Code Execution Attempt (CVE 2019 19781)`; flow:established ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DADJOKE/Rail Tycoon Payload Execution`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DADJOKE/Rail Tycoon Payload Extraction`; flow:to server,established; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN DADJOKE/Rail Tycoon Initial Macro Execution`; flow:to server,established; content:`GET`; http method ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (AZORult CnC)`; flow:established,to client; tls cert subject; content:`CN ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Malicious SSL Cert (AZORult CnC)`; flow:established,to client; tls cert subject; content:`CN ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Nemty Ransomware Payment Page ID File Upload`; flow:established,to server; content:`POST`; http method ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Nemty Ransomware Payment Page`; flow:established,to client; content:`200`; http stat code; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Nemty Ransomware CnC Checkin`; flow:established,to server; content:`GET`; http method; content:`.php ...
alert dns $HOME NET any any any (msg:`ET TROJAN Group 21 CnC Domain Observed in DNS Query`; dns query; content:`quwa paf.servehttp.com`; nocase; isdataat:1,relative ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CrownAdPro CnC Activity M5`; flow:established,to server; urilen: Added 2020 01 16 19:12:06 UTC
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CrownAdPro CnC Activity M4`; flow:established,to server; urilen:10; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CrownAdPro CnC Activity M3`; flow:established,to server; urilen:13; content:`GET`; http method; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN CrownAdPro CnC Activity M2`; flow:established,to server; urilen:11; content:`GET`; http method; content ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Win32/MillionLoader CnC Activity (Inbound)`; flow:established,from server; content:`ggin 00 00 00 00 00 ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/MillionLoader CnC Activity (Outbound)`; flow:established,to server; content:`ggin 0b 00 00 00 ` ...
alert tcp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/MillionLoader CnC Init Activity`; flow:established,to server; dsize:16; content:`ggin 00 00 00 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN SMS Bomber Activity`; flow:to server,established; content:`POST`; http method; content:` v `; http client ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Certificate Base64 Encoded Executable Inbound`; flow:established,to client; file data; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Generic Miarroba Phishing Landing`; flow:established,to client; content:`200`; http stat code ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Certificate Containing Possible Base64 Encoded Powershell Inbound`; flow:established,to client ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET TROJAN Observed Certificate Containing Double Base64 Encoded Executable Inbound`; flow:established,to client ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats