100 Recent Changes in Main Web retrieved at 11:58 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Malicious JS.Nemucod to PS Dropping PE Nov 14 M2`; flow:to server,established; content:`GET` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Pony DLL Download`; flow:established,to server; content:`/pm`; http uri; pcre:`/^\d ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible ReactorBot .bin Download`; flow:established,to server; content:`GET`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from WinHttpRequest non exe extension`; flow:established,to client; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from MSXMLHTTP non exe extension M2`; flow:established,to client; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2`; flow:established,to client; file ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1`; flow:established,to client; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET CURRENT EVENTS Possible Magento Directory Traversal Attempt`; flow:established,to server; content:`GET` ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible IE MSMXL Detection of Local SYS (Likely Malicious)`; flow:established,from server; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible IE MSMXL Detection of Local DLL (Likely Malicious)`; flow:established,from server; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Malicious wininet UA Downloading EXE`; flow:established,from server; flowbits:isset,ET ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Download file with BITS via LNK file (Likely Malicious)`; flow:established,from server; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Trojan Multi part Macro Download M1`; flow:established,from server; file data; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious Doc Downloading EXE`; flow:established,from server; flowbits:isset,ET.MalDocEXEPrimer ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS rechnung zip file download`; flow:established,to server; content:`GET`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS FlashPack Payload Download Oct 29`; flow:established,to server; content:`/lofla1.php`; http ...
alert tcp $EXTERNAL NET 445,139 $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download (SMB UNICODE)`; flow:to client,established; content:`S 00 ...
alert tcp $EXTERNAL NET 445,139 $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download (SMB)`; flow:to client,established; content:`Software 5c ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download (UNICODE)`; flow:to client,established; file data; content:`S ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download`; flow:to client,established; file data; content:`Software 5c ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible CryptoLocker TorComponent DL`; flow:from server,established; flowbits:isset,FakeIEMinimal ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS ZeroLocker EXE Download`; flow:established,from server; flowbits:isset,ET.http.binary; file ...
#alert tcp $EXTERNAL NET 443,$HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS TorExplorer Certificate Potentially Linked To W32/Cryptowall.Ransomware`; flow ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Common Bad Actor Indicators Used in Various Targeted 0 day Attacks`; flow:from server,established ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible FakeAV binary download (setup)`; content:`GET`; http method; content:`index.php?key ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TecSystems (Possible Mask) Signed PE EXE Download`; flow:established,to client; flowbits:isset ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible malicious zipped executable`; flow:established,from server; file data; content:`PK ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS ehow/livestrong Malicious Flash 10/11`; flow:established,to server; urilen:13; content:`.swf ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Metasploit 2013 3346`; flow:established,from server; file data; content:`5 0 R 0a endobj 0a 5 0 obj ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Fake Codec Download`; flow:established,to server; content:`/Setup.exe?tid `; http uri ...
#alert tcp $HTTP SERVERS any $EXTERNAL NET 21 (msg:`ET CURRENT EVENTS Fredcot campaign payload download`; flow:to server,established; content:`PASS fredcot123 0d ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Malicious Cookie Set By Flash Malvertising`; flow:established,to server; content:` 0d 0a Cookie ...
#alert http $HOME NET any $EXTERNAL NET 80 (msg:`ET CURRENT EVENTS Possible Sakura Jar Download Oct 22 2013`; flow:to server,established; content:!`.jar`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible FortDisco POP3 Site list download`; flow:established,to server; content:`GET`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS MALVERTISING Flash URI /loading?vkn `; flow:established,to server; content:`/loading?vkn ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Tor2Web .onion Proxy Service SSL Cert (2)`; flow:established,from server; tls cert subject; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious iframe`; flow:established,from server; file data; content:`).) ? \r\n\s name \r\n ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious iframe`; flow:established,from server; file data; content:`).) ? \r\n\s name \r\n ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS .HTM being served from WP 1 flash gallery Upload DIR (likely malicious)`; flow:established,to ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Incognito Malicious PDF Requested /getfile.php`; flow:established,to server; content:`/getfile ...
#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Unknown Java Malicious Jar /eeltff.jar`; flow:to server,established; content:`/eeltff ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Unknown java ara Bin Download`; flow:established,to server; content:`java ara name `; http uri ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS MALVERTISING Alureon Malicious IFRAME`; flow:established,to client; file data; content:`name ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS MALVERTISING OpenX BrowserDetect.init Download`; flow:established,to client; content:`OAID ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious JAR olig`; flow:established,from server; content:` 00 00 META INF/PK 0a `; fast pattern ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Excel with Embedded .emf object downloaded`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CVE 2014 6332 Sep 01 2016 (HFS Actor) M2`; flow:established,from server; content:`Server 3a 20 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CVE 2014 6332 Sep 01 2016 (HFS Actor) M1`; flow:established,from server; file data; content: ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Facebook password stealing inject Jan 04`; flow:from server,established; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible vBulletin object injection vulnerability Attempt`; flow:established,to server; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Evil JavaScript Injection Sep 29 2015`; flow:established,to client; file data; content:` 76 61 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY EXE Embeded in Page Likely Evil M2`; flow:established,from server; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY EXE Embeded in Page Likely Evil M1`; flow:established,from server; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY GENERIC ShellExecute in URLENCODE`; flow:to client,established; file data; content:` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY GENERIC ShellExecute in Hex No Seps`; flow:to client,established; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY GENERIC CollectGarbage in Hex String No Seps`; flow:to client,established; file data ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible CVE 2014 6332 DECS2`; flow:established,from server; file data; content:`102,117,110 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible CVE 2014 6332 Arrays with Offset Dec 23`; flow:established,from server; file data; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS HanJuan Landing Dec 10 2014`; flow:established,from server; file data; content:` 27 .replace ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FlashPack Secondary Landing Oct 29`; flow:established,from server; file data; content:`Windows ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Generic URLENCODED CollectGarbage`; flow:established,from server; file data; content ...
#alert ftp $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN TSPY POCARDL.U Possible FTP Login`; flow:established,to server; content:`USER user drupalzf`; reference ...
alert udp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS DTLS 1.2 Fragmented Client Hello Possible CVE 2014 0195`; content:` 16 fe fd 00 00 ...
alert udp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS DTLS 1.0 Fragmented Client Hello Possible CVE 2014 0195`; content:` 16 fe ff 00 00 ...
alert udp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS SUSPICIOUS DTLS Pre 1.0 Fragmented Client Hello Possible CVE 2014 0195`; content:` 16 01 00 00 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Rawin Flash Landing URI Struct March 05 2014`; flow:established,to server; content:`.php?b ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Obfuscation Technique Used in CVE 2014 0322 Attacks`; flow:established,from server; file data ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS EXE Accessing Kaspersky System Driver (Possible Mask)`; flow:established,to client; flowbits ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS StyX Landing Jan 29 2014`; flow:from server,established; file data; content:` ^\s )\s ? \s ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Browlock Landing Page URI Struct`; flow:to server,established; content:`/?flow id`; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS FaceBook IM Web Driven Facebook Trojan Download`; flow:established,to server; content:`/dlimage4 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS W32/Caphaw DriveBy Campaign Ping.html`; flow:established,to server; content:`/ping.html?id ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS W32/Caphaw DriveBy Campaign Statistic.js`; flow:established,to server; content:`/statistic.js ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible FortDisco Wordpress Brute force Site list download 10 wp login.php`; flow:established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Fake Trojan Dropper purporting to be missing application page landing`; flow:established,from ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FlimKit Landing 07/22/13 4`; flow:established,to client; flowbits:isnotset,FlimKit.Landing; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FlimKit Landing 07/22/13 3`; flow:established,to client; flowbits:isnotset,FlimKit.Landing; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FlimKit Landing 07/22/13 2`; flow:established,to client; flowbits:isnotset,FlimKit.Landing; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FlimKit Landing 07/22/13`; flow:established,to client; flowbits:isnotset,FlimKit.Landing; flowbits ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Injection var j 0`; flow:established,to client; file data; content:`00 3a 00 3a 00 3b path ...
#alert http $EXTERNAL NET 80 $HOME NET any (msg:`ET CURRENT EVENTS Nuclear landing with obfuscated plugindetect Apr 29 2013`; flow:established,from server; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Metasploit CVE 2013 0422 Jar`; flow:established,from server; flowbits:isset,ET.http.javaclient ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Escaped Unicode Char in Location CVE 2012 4792 EIP % Hex Encode`; flow:established,from server ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Escaped Unicode Char in Window Location CVE 2012 4792 EIP`; flow:established,from server; file ...
#alert http $HTTP SERVERS any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Drupal Mass Injection Campaign Outbound`; flow:established,from server; file data; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Drupal Mass Injection Campaign Inbound`; flow:established,from server; file data; content:`if ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS SofosFO/NeoSploit possible second stage landing page`; flow:established,to server; urilen: 25 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FlimKit/Other Landing Page 100HexChar value and applet`; flow:established,to client; file ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS NeoSploit Version Enumerated null`; flow:established,to server; urilen:85; content:`/null ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS NeoSploit Version Enumerated Java`; flow:established,to server; urilen: 85; content:`/1 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Unknown s 1 Landing Page 100HexChar value and applet`; flow:established,to client; file ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Unknown s 1 Landing Page 10HexChar Title and applet`; flow:established,to client; file data ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Runforestrun Malware Campaign Infected Website Landing Page Obfuscated String JavaScript DGA ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Base64 Landing Page Received base64encode(GetOs()`; flow:established,to client; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FoxxySoftware Landing Page Received applet and 0px`; flow:established,to client; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS FoxxySoftware Landing Page Received foxxysoftware`; flow:established,to client; content ...
#alert http $HOME NET any $HOME NET any (msg:`ET CURRENT EVENTS Nikjju Mass Injection Internal WebServer Compromised`; flow:established,from server; file data; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Nikjju Mass Injection Compromised Site Served To Local Client`; flow:established,from server ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS landing page with malicious Java applet`; flow:established,from server; file data; content: ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Modified Metasploit Jar`; flow:from server,established; flowbits:isset,ET.http.javaclient.vulnerable ...
Number of topics: 100

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Topic revision: r4 - 2006-11-15 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats