EmergingThreats> Main Web>WebChanges (revision 3)EditAttach

50 Recent Changes in Main Web retrieved at 11:52 (GMT)

alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Malicious JS.Nemucod to PS Dropping PE Nov 14 M2`; flow:to server,established; content:`GET` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Pony DLL Download`; flow:established,to server; content:`/pm`; http uri; pcre:`/^\d ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible ReactorBot .bin Download`; flow:established,to server; content:`GET`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from WinHttpRequest non exe extension`; flow:established,to client; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from MSXMLHTTP non exe extension M2`; flow:established,to client; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M2`; flow:established,to client; file ...
alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Evil EXE download from dotted Quad by MSXMLHTTP M1`; flow:established,to client; content ...
alert http $EXTERNAL NET any $HTTP SERVERS any (msg:`ET CURRENT EVENTS Possible Magento Directory Traversal Attempt`; flow:established,to server; content:`GET` ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible IE MSMXL Detection of Local SYS (Likely Malicious)`; flow:established,from server; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible IE MSMXL Detection of Local DLL (Likely Malicious)`; flow:established,from server; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Malicious wininet UA Downloading EXE`; flow:established,from server; flowbits:isset,ET ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Download file with BITS via LNK file (Likely Malicious)`; flow:established,from server; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Trojan Multi part Macro Download M1`; flow:established,from server; file data; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious Doc Downloading EXE`; flow:established,from server; flowbits:isset,ET.MalDocEXEPrimer ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS rechnung zip file download`; flow:established,to server; content:`GET`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS FlashPack Payload Download Oct 29`; flow:established,to server; content:`/lofla1.php`; http ...
alert tcp $EXTERNAL NET 445,139 $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download (SMB UNICODE)`; flow:to client,established; content:`S 00 ...
alert tcp $EXTERNAL NET 445,139 $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download (SMB)`; flow:to client,established; content:`Software 5c ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download (UNICODE)`; flow:to client,established; file data; content:`S ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible SandWorm INF Download`; flow:to client,established; file data; content:`Software 5c ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible CryptoLocker TorComponent DL`; flow:from server,established; flowbits:isset,FakeIEMinimal ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS ZeroLocker EXE Download`; flow:established,from server; flowbits:isset,ET.http.binary; file ...
#alert tcp $EXTERNAL NET 443,$HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS TorExplorer Certificate Potentially Linked To W32/Cryptowall.Ransomware`; flow ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Common Bad Actor Indicators Used in Various Targeted 0 day Attacks`; flow:from server,established ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible FakeAV binary download (setup)`; content:`GET`; http method; content:`index.php?key ...
#alert tcp $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS TecSystems (Possible Mask) Signed PE EXE Download`; flow:established,to client; flowbits:isset ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible malicious zipped executable`; flow:established,from server; file data; content:`PK ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS ehow/livestrong Malicious Flash 10/11`; flow:established,to server; urilen:13; content:`.swf ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET EXPLOIT Metasploit 2013 3346`; flow:established,from server; file data; content:`5 0 R 0a endobj 0a 5 0 obj ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Fake Codec Download`; flow:established,to server; content:`/Setup.exe?tid `; http uri ...
#alert tcp $HTTP SERVERS any $EXTERNAL NET 21 (msg:`ET CURRENT EVENTS Fredcot campaign payload download`; flow:to server,established; content:`PASS fredcot123 0d ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Malicious Cookie Set By Flash Malvertising`; flow:established,to server; content:` 0d 0a Cookie ...
#alert http $HOME NET any $EXTERNAL NET 80 (msg:`ET CURRENT EVENTS Possible Sakura Jar Download Oct 22 2013`; flow:to server,established; content:!`.jar`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible FortDisco POP3 Site list download`; flow:established,to server; content:`GET`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS MALVERTISING Flash URI /loading?vkn `; flow:established,to server; content:`/loading?vkn ...
alert tls $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Tor2Web .onion Proxy Service SSL Cert (2)`; flow:established,from server; tls cert subject; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious iframe`; flow:established,from server; file data; content:`).) ? \r\n\s name \r\n ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious iframe`; flow:established,from server; file data; content:`).) ? \r\n\s name \r\n ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS .HTM being served from WP 1 flash gallery Upload DIR (likely malicious)`; flow:established,to ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Incognito Malicious PDF Requested /getfile.php`; flow:established,to server; content:`/getfile ...
#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Unknown Java Malicious Jar /eeltff.jar`; flow:to server,established; content:`/eeltff ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Unknown java ara Bin Download`; flow:established,to server; content:`java ara name `; http uri ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS MALVERTISING Alureon Malicious IFRAME`; flow:established,to client; file data; content:`name ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS MALVERTISING OpenX BrowserDetect.init Download`; flow:established,to client; content:`OAID ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Malicious JAR olig`; flow:established,from server; content:` 00 00 META INF/PK 0a `; fast pattern ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Excel with Embedded .emf object downloaded`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CVE 2014 6332 Sep 01 2016 (HFS Actor) M2`; flow:established,from server; content:`Server 3a 20 ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS CVE 2014 6332 Sep 01 2016 (HFS Actor) M1`; flow:established,from server; file data; content: ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Facebook password stealing inject Jan 04`; flow:from server,established; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible vBulletin object injection vulnerability Attempt`; flow:established,to server; content ...
Number of topics: 50

Show recent changes with 50, 100, 200, 500, 1000 topics, all changes

Related topics: RSS feed, rounded corners RSS feed, ATOM feed, WebNotify, site changes, site map

Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r3 - 2005-03-27 - TWikiContributor
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats