Web Search

RSS feed, rounded corners Get notified on changes on this search

Searched: exploit-kit

Results from Main web retrieved at 05:14 (GMT)

#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible Neosploit Toolkit download`; flow:established,to server; content:`GET`; nocase ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED Possible g01pack Exploit Pack Malicious JAR File Request`; flow:established,to server; content:`.jar ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Phoenix Exploit Kit Newplayer.pdf`; flow:established,to server; content:`/newplayer.pdf`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Phoenix Exploit Kit Printf.pdf`; flow:established,to server; content:`/printf.pdf`; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Phoenix Exploit Kit Geticon.pdf`; flow:established,to server; content:`/geticon.pdf`; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Phoenix Exploit Kit All.pdf`; flow:established,to server; content:`/tmp/all.pdf`; http uri; ...
#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Likely EgyPack Exploit kit landing page (EGYPACK CRYPT)`; flow:established,from server ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN EgyPack Exploit Kit Post Infection Request`; flow:established,to server; content:`Egypack`; nocase; ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Incognito Exploit Kit Java request to showthread.php?t `; flow:established,to server; content ...
#alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET DELETED Blackhole Exploit Kit Java Rhino Script Engine Remote Code Execution Attempt`; flow:established ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY EgyPack Exploit Kit Cookie Set`; flow:established,from server; content:`Cookie 3a visited ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS DRIVEBY EgyPack Exploit Kit Cookie Present`; flow:established,to server; content:`visited TRUE ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Blackhole Exploit Kit JavaScript dotted quad hostile applet`; flow:established,from server; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED Blackhole Exploit Kit JAR from //Home/`; flow:established,to server; content:`GET //Home/`; depth:11 ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Likely Blackhole PDF served from iframe`; flow:established,from server; content:`.pdf 27 / `; fast ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED RedKit Repeated Exploit Request Pattern`; flow:established,to server; content:`.php?t `; nocase; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Sakura Exploit Kit Version 1.1 Archive Request`; flow:established,to server; content:`/getfile ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Sakura Exploit Kit Version 1.1 document.write Fake 404 Landing Page`; flow:established ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Sakura Exploit Kit Version 1.1 Applet Value lxxt`; flow:established,to client; file data; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Trojan Cridex checkin`; flow:established,to server; content:`POST`; http method; content:`/mx5/B/in ...
alert tcp $EXTERNAL NET $HTTP PORTS $HOME NET any (msg:`ET CURRENT EVENTS Sakura Exploit Kit Version 1.1 Applet Value lxxt`; flow:established,to client; file data ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED Possible Blackhole/Cool Landing URI Struct`; flow:to server,established; content:`.php`; http uri; ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED BlackHole 2 PDF Exploit`; flow:established,from server; file data; content:`/Index 5 1 7 1 9 4 23 4 ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED Blackhole2 Non Vulnerable Client Fed Fake Flash Executable`; flow: established,to server; content: ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN W32/Karagany.Downloader CnC Beacon`; flow:established,to server; urilen:6; content:`.htm`; http uri ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Styx Exploit Kit Jerk.cgi TDS`; flow:established,to server; content:`/jerk.cgi?`; fast pattern ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Styx Exploit Kit Landing Applet With Getmyfile.exe Payload`; flow:established,to client; file ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Styx Exploit Kit Landing Applet With Payload`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Neutrino Exploit Kit Redirector To Landing Page`; flow:established,to server; content:`/?wps ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Neutrino Exploit Kit Clicker.php TDS`; flow:established,to server; content:`/clicker.php`; http ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS /Styx EK /jlnp.html`; flow:established,to server; content:!` `; http uri; content:`/jlnp.html ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS /Styx EK /jovf.html`; flow:established,to server; content:!` `; http uri; content:`/jovf.html ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS /Styx EK /jorg.html`; flow:established,to server; content:!` `; http uri; content:`/jorg.html ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Styx Exploit Kit Landing Applet With Payload Aug 02 2013`; flow:established,to client; file ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS GondadEK Landing Sept 03 2013`; flow:established,from server; file data; content:`expires 22 ...
#alert http $HOME NET any $EXTERNAL NET $HTTP PORTS (msg:`ET CURRENT EVENTS Possible Cutwail Redirect to Magnitude EK`; flow:established,to server; urilen:15; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Hello/LightsOut EK Secondary Landing`; flow:established,to server; content:`.php?a `; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS LightsOut EK Exploit/Payload Request`; flow:to server,established; content:`.php?a `; http uri ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS BleedingLife Exploit Kit Landing Page Requested`; flow:established,to server; content:`/load ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS BleedingLife Exploit Kit SWF Exploit Request`; flow:established,to server; content:`/modules ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS BleedingLife Exploit Kit JAR Exploit Request`; flow:established,to server; content:`/modules ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Nuclear EK Redirect Sept 18 2014`; flow:established,to server; content:`.php?ds `; http uri ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Sednit EK Landing`; flow:established,from server; file data; content:`DetectFlashForMSIE ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Sednit EK IE Exploit CVE 2014 1776 M1`; flow:established,from server; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Sednit EK IE Exploit CVE 2014 1776 M2`; flow:established,from server; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Sednit EK IE Exploit CVE 2014 1776 M3`; flow:established,from server; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Sednit EK IE Exploit CVE 2013 1347 M1`; flow:established,from server; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Sednit EK IE Exploit CVE 2013 1347 M2`; flow:established,from server; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Generic CollectGarbage in JJEncode (Observed in Sednit)`; flow:established,from server ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Sednit EK IE Exploit CVE 2013 3897 M1`; flow:established,from server; file data; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED W32/Symmi.23950 Dropper CnC Beacon 1`; flow:established,to server; content:`POST`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED W32/Symmi.23950 Dropper CnC Beacon 2`; flow:established,to server; content:`/search/?`; http uri; depth ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED W32/Symmi.23950 Dropper CnC Beacon 3`; flow:established,to server; content:`GET`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED W32/Symmi.23950 Dropper CnC Beacon 4`; flow:established,to server; content:`GET`; http method; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET DELETED W32/Symmi.23950 Dropper CnC Beacon 5`; flow:established,to server; content:`GET`; http method; content ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET DELETED Likely Blackhole eval haha`; flow:established,from server; content:`eval(haha`; fast pattern:only; ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS WindowBase64.atob Function In Edwards Packed JavaScript Possible iFrame Injection Detected ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Router DNS Changer Apr 07 2015`; flow:established,from server; file data; content:` ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS DRIVEBY Router DNS Changer Apr 07 2015 M2`; flow:established,from server; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Blue Bot DDoS Proxy Request`; flow:to server,established; content:`GET`; http method; content:`/proxy ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Blue Bot DDoS Blog Request`; flow:to server,established; content:`GET`; http method; content:`/blog` ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Blue Bot DDoS Target Request`; flow:to server,established; content:`GET`; http method; content:`/target ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Blue Bot DDoS Logger Request`; flow:to server,established; content:`GET`; http method; content:`/botlogger ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Chinad Retrieving Config`; flow:to server,established; content:`GET`; http method; urilen:22; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Chinad Checkin`; flow:to server,established; content:`GET`; http method; content:`/api/?a `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN MSIL.Kraken.v2 HTTP Pattern`; flow:established,to server; content:`Kraken web request agent/`; http user ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Eris Ransomware CnC Checkin`; flow:established,to server; content:`POST`; http method; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Capesand EK Landing`; flow:established,to client; file data; content:`NzgzNDI`; fast pattern ...
Number of topics: 68

  Advanced search | Help
TIP: to search for all topics that contain "SOAP", "WSDL", a literal "web service", but not "shampoo", write: soap wsdl "web service" -shampoo
Search where:       
(otherwise search Main Web only)

Other search options:
Topic revision: r12 - 2018-02-13 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats