Last 50 Rule Changes

Results from Main web retrieved at 22:20 (GMT)

alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Likely Malicious Windows SCT Download MSXMLHTTP AX M2`; flow:established,from server; flowbits ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Observed DNS Query to Gryphon CnC Domain / GlobeImposter Payment Domain`; content:` 01 00 00 01 00 00 00 00 00 00 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET TROJAN Win32/Datper CnC Activity`; flow:established,to server; content:`GET`; http method; content:`.php?`; ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN Spora Ransomware DNS Query Clone`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 10 ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Maldoc Downloader Aug 18 2017`; flow:established,to server; content:`/s.php?id `; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful PayPal Phish Nov 24 2014`; flow:established,to server; content:` fn `; http client ...
alert http $EXTERNAL NET 2095 $HOME NET any (msg:`ET CURRENT EVENTS Possible Successful Phish Generic Status Messages Sept 11 2015`; flow:established,to client ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Generic Phishing Landing Jul 28 2015`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Phish Other Credentials Nov 25 2013`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Paypal Phish Nov 24 2014 `; flow:established,to server; content:` fulln `; http client ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Generic Phishing Landing Jul 28 2015`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Google Drive/Dropbox Phishing Landing Jul 10 2015`; flow:to client,established; file ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Generic Phishing Landing Jul 28 2015`; flow:established,to client; file data; content ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Generic Phishing Landing Jul 28 2015`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Paypal Phish Nov 24 2014`; flow:established,to server; content:` bkid `; http client ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Yahoo Phish Jun 23 2015`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Phish Other Credentials Nov 21 2012`; flow:established,to server; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Hotmail Phish Nov 21 2012`; flow:established,to server; content:`POST`; http ...
alert tcp $HOME NET any $EXTERNAL NET 80 (msg:`ET TROJAN LURK Trojan Communication Protocol detected`; flow:established,to server; content:`LURK 30 `; depth:5; ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Yahoo Phish Nov 21 2012`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful AOL Phish Nov 25 2013`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Yahoo Phish Nov 25 2013`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful AOL Phish Nov 21 2012`; flow:established,to server; content:`POST`; http ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Possible Generic Phishing Landing Jul 12 2013`; flow:established,to client; file data; content ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Gmail Phish Nov 21 2012`; flow:established,to server; content:`POST`; http ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Interac Phish Aug 18 2017`; flow:to server,established; content:`POST`; http method ...
#alert http $EXTERNAL NET any $HOME NET any (msg:`ET CURRENT EVENTS Google Drive (Remax) Phish Landing Nov 4`; flow:established,from server; file data; content ...
#alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Google Drive (Remax) Phish Nov 4`; flow:to server,established; content:`POST`; http ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 2`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0b ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 11`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0e ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 3`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 6`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0b ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 5`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0d ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 8`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 08 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 10`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 07 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 9`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0c ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 1`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0f ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful RBC Royal Bank Phish M2 Aug 17 2017`; flow:to server,established; content:`POST`; ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 7`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 06 ...
alert udp $HOME NET any any 53 (msg:`ET TROJAN DNS Query for known ShadowPad CnC 4`; content:` 01 00 00 01 00 00 00 00 00 00 `; depth:10; offset:2; content:` 0f ...
alert http $EXTERNAL NET any $HOME NET any (msg:`ET POLICY Office Document Download Containing AutoOpen Macro`; flow:established,to client; file data; content: ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful RBC Royal Bank Phish M1 Aug 17 2017`; flow:to server,established; content:`POST`; ...
alert tcp $EXTERNAL NET,199.30.201.192/29 any $HOME NET any (msg:`ET TROJAN NetWire / Ozone / Darktrack Alien RAT Server Hello`; flow:established,to client ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic Credit Card Information Phish`; flow:established,to server; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic SSN Phish`; flow:established,to server; content:`POST`; http method ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Successful Generic PII Phish`; flow:established,to server; content:`POST`; http method; content ...
alert ftp $HOME NET 0:20,22:24,26:118,120:138,140:444,446:464,466:586,588:901,903:1432,1434:65535 any any (msg:`ET POLICY Suspicious FTP 220 Banner on Local Port ...
My Links WelcomeGuest starting points on TWiki TWikiUsersGuide complete TWiki documentation, Quick Start to Reference WebHome try out TWiki on ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Jan 17 2017`; flow:to server,established; content:`POST ...
alert http $HOME NET any $EXTERNAL NET any (msg:`ET CURRENT EVENTS Possible Successful Generic Phish (set) Dec 20 2016`; flow:to server,established; content:`POST ...
Number of topics: 50
Topic revision: r5 - 2014-01-10 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats